NetApp: The Importance of Trust and Security

Author: Mike Scanlin, Information Assurance Program Manager, NetApp, Inc.

NetApp understands the importance of security. “Trust but verify” is the foundation for NetApp’s position as the #1 provider of data storage and management to the U.S. Federal government. Corporations and agencies in Energy, Financial, Healthcare, and Government sectors trust NetApp because of our longstanding commitment to security certifications and verified security capabilities.

In 2005, NetApp became the first storage provider to achieve Common Criteria certification for its core operating system - Data ONTAP - the storage industry’s #1 branded operating system.  The recent certifications of DOT 8.2.1 (7-Mode) and clustered Data ONTAP 8.2.1 reflect NetApp’s continued commitment to the security principles established by the internationally recognized Common Criteria standard (ISO/IEC 15408).

NetApp's support to the US Department of Defense (DoD) and Defense Information Systems Agency (DISA) led to the development of Unified Capabilities (UC) requirements for a Data Storage Controller (DSC).  In 2012, NetApp became the first storage provider to be certified and listed on the UC Approved Products List (APL).  In 2014, NetApp again led the way when clustered Data ONTAP became the only scale-up, scale-out, clustered storage operating system on the UC APL.

When customers sought third party verification that NetApp Disk Sanitization left no residual user data on Hard Disk Drive (HDD) / Solid State Drive (SSD) storage media, NetApp turned to Ontrack, the global leader in data recovery and 2015 Storage Visions award recipient for Erasure Verification Services (EVS). Ontrack leveraged its proprietary tools and expertise to validate the Disk Sanitization feature of NetApp^® Data ONTAP^® software on a FAS2240 storage controller with internal HDD / SSD storage.

Ontrack thoroughly searched and analyzed both media types looking for remnants of user data on the devices. For HDD, the process was performed via the drive’s standard interface using proprietary software to ensure that no user data was found in user-accessible sectors of the HDD media. SSD analysis required a second level of verification because the information was distributed across random blocks of the memory chip. NAND memory chips were removed and raw data was searched to ensure that no user data was present in either user-accessible sectors or hidden areas of the SSD.

Ontrack analysis concluded that NetApp’s Disk Sanitization procedure resulted in:

• No recoverable simulated user data found on any drive analyzed in the FAS2240 system
• 100% successful data sanitization and complete erasure of the data

For organizations with sensitive, confidential, or mission critical IT needs, the unauthorized disclosure of information can have severe and even catastrophic effects on operations, personnel, or other assets. Customers and partners who operate in these environments trust NetApp. The results of Ontrack analysis verify that this trust is well deserved.