Join the discussions
Explore issues and answers around NetApp storage solutions.
End-to-end encryption for cyber resilience
At rest or in-flight, NetApp has a solution to encrypt all of your data, all the time, without affecting everyday operations or compromising storage efficiency.
Why end-to-end encryption?
It’s crucial to take a multi-layered approach to data security and one of the most important layers is encryption. NetApp’s end-to-end solutions at both the hardware and software layers protect your at rest data from unauthorized access and physical theft. But that’s only part of the story. Data that’s being moved across networks – particularly personal data – can be vulnerable to packet sniffing, resulting in data breaches that can be catastrophic. By encrypting your data at rest and in flight, you are covered from all angles and your data remains confidential.
Full disk encryption
NetApp Storage Encryption (NSE) is a comprehensive, cost-effective and simple to use security solution. NSE uses either FIPS 140-3 level 2 or FIPS 140-2 level 2 SEDs that perform all the data encryption operations internally and prevent data access until the drive’s encryption key is unlocked by an authorized administrator this single-source solution can increase overall compliance with industry and government regulations without compromising storage efficiency.
Software-based encryption
NVE and NAE encryption protects data from theft if the disk should fall into the wrong hands, agnostic of the physical media. Both solutions are FIPS 140-3 validated and enable the use of deduplication, compaction and compression storage efficiency features.
Securing data in flight
Any time your data is moving from one network to another, it can be vulnerable to man-in-the-middle (MITM) attacks.
Whether your data is being replicated for backup or to train your latest AI project, prevent it from being intercepted with Cluster Peering Encryption (CPE). All your data that's replicated by NetApp SnapMirror, FlexCache or SnapVault technology is encrypted using TLS 1.3 with FIPS 140-3 level 1 validation.
But another common way for malicious actors to access in-flight data is through client-to-server data access of your network drives. To secure these types of data, NetApp and ONTAP support encryption and authentication types for all your workloads.
- SMB workloads - SMB3 encryption
- NFS workloads – IPsec, Kerberos (krb5p) and NFS over TLS
- Block/SAN over IP – IPsec and Block over NVMe TCP - TLS
Granular data management
Choose what data is encrypted, according to your data governance and compliance requirements.
Controlled access
Prevent access to data until authorized by an NSE administrator.
Storage efficiencies
Save space and money with deduplication and compression to improve storage efficiency.
Seamless support
NSE is designed to work with NetApp® SnapMirror® and SnapVault® software.
Simplify management
NSE Supports BakBone Integrated Data Protection (IDP) strategy to reduce the complexity of multi-platform environments.
Enable the protection of data at rest
Learn how you can encrypt your data without operational impact.
Related solutions and products
From compliance to additional protection, explore these related solutions and products.
Explore our blogs
Get the inside scoop on a variety of tech-related topics.
Find upcoming events
Browse events--live, online, and on demand--on the NetApp calendar.
