NetApp SnapLock ™ - Licensed Data Protection Feature (WORM)
With the increasing number of hacker attacks, recently in Ukraine, aimed at encrypting and destroying data, the safety and integrity of data for many companies is becoming not just a requirement, but their vital necessity.
Only 6% of companies continue to exist for more than 2 years as a result of data loss, according to a Gartner report. In this regard, the solutions of the NetApp FAS line become a lifeline not only for information, but also for organizations that are prone to attacks, since they significantly reduce the risks of data loss and destruction.
According to experts, the number of hacker attacks made in Ukraine to encrypt or destroy data in 2016 increased several times. A rare business week goes without reports about the facts of data destruction. It is worth paying attention to the profile of organizations that are most often attacked: financial and government structures, as well as IT companies. Taking into account the Ukrainian realities, the public sector looks the most vulnerable.
The NetApp SnapLock ™ licensed feature available in NetApp FAS datastores has simple data protection logic and effectively addresses information security issues. The idea behind the SnapLock solution is intuitive and therefore easy to implement. Each volume is assigned a specific retention period during which data cannot be changed and deleted (the WORM state is one-time write, multiple-read). This technology helps to comply with regulatory requirements for archival data of various types. It can only be used on disk pools (aggregates) on which SnapLock protection is enabled. The technology requires a license and a dedicated unit with regular disks connected to NetApp FAS storage systems, in turn, the presence of a dedicated unit indicates the need to have at least one dedicated RAID group for a unit protected by SnapLock technology. Existing customers who have NetApp FAS storage can simply purchase a SnapLock license. Let me remind you, the minimum number of disks for RAID groups in NetApp FAS storage systems:
For archiving, simply place the data in the NAS storage using SnapLock volume and specify the expiry date at the end of the transaction via the SnapLock interface. This procedure — associating the retention date with a volume — sets the required WORM characteristic for it, which does not allow deleting, formatting, overwriting data, or even initializing the entire system with administrator authority until the storage life of the SnapLock Compliance volume is out. Data protection for the entire retention period is provided by the ONTAP operating system installed in FAS repositories.
')
Thus, regardless of the intensity of the attack or its duration, the data remain invulnerable. Learn more about the device, configuration, and operation of SnapLock in TR-4526 .
When you create a SnapLock pool (aggregate), you must select one of the two modes of its operation, SnapLock Compliance (SLC) or SnapLock Enterprise (SLE). Once created, they cannot be converted. The SLC aggregate mode does not even allow the administrator to delete it, while the SLE mode does not allow only ordinary users to delete files from the files, but does allow the administrator to delete the storage system.
Application SnapLock protects against hacker and virus encryption, accidental deletion of data, guarantees their immutability and complies with many established corporate and international regulatory standards to protect information, an example of application can be:
NetApp FAS storage systems also allow you to integrate CIFS (SMB) network folders with the following anti-virus systems to scan files before writing to the storage system:
Read more about the integration setup process in one of the following articles. Also note the document describing how to increase security for ONTAP (Security Hardening Guide for NetApp ONTAP 9) .
The SnapLock technology in NetApp FAS storage systems protects critical files from encryption, deletion or spoofing in a NAS environment. This can be useful both for financial structures that need to be able to read, but at the same time immutable files, for example financial reports, for a given period. SnapLock can also be useful for storing configuration files and backups of key infrastructure components in the event of hacker or viral data encryption.
Translation to English:
NetApp SnapLock - Write Once Read Many
This may contain links to Habra articles that will be published later .
I ask to send messages on errors in the text to the LAN .
Comments, additions and questions on the article on the contrary, please in the comments .
Only 6% of companies continue to exist for more than 2 years as a result of data loss, according to a Gartner report. In this regard, the solutions of the NetApp FAS line become a lifeline not only for information, but also for organizations that are prone to attacks, since they significantly reduce the risks of data loss and destruction.
According to experts, the number of hacker attacks made in Ukraine to encrypt or destroy data in 2016 increased several times. A rare business week goes without reports about the facts of data destruction. It is worth paying attention to the profile of organizations that are most often attacked: financial and government structures, as well as IT companies. Taking into account the Ukrainian realities, the public sector looks the most vulnerable.
NetApp SnapLock
The NetApp SnapLock ™ licensed feature available in NetApp FAS datastores has simple data protection logic and effectively addresses information security issues. The idea behind the SnapLock solution is intuitive and therefore easy to implement. Each volume is assigned a specific retention period during which data cannot be changed and deleted (the WORM state is one-time write, multiple-read). This technology helps to comply with regulatory requirements for archival data of various types. It can only be used on disk pools (aggregates) on which SnapLock protection is enabled. The technology requires a license and a dedicated unit with regular disks connected to NetApp FAS storage systems, in turn, the presence of a dedicated unit indicates the need to have at least one dedicated RAID group for a unit protected by SnapLock technology. Existing customers who have NetApp FAS storage can simply purchase a SnapLock license. Let me remind you, the minimum number of disks for RAID groups in NetApp FAS storage systems:
- RAID-4 - 2 drives (1 data + 1 parity)
- RAID-DP - 3 drives (1 data + 2 parity)
- RAID-TEC - 7 disks (4 data + 3 parity).
For archiving, simply place the data in the NAS storage using SnapLock volume and specify the expiry date at the end of the transaction via the SnapLock interface. This procedure — associating the retention date with a volume — sets the required WORM characteristic for it, which does not allow deleting, formatting, overwriting data, or even initializing the entire system with administrator authority until the storage life of the SnapLock Compliance volume is out. Data protection for the entire retention period is provided by the ONTAP operating system installed in FAS repositories.
')
Thus, regardless of the intensity of the attack or its duration, the data remain invulnerable. Learn more about the device, configuration, and operation of SnapLock in TR-4526 .
SnapLock: Compliance & Enterprise
When you create a SnapLock pool (aggregate), you must select one of the two modes of its operation, SnapLock Compliance (SLC) or SnapLock Enterprise (SLE). Once created, they cannot be converted. The SLC aggregate mode does not even allow the administrator to delete it, while the SLE mode does not allow only ordinary users to delete files from the files, but does allow the administrator to delete the storage system.
Other SnapLock Application Examples
Application SnapLock protects against hacker and virus encryption, accidental deletion of data, guarantees their immutability and complies with many established corporate and international regulatory standards to protect information, an example of application can be:
- Financial records
- personal information
- Voice recordings
- State norms
- Archives
- Correspondence
Regulatory support for information security
- SEC 17a-4
- CFTC Rule 1.31 (b)
- Basel III
- Check 21
- EU Data Protection Directive 95/46 / EC
- NF Z 42-013 / NF Z 42-020
- Sarbanes-oxley
- Graham-leach-bliley act
- SB 1386
- Patriot act
- HIPAA
- MiFID
Antivirus protection
NetApp FAS storage systems also allow you to integrate CIFS (SMB) network folders with the following anti-virus systems to scan files before writing to the storage system:
- Kaspersky
- Sofos
- Mcafee
- Symantec
- Computer associates
- Trend micro
Read more about the integration setup process in one of the following articles. Also note the document describing how to increase security for ONTAP (Security Hardening Guide for NetApp ONTAP 9) .
findings
The SnapLock technology in NetApp FAS storage systems protects critical files from encryption, deletion or spoofing in a NAS environment. This can be useful both for financial structures that need to be able to read, but at the same time immutable files, for example financial reports, for a given period. SnapLock can also be useful for storing configuration files and backups of key infrastructure components in the event of hacker or viral data encryption.
Translation to English:
NetApp SnapLock - Write Once Read Many
This may contain links to Habra articles that will be published later .
I ask to send messages on errors in the text to the LAN .
Comments, additions and questions on the article on the contrary, please in the comments .
Source: https://habr.com/ru/post/318226/
All Articles