More about Cloud Backup
- Ransomware Detection: Techniques and Best Practices
- 10 End-to-End Security Features in NetApp Cloud Backup
- Ransomware & Cloud Backup: Enhance Your Cyber Resilience with NetApp Cloud Backup
- Backup Evolution: Traditional vs Modern Backup
- Immutable Backups with Cloud Backup: A Key Tool in Ransomware Protection
- Cloud Backup: NetApp-Native Backup Designed for ONTAP
- Object Storage Backup: Benefits and Key Considerations
- How to Align with the 3-2-1 Backup Strategy with NetApp Cloud Backup
- Backup Trends: Keeping Up with the Latest Trends in Backup
- Search and Restore with Cloud Backup’s Indexed Catalog
- 5 NAS Backup Strategies and Their Pros and Cons
- Application-Aware Backup with Cloud Backup and SnapCenter
- 4 Types of Cloud Backup Services
and How to Choose - Cloud Archive Storage: How to Lower Archive Backup Costs with NetApp Cloud Backup
- Kubernetes Backup: Announcing Kubernetes-Aware Cloud Backup Support
- Understanding Cloud Backup Costs and 4 Ways to Cut Your Costs
- NDMP: A Brief History, Architecture, and Common Topologies
- Dark Site Support with Cloud Backup: Store Backups Offline with the Software-Only Option
- Cloud Backup Now Supports Archive Storage on AWS, Azure, and Google Cloud
- How to Shorten Your Backup Windows (and Why NDMP Doesn't Help)
- Why Backup Should Be Your First Step to the Cloud
- Find Your NetApp AltaVault Replacement in NetApp Cloud Backup
- Backup and Archive 10 times faster at 1/10th the price: Why ONTAP backed up by NetApp is the obvious choice
- Cloud Backup Case Studies: Six Success Stories of Backup in the Cloud
- The Best Backup for ONTAP Data Is with NetApp Cloud Backup
- Cloud Backup: NetApp’s Fully Managed Backup-as-a-Service for Cloud Volumes ONTAP
- Fully Managed Data Protection for Cloud Volumes ONTAP Made Easy
June 9, 2022
Topics: Data ProtectionBackup and Archive6 minute read
Backups serve as a lifeline for organizations when a data loss crisis occurs. There are a few reasons that lead to data loss, such as data corruption, human error, or malware attacks. That’s why having a backup solution that ensures point-in-time recovery is essential. To guarantee a reliable backup, it’s important to ensure that your backup data is always secure and tamper-proof.
In this blog, we’ll explore the different security capabilities offered by NetApp Cloud Backup that will help protect your mission-critical data backups.
Here’s a preview of the security capabilities we’ll cover:
- Encryption at Rest
- Encryption in Flight
- No Middleman
- Customer Managed Key Support
- Secure Connectivity
- Proxy Support
- SOC 2 Compliance
- Customer Controlled
- Secured Control Plane
- Managed Infrastructure
Features That Make Cloud Backup a Fully Secure Solution
NetApp Cloud Backup provides an efficient native backup solution that protects your on-premises or cloud ONTAP systems. Cloud Backup comes with a number of features that ensure your data backup copy remains secure throughout its lifecycle. Let's take a closer look at what they are.
1. Encryption at Rest
The backup copy stored by NetApp Cloud Backup is always encrypted at rest using AES-256 bit encryption. It integrates seamlessly with object storage encryption capabilities offered by the cloud platform, whether it’s AWS, Azure, or Google Cloud. AES-256 is one of the strongest encryption standards and uses the longest key length of 256 bits. Because of this key length, it’s practically impossible for an attacker to decrypt the data using brute force. With cloud-native encryption in AWS, Azure, and Google cloud, the keys are managed by the platform itself. Cloud Backup also provides an option for customers to manage the encryption keys, which we’ll discuss later on.
2. Encryption in Flight
In Cloud Backup, in-flight encryption of backup data that is sent to object storage uses TLS 1.2 HTTPS. This makes it more secure than its predecessors such as SSL 2.0/3.0 and TLS 1.01 and 1.2 as data transmitted across networks is more tamper-proof while using TLS 1.2. Although target object storage like AWS S3 and Azure Storage supports the earlier versions of TLS, Cloud Backup connections mandate the usage of TLS 1.2 for enhanced data security.
3. No Middleman
There is no intermediate media gateway where data is stored; the backup is done directly from ONTAP to the destination object storage, removing the risk for any middleman vulnerabilities. When backup data is staged on another device or location before getting transported to cloud object storage, the data's security is also affected by the media gateway's security. As the intermediate media gateway is eliminated in Cloud Backup, the backup data is securely transferred and stored in the cloud.
4. Customer Managed Key Support
By default, Cloud Backup’s object storage encryption-at-rest feature selects the platform-managed encryption key. However, there’s also the option to use customer-managed encryption keys for storage encryption. This feature provides additional security as the keys used for encryption are completely controlled by the customer. It uses the key management solutions offered by the cloud platforms themselves, such as AWS KMS, Azure Key Vault, or Google Cloud KMS. Access to these keys and key management services is restricted by native IAM and role-based access control mechanisms offered by the cloud platforms
5. Secure Connectivity
NetApp Cloud Backup can take backups over a private network connectivity between source and destination. For example, you can take a backup of on-prem ONTAP data to Azure blob storage over a VPN or express route connection. The data can be routed to the storage over a private endpoint that ensures all the data is transferred over private connections only. Similar constructs like VPC endpoint and private access are supported for AWS and Google Cloud, respectively. Since data traverses over private networks, there’s less of a chance for it to get intercepted by threat vectors.
6. Proxy Support
If your organization’s internet access is secured by a proxy, you can use the same one for Cloud Backup as well. Proxies act as a layer of protection preventing attackers from entering your network. Cloud Backup supports Proxy and customer certificates for both backup and restore flows as another layer of protection.
7. SOC 2 Compliance
SOC 2 is a compliance standard followed by organizations in different industries. SOC 2 audit reports address concerns such as security, availability, processing integrity, privacy controls, and confidentiality. These reports are based on an organization’s adherence to the Technical Standards Committee (TSC) of the American Institute of Certified Public Accountants’ (AICPA) Trust Services Criteria. SOC 2 Type 2 reports evaluate the effectiveness of these controls for a specific review period. Cloud Backup is SOC 2 Type 2-certified and provides out-of-the-box compliance for this standard.
8. Customer Controlled
Backup data is always stored in a cloud environment controlled by the customer. It never leaves the perimeters of this environment. NetApp doesn’t access or manage customer data, meaning Cloud Backup users can manage access authorization for complete control over their backup data. Furthermore, access can be configured and aligned with an organization's security standards.
9. Secured Control Plane
Cloud Backup is centrally managed from the SaaS-based Cloud Manager service. Cloud Manager provides multi-tenancy and allows you to manage users and resources. It also supports role-based access control with multiple roles available that limit access permissions, such as SnapCenter admin, compliance viewer, workspace admin, and more. NetApp Cloud Backup separates data and metadata, ensuring that customer data is stored separately from the Cloud Backup control plane. Without authorized client credentials, it's impossible to retrieve and rebuild data due to block-level deduplication, which hides the structure of data at rest. Security can be further strengthened by integrating with SSO solutions for ONTAP systems, which ensure holistic identity and access management across organizations.
10. Managed Infrastructure
Cloud Manager is delivered as a managed service in a SaaS model. SaaS-based managed services offer better security than on-prem backup solutions. All security aspects are managed by the service provider with best-in-class industry expertise and a regularly updated technical stack, leaving minimal room for external infiltrations to the service. There are fewer moving parts in the architecture that could introduce vulnerabilities. As the cloud environment hosting the backup data is managed by the customer, it can be secured through cloud-native security controls like RBAC and MFA. ONTAP environments spanned across different clouds are managed securely from the Cloud Manager interface, which further reduces exposure.
Conclusion
One of the most noteworthy advantages of NetApp Cloud Backup is bolstered security. With advanced encryption mechanisms, secure connectivity, storage, and a managed control plane approach, Cloud Backup provides best-in class protection for your mission critical data. However, that isn’t the only advantage that it provides. Some other benefits include independent immutable read-only backups, alignment with 3-2-1 backup strategy, indexed catalog for search and restore, and cost optimization.
Sign up for a free trial or request a Cloud Backup group demo to learn more.
