Awareness of security vulnerabilities is increasing because of well-publicized breaches such as those that came to light in the Edward Snowden affair. Because of this, governmental agencies and commercial enterprises are both placing a greater emphasis on data security, and IT organizations are being forced to look much more closely at how they are protecting their critical assets—whether it's the IP of the company or the private information they hold on their customers and partners.
We recently had an opportunity to talk with Tim Russell, vice president of product security at NetApp, about the company’s approach to data security and the role partnerships play in its Data Fabric vision.
Data security is a broad area, so where does NetApp fit?
Although NetApp is not a pure-play security company, our solutions are a critical part of the capabilities that our customers need to implement to protect their most valuable asset—their data. We start by building robust security into all of our products, including encryption, key management, authentication, and secure protocols, so that data can be protected from unauthorized access.
However, the scope of the security challenge requires a wide range of solutions. Partnerships are critical because no single product or solution can solve all of today’s regulatory and data security requirements.
How does NetApp choose its security partners?
NetApp evaluates partners that can provide complementary data security capabilities for our customers. We then look at how those products integrate with our own core data management capabilities. Does the partner’s solution solve a critical customer problem? Does the combination of that vendor’s products with our Data Fabric vision deliver something of higher value to our customers than each solution on its own? If the answer to both questions is yes, we will consider developing a new partnership.
For example, NetApp has developed strong partnerships with leading antivirus solution vendors, such as McAfee, Trend Micro, and Symantec. We also partner with key management vendors, including Gemalto and IBM, to help IT teams tightly control the “keys to the data kingdom”. Gemalto has an enterprise key management solution that helps customer consolidate and centrally manage encryption keys for multiple, disparate encryption platforms—including NetApp Storage Encryption and other vendor KMIP-compliant encryption solutions. In addition, NetApp works with security and audit solution providers, as well as the leading reporting and compliance solution vendors. We provide a rich set of APIs and developer support to enable all of these partners to provide a seamless integration into our core Data Fabric platform.
Why is the NetApp Data Fabric a good platform for data security?
Managing data across multiple clouds, including on-premises infrastructure and public clouds, creates security challenges, and NetApp is uniquely positioned to provide solutions for these hybrid environments. The NetApp Data Fabric provides IT teams with the ability to create consistent policies for managing data across multiple data locations, from high performance, on-premises flash storage to pay-as-you-go cloud services. With the ability to transport, manage and secure data across multiple clouds the, NetApp Data Fabric provides the ability to create consistent protection mechanisms, no matter where it resides. For example, our cloud-integrated AltaVault appliance enables enterprises to efficiently send encrypted backup data to low cost cloud destinations such as Amazon S3 or Glacier.
How is the public cloud impacting data security?
An interesting dynamic is playing out. One of the biggest barriers to cloud adoption to date has been the concern for data security. Yet, an ever-increasing number of enterprises are moving their data to public clouds, driven by mandates to drive down costs, improve agility, and deliver better services to internal and external stakeholders.
I expect we will soon see a trend where security actually becomes a catalyst for cloud adoption. Enterprises and government agencies alike are challenged to maintain their on-premises infrastructure. They understand the need to continually build out a robust security infrastructure for protection against the growing number and sophistication of threats coming at their organizations. Those organizations that “go it alone” are forced to procure and manage a wide range of different security solutions, with complex and time-consuming patching and protecting mechanisms.
Many of these entities are now reaching the same conclusion—that the scale and resources of a reputable service provider in a cloud environment can adequately and efficiently protect their critical digital assets and deliver the agility required to grow their business.
What types of solutions are you pursuing to meet emerging data security challenges?
The entire world of data analytics is now getting into security, including Splunk, the leading platform for operational intelligence. Our partnership with Splunk in the big data analytics segment is already being leveraged by customers for analyzing machine generated data, including system log files to identify security violations, anomalies, and more. We will continue to expand the number and variety of security partners over time as we identify new solutions that can add more capabilities to our security portfolio.
As one of the industry’s leading data management companies, NetApp helps the world’s largest enterprises and government agencies protect their data. Our community of security partners, combined with our Data Fabric vision, are helping NetApp customers to maintain control and increase the number of choices in how they manage, secure, protect, and move their data—whether on-premises or in the cloud.
To learn more, download the free Enterprise Strategy Group (ESG) Security Whitepaper: NetApp Data Fabric and the Essential Data Security Controls for Hybrid Clouds.