Tech ONTAP Blogs

Cloud Insights Storage Workload Security: More than "just" ransomware protection


Ransomware protection has become a must-have feature for storage platforms, and for good reason – the number of threats in the wild rises year after year and prolific ransomware groups such as LockBit have proven to be resilient in the face of increasing pressure from law enforcement.


With ONTAP's autonomous ransomware protection (ARP) integrated with Cloud Insights Storage Workload Security, NetApp ONTAP customers have best in class protection from not just ransomware, but also a variety of other insider threats. This includes mass data deletion, and crucially detecting potential data exfiltration, which is becoming a growing tactic to extort money from organizations, without the extra steps and complexity of encrypting the data.


As effective and robust as these features are, they provide a set of capabilities that organizations hope they will never need to use. But what sometimes may go overlooked is how features in Storage Workload Security can help storage teams on a day-to-day basis, ransomware or not.



It’s no secret that Cloud Insights helps storage teams troubleshoot. A combination of advanced logs and metrics, attribution across your entire topology and correlation of utilization and contention for shared resources allows teams to pinpoint issues to one particular infrastructure asset. But what about when the root cause of an issue is not the infrastructure itself, but a particular user? Many storage teams have found the access reports provided by Storage Workload Security to be a vital source of information for identifying the drivers of performance consumption on file storage.


For example, In troubleshooting an application performance issue raised by the product management group, this storage team can verify that its not a rogue user that is degrading performance with thousands of access activities:



Workload Placement

You can’t perform migration and right-sizing activities without first understanding the performance requirements of the workload. Cloud Insights performance dashboards give storage teams this understanding. But, with file storage, it’s important not to leave out one important dimension, and that is frequency and nature of access. Storage workload security gives teams this visibility to aid in decision making for workload placement and cloud migration. And when performing migration and right-sizing activities, it also helps teams inform users of potential outages or changes to performance by providing a simple list of the most frequent users of the data by location


Access Audit

NetApp Cloud Data Sense helps data security teams with assessing the content and type of data in file storage locations and ensuring that the correct permissions are applied. Storage Workload Security supports this use case be providing storage teams a way to easily spot-check access of that data. Periodic access audits of sensitive locations can build a picture of who is most frequently accessing files and locations, letting teams validate that this is appropriate. When the business determines that access should be restricted or reduced for particular locations, users can also use Cloud Insights to identify any users or groups that have been regularly accessing the data to perform a final step of validation and assurance that the change is appropriate.


For many teams this task is less about outright policing of data access, and rather to ensure that applying new access control does not disrupt operations. Cloud Insights also benefits from requiring no knowledge of file contents and instead monitors access metadata, which allows some organizations to deploy the tool to a greater number of users compared to one that audits file contents, due to internal security or privacy policies.



Providing information in the form of reports for other areas of the business can occupy a surprising proportion of a storage engineer’s weekly tasks. Cloud Insights helps teams with consistent visibility across the entire environment and a standardized data model across differing platform types. This means that only once source of information needs to be consulted for providing capacity trends to procurement teams or optimization metrics for FinOps and ESG teams. Many storage teams also provide self-service information for these teams with specific dashboards designed to answer all of their regular questions, allowing them to devote more time to completing the more interesting project work they would rather be doing. With Storage Workload Security, storage teams can also provide detailed file activity reports to InfoSec teams, either as an overall across the storage, or focussed on specific files, locations or users.


For example, this InfoSec team may want to validate that this user has a good reason to have taken such an interest in employee records.




Storage Workload Security Updates

Of course, protecting from insider threats is still the main event! To that end our data science team has been busy improving and refining our detection algorithm to incorporate the concept of seasonality.


Ransomware attacks are often timed and targeted according to an organization's operational calendar to maximise effectiveness and minimise chances of early detection.


User behavior often exhibits patterns: working days, weekends or specific days a user may designate to specific activities.  Cloud Insights workload security can adjust its alerting and blocking behavior based on learning these expected times. For example, this means no false-positives when there’s an expected spike in activity as a user logs in on a normal work day, but the algorithm knows to raise an alert if the same happens at a weekend.


And one of the biggest benefits for Cloud Insights users is that there’s nothing to change, reconfigure or update to take advantage of this improvement – its already been incorporated into the service and Storage Workload Security has been busy learning and understanding the seasonality of user access since the featured launched!


Find Out More

If you’re an ONTAP user that’s not already using Cloud Insights, it’s easy to try it out in your own environment. Because its SaaS, setup is straightforward and quick to complete. Whether you’re using ONTAP on-premises, running your own in the cloud with Cloud Volumes ONTAP or through a cloud service provider such as AWS FSx for ONTAP, Cloud Insights has you covered with a free trial to check out these features and more for 60 days.


Find out more about storage workload security here, or ask your cloud insights specialist about how to get started with a free trial in your own environment.