ONTAP cyber vault overview

What is a cyber vault?

A cyber vault is a specific data protection technique that involves storing critical data in an isolated environment, separate from the primary IT infrastructure.

"Air-gapped", immutable and indelible data repository that is immune to threats affecting the main network, such as malware, ransomware, or even insider threats. A cyber vault can be achieved with immutable and indelible snapshots.

Air-gapping backups that use traditional methods involve creating space and physically separating the primary and secondary media. By moving the media offsite and/or severing connectivity, bad actors have no access to the data. This protects the data but can lead to slower recovery times.

NetApp's approach to cyber vault

Key features of NetApp reference architecture for a cyber vault include:

You can use NetApp storage with ONTAP as an air-gapped cyber vault by leveraging SnapLock Compliance to WORM-protect Snapshot copies. You can perform all the basic SnapLock Compliance tasks on the Cyber vault. Once configured, Cyber vault volumes are automatically protected, eliminating the need to manually commit the Snapshot copies to WORM. More information on logical air-gapping can be found in this blog

These are the terms commonly used in cyber vault architectures.

Autonomous Ransomware Protection (ARP) - Autonomous Ransomware Protection (ARP) feature uses workload analysis in NAS (NFS and SMB) environments to proactively, and in real time, detect and warn about abnormal activity that might indicate a ransomware attack. When an attack is suspected, ARP also creates new Snapshot copies, in addition to existing protection from scheduled Snapshot copies. For more information, see the ONTAP documentation on Autonomous Ransomware Protection

Air-gap (Logical) - You can configure NetApp storage with ONTAP as a logical air-gapped cyber vault by leveraging SnapLock Compliance to WORM-protect Snapshot copies

Air-gap (Physical) - A physical air-gapped system has no network connectivity to it. Using tape backups, you can move the images to another location. The SnapLock Compliance logical air-gap is just as robust as a physical air-gapped system.

Bastion host - A dedicated computer on an isolated network, configured to withstand attacks.

Immutable Snapshot copies - Snapshot copies that are not able to be modified, without exception (including a support organization or the ability to low level format the storage system).

Indelible Snapshot copies - Snapshot copies that are not able to be deleted, without exception (including a support organization or the ability to low level format the storage system).

Tamperproof Snapshot copies - Tamperproof Snapshot copies use the SnapLock Compliance clock feature to lock Snapshot copies for a specified period. These locked snapshots can not be deleted by any user or NetApp support. You can use locked Snapshot copies to recover data if a volume is compromised by a ransomware attack, malware, hacker, rogue administrator or accidental deletion. For more information, see the ONTAP documentation on Tamperproof Snapshot copies

SnapLock - SnapLock is a high-performance compliance solution for organizations that use WORM storage to retain files in unmodified form for regulatory and governance purposes. For more information, see the ONTAP documentation on SnapLock.

SnapMirror - SnapMirror is disaster recovery replication technology, designed to efficiently replicate data. SnapMirror can create a mirror (or exact copy of the data), vault (a copy of the data with longer Snapshot copy retention), or both to a secondary system, on premises or in the cloud. These copies can be used for many different purposes such as a disaster, bursting to the cloud, or a cyber vault (when using the vault policy and locking the vault). For more information, see the ONTAP documentation on SnapMirror

SnapVault - In ONTAP 9.3 SnapVault was deprecated in favor of configuring SnapMirror using the vault or mirror-vault policy. This is term, while still used, has been depreciated as well.