Skip to main content
Data Protection

NetApp Cyber Vaulting: Multilayered Data Protection

Isolate your most valuable data with secure hardening technology to minimize your attack surface and keep your most critical data confidential, intact, and readily available.

Request Pricing View Datasheet
NetApp Cyber Vaulting

In today's digital landscape, safeguarding your organization's critical data assets is not just a best practice—it's a business imperative. Cyberthreats are evolving at an unprecedented pace, and traditional data protection measures are no longer sufficient to keep your sensitive information secure. That's where cyber vaulting comes in. NetApp's cutting-edge solution combines advanced logical air-gapping techniques with robust data protection measures to create an impenetrable barrier against cyberthreats. By isolating your most valuable data with secure hardening technology, cyber vaulting minimizes your attack surface so that your most critical data remains confidential, intact, and readily available when needed.

With NetApp® cyber vaulting, your data is protected by the highest standards of security. Our solution offers a range of benefits, including enhanced breach protection, rapid recovery capabilities with immutable and indelible copies, and seamless scalability to accommodate your growing data volumes. Whether you're safeguarding intellectual property, customer data, or mission-critical systems, cyber vaulting gives you the peace of mind that comes with knowing that your information is secure. With our flexible deployment and cost-effective storage options, cyber vaulting is an ideal solution for organizations of all sizes and industries.

NetApp Cyber Vaulting overview

Features and Benefits

The capabilities that set NetApp Cyber Vaulting apart.

NetApp Logical Air Gapping

Logical Air-Gapped Environments with ONTAP

NetApp cyber vaulting empowers organizations to create logically air-gapped environments using NetApp ONTAP® software. With ONTAP, you can:
  • Create isolated storage systems that are logically separated from other networks and systems.
  • Implement strict network segmentation and access controls to limit communication between storage and external networks.
  • Use NetApp SnapLock® Compliance to create immutable and indelible, write-once-read-many (WORM) storage volumes that prevent data modification or deletion.

SnapLock Compliance Technology

SnapLock Compliance is a powerful data protection feature of the NetApp ONTAP unified storage operating system, designed to safeguard critical data against deletion, modification, or encryption. With SnapLock Compliance volumes, your backup data remains indelible and immune to tampering, even by privileged users or administrators—and even by NetApp Support.

Logically Air-Gapped Cyber Vaults

When combined with ONTAP Snapshot™ technology, SnapLock Compliance enables the creation of logically air-gapped cyber vaults—secure, isolated storage repositories that house your organization's most valuable data. These cyber vaults are not merely passive repositories, but rather dynamic, resilient, and rapidly recoverable data safeguards. With ONTAP cyber vaulting, NetApp SnapMirror® policies and rules are managed from the vault, further protecting the vault from service disruptions.

Further Hardening the Air Gap

Physical Air-Gapping Options

For the most critical data assets, NetApp cyber vaulting offers physical air-gapping options that completely disconnect storage systems from networks. With physical air gapping, you can:
  • Deploy dedicated, isolated storage systems for maximum protection against external threats.
  • Implement secure data transfer processes, with strict security protocols for scanning and handling media.
  • Use SnapMirror to replicate data efficiently from production systems to air-gapped storage, enabling secure data transfer and recovery.
  • Leverage NetApp AFF and FAS on-premises systems with hardware-based encryption for secure, high-performance storage in air-gapped environments.

Robust Hardening with NetApp ONTAP

Robust Hardening with NetApp ONTAP

Multi-admin Verification

The MAV security feature of ONTAP means that certain operations, such as deleting volumes or Snapshot copies, can be executed only after approvals from designated administrators. This feature prevents compromised, malicious, or inexperienced administrators from making undesirable changes or deleting data.

Multifactor Authentication

The MFA feature of ONTAP enhances security by requiring users to provide two authentication methods to log in to an admin or data storage virtual machine (SVM).

Between Primary and Secondary Storage

  • Isolate management networks
  • Separate administrators
  • Different credentials
  • Dedicated replication network
  • Separate data centers (optional)

Solution Benefits

Comprehensive and Flexible Solution

NetApp cyber vaulting offers organizations a comprehensive and flexible solution for protecting their most critical data assets. By combining logical and physical air-gapping options with robust hardening methodologies, NetApp enables you to create secure, isolated storage environments that are resilient against evolving cyberthreats without creating knowledge or skills silos.

Multilayered Cyber Resilience

With NetApp, you can be sure of the confidentiality, integrity, and availability of your data while maintaining the agility and efficiency of your storage infrastructure. NetApp's multilayered cyber resilience capabilities help you protect your data, detect threats in real time, and rapidly recover from cyberattacks.
Expert Guidance

Thrive with expert-led storage guidance

Get tailored advice on how NetApp Cyber Vaulting fits your environment — from sizing and deployment to long-term optimization.

Talk to a specialist
Thrive with expert-led storage guidance

Technical Specifications

Exhaustive hardware and software metrics extracted directly from official documentation.

  • Data Pull Operation
    A data pull operation copies from primary to cyber vault
  • SnapLock Compliance and Protocols Disabled
    Attackers cannot reach the cyber vault from the primary storage
  • Pierce-through Prevention
    No pierce-through from the source possible
  • Vault Copy Protection
    Copies in vault cannot be read, modified, or deleted by anyone (including NetApp)

  • Step 1
    Identify the destination cluster
  • Step 2
    Create a destination volume with a SnapLock aggregate (volume create)
  • Step 3
    Create a policy (SnapMirror policy create)
  • Step 4
    Add rules to the policy (SnapMirror policy add-rule)
  • Step 5
    Create a cyber vault relationship between the volumes and assign the policy to the relationship (SnapMirror create)
  • Step 6
    Initialize the relationship to start a baseline transfer (SnapMirror initialize)

  • Cyber Vaulting How-To Resource
    See how to get started with this cyber vaulting how-to blog on the NetApp Community site.
  • AFF On-Premises Storage
    NetApp AFF A-Series
  • FAS On-Premises Storage
    FAS storage: Seamless, efficient, trusted
  • SnapLock Compliance Software
    Retention and rapid retrieval
  • Security Hardening Guide
    Security hardening guide for NetApp ONTAP

  • Document Type
    Solution Brief
  • Document ID
    SB-4289-0624
  • Copyright
    © 2024 NetApp, Inc. All Rights Reserved.

Compare NetApp Cyber Vaulting Series

Select the right scale for your workload demands.

Model Name Max Capacity Port Config Action
NetApp AFF A-Series N/A N/A Get Quote
NetApp FAS Storage N/A N/A Get Quote
SnapLock Compliance N/A N/A Get Quote

Ready to get started?

Get your data flowing from edge to core to cloud.

Talk to a specialist

Request a custom quote

Build a configuration with a Data Protection specialist.

Request a quote

Download the datasheet

Full specs, performance metrics, and deployment notes.

Get the datasheet

Learn more

Explore resources

Datasheets, whitepapers, case studies, and technical documentation.

Explore resources

View solutions

Tailored storage and data management solutions for your workloads.

View solutions

Most secure storage on the planet FIPS 140-3 · NSA CSfC · DoDIN APL
Validated for top-secret data Only enterprise storage to hold this certification
Authorized NetApp Partner SANDataWorks · a division of BlueAlly
Free Security Assessment