Managing your data securely while ensuring high availability for your applications can seem overwhelming. That’s where NetApp Instaclustr steps in—combining automation, security, and expert support to help you protect your business-critical systems. This blog dives into how NetApp Instaclustr can help drive cyber resilience, safeguard your data, and simplifies security management for enterprises.
What makes NetApp Instaclustr the ideal choice?
At its core, NetApp Instaclustr is designed to help businesses leverage open source technologies securely and efficiently. Offering managed services with built-in security, compliance, and monitoring systems, it caters to customers that demand robust solutions without compromising ease of use.
How NetApp Instaclustr protects your data
NetApp Instaclustr offers a range of security features on its managed platform that help secure your organization’s data from security threats.
Security out of the box
When deploying open source technologies at scale, you want your managed service provider to deliver a layer of security by default, and that’s exactly what NetApp Instaclustr is designed to do.
Dedicated infrastructure comes as standard with our offering, as all clusters are provisioned on their own instances, and by default in their own virtual network. When we provision a cluster, connectivity is limited to only the Instaclustr network enabling customers to add the specific IP ranges required to connect their applications. This means that, even within the same customer environment, there are no automatically enabled connections from one cluster to another. Of course, customers can explicitly add such connections to allow their provisioned services to work together.
Firewall rules are a foundational layer of customer security, acting as gatekeepers for network traffic. By tightly controlling which IPs and ports can access services (ingress) and where services can connect out to (egress), they reduce the attack surface of your infrastructure. At NetApp Instaclustr, ingress rules are managed at the cloud level and visible to customers, while egress rules are enforced at the OS level using iptables, refreshed every minute, and monitored closely.
Additionally, NetApp Instaclustr enforces several customer configurable security settings on the Instaclustr Platform itself to safeguard customer environments. These include strong authentication protocols like multi-factor authentication, SSO and role-based access control for the Instaclustr console, and strong access controls and restricted access for the Instaclustr team, to ensure users only interact with the data they are privy to. By default, data is encrypted both in transit and at rest using industry-standard methods, and all Instaclustr actions are logged for auditability. For more information about our built-in security measures, see our security and trust page.
Reduced attack surface
One measure that security conscious customers can take to reduce risk of a security breach is to isolate their clusters as much as possible from public networks.
Private Network Clusters on Instaclustr are designed to provision cluster application nodes with private IPs only, to ensure that no data hosting components are exposed to the public internet.
AWS PrivateLink, Azure Private Link, and GCP Service Connect build on this by enabling private, one-directional cross-VPC (or vNET) connectivity. It provisions a network load balancer in front of the cluster and attaches a PrivateLink endpoint service, allowing client applications to securely connect via private IPs.
We’re also excited to have recently launched a Public Preview of a highly requested security feature—Zero Inbound Access. This enhances security by eliminating the need for any public IP addresses in customer deployments. While Private Network Clusters still require a publicly routable IP on a bastion instance for Instaclustr’s management access, Zero Inbound Access uses a reverse SSH tunnel architecture where the gateway “phones home” to Instaclustr’s management system. This removes all public IP exposure, significantly reducing the attack surface and eliminating a common vector for external threats.
Compliance
Obtaining and maintaining compliance certification for your infrastructure can take a significant investment of time, resources, and funds. Luckily, NetApp Instaclustr offers SOC 2 and ISO27001 for all our products, and PCI DSS compliance for our management plane as well as a growing number of our products (most recently PostgreSQL). By adhering to some of the world’s most recognized standards, our compliance means that security systems and protocols are in place to protect sensitive customer data. Whether it be Personal Data, PCI, or other critical data our clients benefit as our systems are already in place to support your compliance needs. Check out what additional PCI features we offer to help provide the highest level of security for PCI environments.
Additionally, NetApp Instaclustr conducts regular penetration testing and auditing of our internal and customer environments. This ensures we remain secure and compliant even as our platform continues to grow and evolve.
Monitoring and vulnerability management
A core part of keeping your open source database secure is continuous monitoring for potential intruders and vulnerabilities.
Instaclustr’s purpose-built Intrusion Detection System (IDS) continuously monitors all managed nodes by collecting running processes and network connections. As our platform is highly controlled environment we are able to monitor for any process we do not expect to be running, as opposed to most IDS systems that look for indications of attack. All running processes are checked against a strict allowlist, and any unexpected activity triggers an alert to our 24×7 support team. This proactive, allowlist-based approach ensures only trusted activity is allowed, helping detect and respond to threats quickly.
NetApp Instaclustr also performs continuous and automated scanning across multiple layers including dependencies, packages, code and open source applications. All vulnerabilities that are found via scanning are reviewed by our engineering team to understand their impact, so that they can be managed appropriately. For critical and high severity vulnerabilities, our team will alert customers (see an example announcement here) and commence a patch to mitigate the threat. Additionally, all images are hardened to industry standards, helping to further secure your environment.
Working together, our IDS, vulnerability management process and hardening processes help protect your data from threats while you focus on your core business.
Latest and secure application versions
We know that when vulnerabilities are detected—either in the application software or in the underlying operating system—rolling out those upgrades quickly, safely, and reliability can require a large amount of testing, orchestration, and stress. Many customers we talk to find themselves falling further and further behind in their versioning due to the operational complexity of keeping their data layer applications up to date.
NetApp Instaclustr will manage the software lifecycle for you, keeping your software up to date to take advantage of not only any new application enhancements, but also mitigating any additional known vulnerabilities. The timelines on this process will often be determined based on a number of factors, including the scoring of CVE’s. Traditionally upgrading applications quickly would be painful and time consuming, but NetApp Instaclustr takes away the complexity of upgrading and rolling out the latest software version by taking care of upgrades for you.
We will work with your application teams to ensure upgrades happen at a time which is convenient for you and your team, upgrade your test environment first where possible to ensure you can test application impacts, before moving onto your production environment. All upgrades are handled by NetApp Instaclustr, with our team of experts on hand 24×7 if there are any unexpected issues, or a rollback is required.
Expert support
Last but not least, our team of open source support experts are always on hand to help keep your managed database secure.
Our technical operations team monitor all our security systems and have strict procedures for responding to security alerts. If required they will follow our regimented Security Incident processes, which include escalating to a senior operations engineer, and our 24×7 Instaclustr Security Operations for further investigation.
Ultimately, when you’re with NetApp Instaclustr, we’ve got eyes and ears on your data layer. So, leave it to us while you focus on other things.
Let us help you secure your open source database
The effort required to maintain an adequate level of security to help protect the security of your open source database is significant. You could employ teams of engineers to help build and maintain security systems or spend time and money on expensive software that monitors your environment for you.
Or you could simply leave that all to us! NetApp Instaclustr has the security features you need, and the personnel and processes to deploy them at scale. With NetApp Instaclustr, you can rest easy knowing we’ve got your back when it comes to security.
Get started today
Now is the time to safeguard your systems. Contact NetApp Instaclustr for a personalized demo and see why businesses trust us to manage their open source infrastructure. If you’re an existing customer with specific security questions, reach out to our team at [email protected].
