Application Security

Product Security

All changes to the production environment follow a defined change management process. Changes are peer-reviewed, tested in pre-production, and approved before deployment. Post-deployment verification confirms changes were implemented as intended.

Security defects are prioritised for rapid response. Impactful changes are formally communicated and coordinated prior to release. No customer data is used in development or pre-production environments.

Vulnerability Management

NetApp maintains a continuous vulnerability management lifecycle built on four layers: a preventive baseline, continuous detection, scheduled remediation, and a reactive fast-track process for urgent issues.

Preventive Baseline

Nodes are hardened to industry-recognised benchmarks from day one. Hardening configurations are reviewed at least annually, and configuration templates are updated when new technology versions are released or security-relevant changes are identified.

Continuous Detection

Container images and code dependencies are scanned daily, and build-time security checks are integrated into the development pipeline. Cloud security posture management covers all cloud provider accounts. Upstream vulnerability disclosures for the open-source technologies on the platform are monitored weekly.

Scheduled Remediation

A quarterly patching cycle covers operating systems, dependencies, and application components across the fleet. Patching is coordinated with customer-approved maintenance windows. Post-patching verification confirms nodes are running expected software versions.

Reactive Remediation

When vulnerabilities are identified outside the quarterly cycle, NetApp follows a risk-based approach, prioritising by severity, exploitability, and compensating controls already in place. Critical and high-severity issues are expedited through an out-of-cycle remediation process. Remediation is coordinated with customer maintenance windows.

External Validation

NetApp commissions independent penetration testing twice annually, supplemented by crowd-sourced vulnerability identification. Findings are tracked through the standard change management process until resolution.

Artificial Intelligence

NetApp Instaclustr offers a single optional AI feature — AI Cluster Health — that provides AI-generated health summaries of managed clusters based on operational infrastructure metrics. The feature is opt-in, user-triggered, and does not access customer application data.

For full security details, see the AI Cluster Health Security Overview.

Data Protection

Trust and Access

Learn about our
Managed platform

Schedule your 1:1 session with one of our open source experts

Schedule a demo