Data Protection

NetApp Instaclustr provides strong mechanisms to protect data at rest and in transit. You choose when and how to enable them based on your requirements.

Encryption at Rest

All customer data is encrypted at rest by default across all cloud providers. Customer-managed keys (BYOK) are an option for customers who require control over their own key material on supported cloud providers. Customers are responsible for ensuring the level of encryption is appropriate for their data. Sensitive fields within the management database are encrypted at the application layer before storage.

Encryption in Transit

TLS encryption is supported for all customer connections. Customers are responsible for configuring client-to-cluster encryption for their clusters.

Where technologies expose REST or HTTP APIs, these support HTTPS with automatic provisioning of externally signed certificates. Inter-node communication within clusters is encrypted, and internal service-to-service communication uses authenticated and encrypted protocols.

Data Ownership

Data stored within customer clusters is owned and managed by the customer.

NetApp does not inspect, classify, or manage customer application data within managed clusters. While NetApp maintains administrative access to nodes for support and maintenance, the data model and permissions for all other users are maintained by the customer.

No credit card or payment details are stored in the management infrastructure; they are passed directly to the payment services provider.

Data Retention and Deletion

When a cluster is deprovisioned, customer data is securely removed from cloud infrastructure following a documented process. Deletion activities are logged and auditable. Cloud service providers also maintain their own deletion and media sanitisation procedures as documented in their respective compliance certifications. Customers are responsible for defining retention and deletion requirements for their application data stored within clusters.

Customer Log Forwarding

For customers who need to ingest application logs into their own security monitoring or log management systems, log forwarding to customer-controlled destinations is supported for applicable technologies. Connectivity options include public and private networking. Platform-level logs (administrative activity, monitoring alerts) are retained within NetApp’s centralised security monitoring systems.

NetApp provides the capability; you decide whether to use it. The console clearly indicates encryption support during cluster creation.

Infrastructure & Network Security

Application Security

Learn about our
Managed platform

Schedule your 1:1 session with one of our open source experts

Schedule a demo