Trust and Access

Customer Access

Management of the platform, including provisioning, configuration, and monitoring, is via the Console or the API over HTTPS. Authentication is managed through a centralised identity provider, with Single Sign-On (SSO) support for enterprise customers.

Application connections to clusters (e.g. connecting your application to your database) are managed directly by you through the firewall rules, VPC peering, or private link connectivity you configure in the console.

The console supports:

Multi-factor authentication
Multiple users per account with role-based access levels
Two-factor cluster deletion confirmation as an optional safeguard
Per-user API keys for programmatic access, with the provisioning API disabled by default

NetApp Access to Customer Environments

NetApp staff access customer environments solely for support, maintenance, or incident response — typically initiated by a customer ticket or a monitoring alert. Every access event has a documented reason.

Access follows a layered path: VPN with multi-factor authentication, traversal through bastion hosts, and short-lived access credentials that expire within one minute. Routing controls ensure each session reaches only the intended cluster. Account sharing is prohibited; every action is attributable to an individual.

Access is granted on a strict need basis using least privilege and role-based controls. When roles change or employment ends, access is promptly revoked. NetApp conducts quarterly access reviews of default entitlements and monthly reviews of exception and administrative access.

For PCI-enabled clusters, a second authorised approver must explicitly approve superuser access before it is granted.

Personnel Security

Vetting and Training

All employees and contractors undergo background checks prior to accessing sensitive systems. Mandatory security and confidentiality training is completed upon hire and refreshed annually, with additional secure coding training for engineers. Security adherence is part of annual performance reviews, and all employees acknowledge the Code of Conduct annually.

Onboarding and Offboarding

New employees complete a probation period before becoming permanent. When employment ends or roles change, access is revoked promptly.

Breach History

Neither NetApp nor the NetApp Instaclustr business unit has experienced a reportable breach of sensitive or confidential information within the last two years.

Application Security

Resilience

Learn about our
Managed platform

Schedule your 1:1 session with one of our open source experts

Schedule a demo