Organizations rely on data management platforms like NetApp ONTAP to store and collaborate on sensitive data. With most security technologies, even zero trust tools, once you’re past the perimeter and have access to an application and file, it’s yours to share, copy or download freely. Worse, security incidents caused by insiders are hard to detect – often taking months. It’s time for a proactive data-centric approach to data access and security.
NC Protect™ for NetApp® ONTAP® dynamically adjusts file protection based on real-time analysis of file content and comparison of user and file context to ensure that users view, use and share files according to your business regulations and policies.
NC Protect with ONTAP addresses the protection of information, dynamically at the data layer at the time of access. The combined solution provides a multi-faceted, 360-degree layered approach to protecting a customer’s most important asset, data, that is accessed on Windows File Shares in ONTAP.
- Automatically discover, classify, and restrict access to or encrypt files based on the presence of sensitive data.
- Control who can access files and how they can be used, copied and shared with dynamic fine-grain policies.
- Dynamically add custom security watermarks containing user or file attributes to sensitive or confidential Office docs and PDFs.
- Dynamically obfuscate/hide files from unauthorized users.
- Automatically encrypts sensitive files at rest and in motion.
- Enforce secure read-only viewing of sensitive/classified information with a built-in Secure Reader.
- Audits and tracks access to and usage of sensitive data to ensure transparency and compliance.
- A NetApp Technology Alliance Program Preferred Partner, NC Protect has a NetApp field validated integration for ONTAP.
NC Protect’s Key Capabilities for ONTAP
NC Protect enhances ONTAP Windows File Share data security with unmatched information protection capabilities to prevent accidental sharing, misuse and loss, while maintaining a simple and intuitive user experience that empowers customers to collaborate securely.
NC Protect scans and inspects files for sensitive or regulated data (PII, PHI, HR, IP, etc.) according to defined policies. When detected, it can automatically classify the file and apply access controls and information protection based on its sensitivity and your policies.
NC Protect’s attribute-based access control (ABAC) policies use data and user attributes (e.g., classification, geolocation, device, time of day), not data location, to determine access rights in real time. Access to a file can be restricted to a specific individual or group, even if a wider audience has access to the site or folder.
Encrypt At Rest & In Motion
If a sensitive document that requires encryption is identified, NC Protect can encrypt the content immediately and limit the audience to only credentialed users. The contents of an email and any attachments sent through Exchange can also be encrypted automatically. Additionally, the optional NC Encrypt module offers key management and BYOK support.
Forced users to view sensitive documents in NC Protect’s Secure Reader for read-only access. It prevents users from being able to download, copy, edit or print sensitive data.
Dynamically add security watermarks and CUI markings customized with user and/or file attributes to sensitive and confidential Word, PowerPoint, Excel, PDF and image files for security and auditing purposes. Watermarks can incorporate attributes such as user name, email, time and date that the file was accessed. They deter users from taking photos and create a digital thumbprint for tracking and forensics purposes.
Define rules in NC Protect to prevent the sharing of sensitive information or confidential documents within or outside of ONTAP to minimize accidental or malicious data loss and exposure.
HIDE SENSITIVE FILES
Dynamically obfuscate data to hide sensitive or confidential documents from unauthorized users in folders, chats and searches. Only users with access rights will be able to see that the content exists to minimize data exposure and the need to create multiple sites and channels to accommodate different access rights.
Remove/redact sensitive or confidential information, such as keywords or phrases, in a document when viewed in its native application (Word, Excel, PowerPoint and PDF) or when the file is presented in the Secure Reader for legal or security purposes.
Audit & Report
Provides centralized reporting on classified data and user activity logs. Report on the number of issues identified by classification level, review scan results and rescan, reclassify or reapply permissions if needed. Integrate user activity and protection logs with Splunk and Microsoft Sentinel for further analysis and downstream actions.