The Privacy Rights Clearinghouse, a nationally recognized non-profit, reports that, since 2012, there have been almost 800 data breaches attributable to hacking or rogue access to sensitive information. These breaches have collectively affected over 205 million records.


Data security is of growing concern to both businesses and consumers. However, timing is everything in our competitive markets. How do we balance the need for speed in business against the need to take a cautious approach whenever sensitive data is involved?


NetApp IT’s philosophy is to make security an integral part of the NetApp culture. Our goal is to help NetApp securely architect and deliver its services to all stakeholders. We want to embrace security as an enabler, make informed risk decisions, and ensure that a consistent security posture is implemented across NetApp.


Partnering with the Business

NetApp IT partners with the business to understand their security pain points, identify strategic and tactical opportunities for engagement, and strike a balance between short- and long-term security initiatives. The key word here is ‘partner.’ Before the business gives sensitive data to another internal system or vendor, we have to ensure that our security policies are applied to enforce the right controls.


Our Enterprise Information Security Council is the focal point of our security program. Senior leadership across NetApp is represented at this council so that all the key players are at the table to identify and sequence security priorities. This body also approves security policies and acts as the governance body for our ISO27001 certification. NetApp adopted this highly recognized international standard for information security management systems in 2007. In addition to framing our internal security posture, this certification also helps to give customers and partners confidence in the way we handle information.


The Strategic Focus of Information Security

An important aspect of our vision is for security to be part of the NetApp fabric across all stakeholder engagement platforms. Since most of these platforms have moved to the cloud, NetApp IT has to carefully manage the risks of partnering with cloud-enabled businesses in a manner that does not inhibit innovation or agility.


NetApp IT continually adapts its security strategy to help fold security into our corporate DNA so that we protect our people, intellectual property, and brand from the evolving threat landscape. Stay tuned for our next blog in which we discuss how NetApp IT is addressing security in the cloud.


The NetApp-on-NetApp blog series features advice from subject matter experts from NetApp IT who share their real-world experiences using NetApp’s industry-leading storage solutions to support business goals. Want to view learn more about the program? Visit