Skip to main content
NetApp Knowledge Base

How ONTAP Handles Data Deletion and Ensures Data is Not Recoverable

  1. Last updated
  2. Save as PDF
Views:
12
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
core
Last Updated:

Applies to

ONTAP 9

Answer

NetApp ONTAP Data Sanitization Options:

  • Default Behavior:

    • When files are deleted (via NFS/CIFS or SAN), ONTAP marks the blocks as free in the file system. The actual data is not securely overwritten until new data is written to those blocks.
    • There is no automatic, immediate secure overwrite of deleted data blocks during standard file deletion.

  • Secure Purge (Data Sanitization):

    • ONTAP provides a “Secure Purge” feature (starting in ONTAP 9.4 and later) for FlexVol volumes. Secure Purge can be used to cryptographically sanitize specific files or LUNs, ensuring that deleted data cannot be recovered, even from snapshots.
    • For environments with NetApp Storage Encryption (NSE) or NetApp Volume Encryption (NVE), cryptographic deletion can be performed by destroying encryption keys, rendering data unrecoverable.

  • Best Practice:

    • For regulatory or business requirements demanding that deleted data be unrecoverable before block reuse, use ONTAP’s Secure Purge or cryptographic sanitization features.
    • See NetApp TR-4475: Data Sanitization for ONTAP for details.

Additional Information

additionalInformation_text
NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.