Hardening a Nutanix cluster for Business Continuity involves implementing security controls that protect recovery data from unauthorized destruction. In many modern cyberattacks, specifically ransomware, the goal is not just to encrypt production data but also to delete the snapshots and backups that would allow for recovery. To satisfy the requirement that only authorized modifications occur, the administrator must move beyond simple Role-Based Access Control (RBAC) and implement an " Approval Policy " .

The Approval Policy feature in Prism Central forces a secondary layer of validation for sensitive operations like snapshot deletion. When a user tries to delete a recovery point, the Nutanix orchestration engine captures the request and holds it in a " Pending " state. The request must be reviewed and approved by a designated person with approval authority. This ensures that even if an administrator ' s account is compromised, the attacker cannot immediately wipe out the snapshots needed to restore the environment. This " multi-person control " is a recognized security best practice for protecting mission-critical data. While cluster lockdown (Option C) prevents unauthorized SSH access, it does not manage the logical management of data through the Prism UI. An Approval Policy provides the specific " modification and deletion " control requested, ensuring that the cluster ' s recovery points remain a reliable " source of truth " following a security incident or administrative error.