Saved to Cloud Storage

What is Immutable Storage

Immutable Storage

Complete Ransomware Protection using Object Lock

Immutable storage or backup means your data is fixed, unchangeable and can never be deleted. Using immutable storage for backups means it cannot be altered or changed and this is called Object-Locking, this is particularly important when it comes to malware or ransomware.  If your backup is immutable, it is impervious to new ransomware infections.  By keeping an archive of immutable backups, you can guarantee recovery from a ransomware attack by finding and recovering the last clean backup you have stored.

Keeping immutable backups provide you with peace of mind that you will never be in a position where the only way you can recover data after a ransomware infection would be to pay a cyber ransom.

In addition to protection from malicious data corruption, immutable backups also enable companies to meet data compliance regulations ensuring accurate copies of historical data are kept and uncompromised.

Immutable backups are not a new concept.  You could physically set tape media to be written once, read many (WORM) and therefore be immutable.

The cloud is possibly the preferred medium for immutable storage.  There is also the added function to allow you to set a time on immutability.  For example, if you need to keep historic, unchangeable, unalterable, and undeletable copies of your data for 7 years, you can set immutability for that period of time.

When reviewing a cloud service provider’s SLA, ensure that none of the providers employees can change application code on a production system without first undergoing thorough review and testing.  The data should also be extremely durable guaranteeing at least 11 nines. 

Our immutable cloud storage service provides a level of immutable storage that meet the minimum data immutability standards.  Management of its data storage services is built around two simple rules.

  • No one person should be able to destroy data that is in an immutable bucket, and
  • Nobody should be able to touch a production system anonymously.

This means when using immutable storage buckets, no one can delete or alter your data – not even a systems administrator.

With immutable backups, you can protect against malware, malicious or accidental data deletion or data corruption.

To add one more thing to this, don’t rely on a single immutable copy of your data and keep it on 2 different cloud providers storage for peace of mind.

Why does Object Lock matter?

Because things change – especially staff. Using immutable objects ensures that information is immune from accidental or intentional deletion and alteration. It guarantees that once the information lands in on the immutable cloud storage, it will remain there until the lock expires.

Because cybercriminals attack backups and archives as part of their ransomware campaigns. It is not enough that they are taking down the primary systems, but they are also attacking the secondary/backup systems to ensure they get their ransom.

Because regulators check these things, all the time. It is essential that data in regulated industries be safeguarded for compliance and consumer protection standards.

Because legal proceedings depend on a chain of custody and immutability when it comes to digital evidence, like surveillance video, now that deep fakes and altered footage have become a threat to justice.

Object Lock can help organisations with certain government and industry regulations like HIPAA, FINRA, and CJIS for securing and preserving electronic records, transaction data, and activity logs.

Compliance Mode & Governance Mode

Object Lock is available in two retention modes:

  • Compliance mode
  • Governance mode

Both retention modes allow users to place a legal hold on specific objects. The legal hold prevents a locked object from being overwritten or deleted once the original retention date has been reached. Legal holds on objects can be lifted by an authorised user. The object will remain protected until the retention period expires.

For this reason, we recommend that users only store data in compliance mode that they are certain will not need to be changed.

With compliance mode, a protected file or object cannot be overwritten by any user or engineer. When an object is locked in compliance mode, its retention date cannot be shortened. Immutable objects in Compliance mode will remain immutable until the end of their retention period.

With governance mode, only users with special permission, such as the root user in the account can reduce the retention settings. This allows you to grant special permission to some users if necessary.

Object Lock and Bucket Immutability: Two Options for Data Protection

To set Object Lock permissions you must first create a new bucket with Object Lock enabled. You cannot add Object Lock capabilities to an existing bucket. In an Object Lock-enabled bucket, retention periods can be set at the object level for each individual object. Alternatively, buckets can be configured to allow for a default retention setting for all objects that are placed in them. For example, if the bucket level policy is set to retain an object for 30 days, the 30-day retention is calculated and applied as each object is added. Therefore, users do not have to set each object’s retention individually.

Support for immutable storage buckets. In an immutable bucket, all objects are made immutable according to a uniform set of parameters. All the objects in the bucket share the same expiration date. There can be no variation in the retention period between individual objects. This form of data protection is a great fit for protecting archival data or primary data that may not have additional copies.

Both Object Lock and immutable buckets prevent the most common causes of data loss and tampering. Helping users:

  • Combat ransomware and viruses
  • Avoid accidental data erasure
  • Ensure regulatory compliance
  • Mitigate financial risks and legal exposure Use object immutability for greater control over individual object retention rates and use bucket immutability for protecting large swaths of data.

Verified for VEEAM VBR V10 and V11, simply set and manage retention periods and limit user access.

If you would like to know how storing data in the cloud can help alleviate or solve some of your issues please call us on 01256 331614 or email

Trial our Cloud Storage

Please complete the form found here.

Thanks for reading