Part of:Improve cloud storage security for better data protection
How immutable object storage can help protect data
Ransomware is just one of the many threats that makes immutability an important piece of object storage. There are several products and methods to consider.
Threats such as ransomware have become so prevalent that many object storage products include support for data immutability.
As its name suggests, immutable data cannot be deleted or modified. If a user attempts to make a change to a file stored on immutable object storage, the underlying storage simply creates a new version of the file but also retains the original version in an unaltered state.
How to implement and manage immutable object storage
The method to create immutable storage varies based on the storage device or cloud storage platform. In most cases, admins enable immutability at the bucket or folder level, simply by setting an attribute.
In Amazon S3, for example, to set up an immutable storage bucket, create a bucket in the usual way. Then click on the bucket, select the Properties tab and click the Edit button found in the Bucket Versioning section.
Enable bucket versioning in Amazon S3 for data immutability.
The primary management task associated with immutable object storage is to set up data lifecycle rules. These rules can vary in scope based on the storage platform, but they generally specify the length of time an organization must retain data -- or how many versions to retain -- and what happens to the data at the end of its retention period.
What threats does it protect against?
Immutability is one of the best defenses against ransomware. If a ransomware infection occurs, an organization can simply roll the data back to the state prior to the infection.
Although ransomware is the most-discussed threat regarding the need for data immutability, immutable object storage can also protect against other threats. For example, it can protect against a user who either accidentally or purposefully tries to delete a file. Similarly, if a user accidentally overwrites a file -- or the data within the file -- with bad data, then IT can easily retrieve a prior version of the file.
Although ransomware is the most-discussed threat regarding the need for data immutability, immutable object storage can also protect against other threats.
Relevant vendors and products
There are several enterprise storage vendors that offer immutable object storage. Some are designed for use in the data center, while others are cloud-based. Some of the available object storage products that support data immutability include:
There are numerous advantages associated with using immutable object storage, but there are also several pain points. For example, storage immutability causes each new version of the object to be retained for the duration of the object's retention period. The method of data retention could increase an organization's storage costs because of additional data storage, and the organization cannot remove previous versions.
Immutability is often a nonreversible action. If an administrator enables data immutability by accident or to see how it works, they might not be able to turn it back off.
In addition, immutability may not be suitable for use with data that has a high change rate. In extreme cases, the system can have trouble keeping pace with the changes.
