Immutable Object Storage

September 28, 2021
Backup, Data Protection, IT Security

Immutable Object Storage vs. Ransomware

Who would have thought data storage could play an important role in defending against ransomware? It makes sense if you think about it – particularly if you think in terms of the nature of object storage and its use in data backup.

Backups at Risk

Cybercriminals no longer only target data. They now also go after the backups, frequently using ransomware variants that specifically enable them to identify and delete backup copies on servers, endpoint systems and storage target.

But if backups are stored in a way that prevents them from being encrypted or otherwise corrupted, cybercriminals are out of luck. In the event a ransomware infection occurs, an organization can simply roll the data back to the state prior to the attack. There’s no data loss and no reason to pay the ransomware.

That’s the beauty of data – backups, included – in object storage. It employs two features that prevent the data from being modified or deleted, helping to ensure that organizations have clean, unaltered backups for restoration.

Immutability Protects Against Change

First, object storage is immutable. Immutability prevents unauthorized data changes or deletion. Data in object storage can’t be overwritten or deleted because it’s written with Write Once, Read Many (WORM) technology. 

WORM exists as a system-level function in many object storage systems. In most cases, administrators enable immutability at the bucket or folder level, simply by setting an attribute.

Some object storage systems are equipped with an “object lock” feature, which enables delivering WORM functionality within an enterprise storage system. This protects data at the device level, rather than requiring an external defense layer.

Immutable backups are built by copying data bits to the cloud as soon as they’re created. Once the data is in the cloud, users can set an immutability flag that locks the data for a specific time. For example, if you set the flag for 14 days, you can’t delete or modify the backup for that 14-day timeframe.

Even administrators can’t alter the data until a preset time limit has elapsed. Because it can’t be altered, the data can’t be encrypted with ransomware. If desired, you can configure object storage to automatically delete the data after the retention period has expired.

Short-term immutable backups can be stored locally or tiered into immutable object storage.

Data Versioning Because Change Happens

Object storage also makes use of data versioning. While the data that gets stored to object storage is usually data that doesn’t get frequently changed, changes can and do happen ─ sometimes for malicious reasons. With data versioning, a new copy of data is produced whenever data is altered. The original is retained for a specified time.

That means if a file in object storage does somehow become encrypted by ransomware or deleted by a disgruntled user, there’s still a copy of the original data. Theoretically, ransomware could delete the original, unencrypted data. However, there’s currently no known kind of ransomware that does that.

An additional benefit of data versioning is that it’s possible to erase old copies of data prior to their preset expiration date. As a result, backups take up less space than is the case with WORM.

Double Protection. Double Benefits.

Both versioning and WORM protect data where it resides ─ at the backup target layer. This is at least one step removed from the application server, which usually communicates with a backup server and then connects to the backup target. This distance makes it more difficult for ransomware to reach.

Among the other benefits offered by WORM technology and versioning, they’re both easy to deploy using object storage systems and common data protection software. They also allow for data to be immediately accessible, mitigating lengthy recovery times.

Keep in mind, however, that even with immutable storage and the use of versioning and other data protection tactics, there’s no guarantee that stored data didn’t somehow get infected by ransomware. It’s recommended that you always scan backups to ensure they’re free of malware or indicators of compromise (IOC) before restoring the data.

There’s More to Consider

Object storage doesn’t just protect against ransomware. Because it’s immutable, it protects users who accidentally or purposefully try to delete data. It also helps ensure that there’s a prior, clean version of data to retrieve if a user accidentally overwrites data.

In addition, immutable object storage has the potential to help you meet various compliance requirements for securing and preserving electronic records, transaction data and activity logs. Among them: Criminal Justice Information Services (CJIS), Financial Industry Regulatory Authority (FINRA), and Health Insurance Portability and Accountability Act (HIPAA).

To learn how to incorporate object storage into your data protection strategy, for defending against ransomware and the other benefits it offers, contact US Signal. Call (866) 274-4625 or email [email protected].

You can also explore some of US Signal’s data protection solutions, including the following:





Endpoint Data Protection (EDR)

Vulnerability Management as a Service (VMaaS)




Data Management for Cohesity