solved.scality.com Open in urlscan Pro
104.198.99.15  Public Scan

Form analysis
2 forms found in the DOM

GET https://solved.scality.com/solved/

<form role="search" method="get" class="pc-searchform" action="https://solved.scality.com/solved/">
  <div class="pc-searchform-inner">
    <input type="text" class="search-input" placeholder="Type and hit enter..." name="s">
    <i class="penciicon-magnifiying-glass"></i>
    <button type="submit" class="searchsubmit">Search</button>
  </div>
</form>

GET https://solved.scality.com/solved/

<form role="search" method="get" class="pc-searchform" action="https://solved.scality.com/solved/">
  <div class="pc-searchform-inner">
    <input type="text" class="search-input" placeholder="Type and hit enter..." name="s">
    <i class="penciicon-magnifiying-glass"></i>
    <input type="submit" class="searchsubmit" value="Search">
  </div>
</form>

Text Content

Introducing CORE5: A new standard of cyber-resilient storage
Navigating data privacy, data sovereignty and data protection:...
What endurance cycling can teach you about resilience...
How Scality and Wasabi provide “hot,” affordable data...
Tales from the frontlines: How to bounce back...
Is your storage solution TRULY immutable?
When cloud is the problem, not the answer
Event planning goes green: How we created a...
ERG selects Scality and HPE to modernize IT...
How Scality helped me build a simple “hypersonic...
 * VISIT SCALITY SITE


 * Industry
 * Open Source
 * Leadership
 * Insights
 * Scality Life

Search
Insights


IS YOUR STORAGE SOLUTION TRULY IMMUTABLE?

by Paul Speciale March 6, 2024
by Paul Speciale March 6, 2024
1.3K

BY PAUL SPECIALE, CMO, SCALITY

Immutable storage is surging to the forefront as an essential last line of
defense against ransomware. Why? Because, as cybercriminals have gotten more
sophisticated, backups now sit squarely in their crosshairs. These bad actors
know organizations are more likely to pay a ransom if they’re successful in
deleting or encrypting backup data.

Reports show 93% of attacks target backup repositories with a 68% success rate.
What’s more, Veeam’s 2023 Data Protection Trends Report found that in 75% of
these events, cybercriminals succeed in debilitating their victims’ ability to
recover.

Without immutable storage, you’re sunk. But not all immutability is created
equal. Some forms of immutability still leave a window of exposure.

> Want to see an at-a-glance version of the true immutability checklist?
> Download it here.




WHAT IS TRUE IMMUTABILITY AND WHY DOES IT MATTER?

At Scality, we consider true immutable storage to be an essential part of every
IT organization’s cybersecurity toolkit. A survey we conducted with independent
research firm Vanson Bourne found that 94% of IT leaders in the U.S., Germany,
France and the U.K. currently rely on immutable storage.

While it’s encouraging to see the widespread adoption of “immutable storage,”
the question remains: How many of these solutions are truly immutable and,
ultimately, ransomware-proof? 

Immutable storage refers to a data storage paradigm where, once data has been
written, it cannot be modified or deleted for a predetermined period, thus
thwarting ransomware attacks. But in reality, most immutable solutions fail to
provide the level of protection they promise.

For example, file systems commonly make data immutable with scheduled, periodic
snapshots that may have hours or days between the last snapshot taken. This
approach results in data retention gaps and creates the potential for data
loss. 


Other file system-based solutions can achieve instantaneous immutability via
support for the S3 Object Lock API. However, because the underlying file system
is still inherently mutable, data remains vulnerable to attacks below the API
layer. 



> True, intrinsic immutability — only achieved by S3 Object Lock implemented on
> a native object storage architecture — closes these windows of exposure. The
> S3 API enables data to be constantly saved and stored at petabyte-scale each
> and every time it is written. Meanwhile, the underlying object storage
> architecture ensures stored data can never be overwritten or deleted, even if
> an attacker is able to bypass the API layer. This means data can always be
> restored from any backup — no matter what.




COMPARISON OF IMMUTABILITY: LEGACY FILE VS. S3 PROXY VS. TRUE NATIVE OBJECT
STORE

Legacy file storage offers no API-level immutability, and S3 Object Lock API
implemented on an inherently mutable file-system architecture leaves data
vulnerable to attacks below the API layer.

Only a native object store provides immutability at both the API level and
architecture level.

A word of caution: Not all object storage vendors support true immutability. As
you’re vetting solutions, ensure that they deliver instantaneous immutability
without a window of exposure, enable configurable retention policies and
compliance mode, and are built on a true immutable object storage architecture.



DOES YOUR IMMUTABLE STORAGE SOLUTION HAVE CRACKS IN ITS ARMOR?

Since some immutable storage solutions only enable short-term immutability or
make it difficult, if not impossible, to quickly restore data to its original
state, it’s critical to evaluate whether your solution has vulnerabilities. 

Many options are more about preserving data states at particular points in time
rather than preventing the alteration or deletion of the actual data. Others
present problems with management complexity, short-term immutability, limited
scalability, and performance degradation impacting the ability to restore
quickly.  

For all these reasons, the following solutions are considered insufficient when
it comes to immutability: 

 * NAS/file system snapshots
 * Dedupe appliances
 * Linux-hardened repositories 
 * Tape
 * S3 proxies (S3 API implemented on mutable architectures)




TRULY IMMUTABLE SOLUTIONS ARE INTRINSICALLY IMMUTABLE AT THE CORE ARCHITECTURE
LEVEL 

Only solutions based on native object storage design are truly immutable because
they preserve data in its original form the very moment it is written, and never
overwrite existing data. This isn’t the case for solutions built on mutable
architectures that allow delete and overwrite commands.

With native object storage, data sets — even those written nanoseconds apart —
can never be overwritten, deleted, or modified, regardless of the level of
access privileges an attacker may acquire. This architectural reinforcement
provides a crucial last line of defense against ransomware attackers’ attempts
to encrypt data and extort victims. 



--------------------------------------------------------------------------------





IS YOUR STORAGE SOLUTION TRULY IMMUTABLE? YOUR TRUE IMMUTABILITY CHECKLIST:

To be sure your object storage solution is truly immutable, make sure your
solution checks ALL the boxes below to deliver the highest level of protection:

 * Instantaneous data lock – When configured properly, the second you store
   object-locked data, it is immutable. There’s no time delay like there is with
   a snapshot, whereby data is modifiable until the snapshot is taken. If you
   have true immutable data storage, your data is instantaneously unchangeable.

 * No deletes or overwrites, ever –  Ransomware attackers commonly encrypt or
   delete backups to prevent you from restoring. Only solutions based on native
   object storage design provide intrinsic storage immutability, meaning data is
   never overwritten or deleted. If any changes are made, a new version of the
   object is created, leaving the original data intact.

 * Support for AWS-compatible S3 Object Locking APIs – A significant improvement
   to S3 happened in the last few years: API-level immutability is now possible
   through S3 Object Locking APIs. All popular enterprise applications use the
   AWS API. Without it, applications like Veeam won’t be able to manage your
   storage immutability. By allowing the application to access storage over the
   S3 API, you have a fully integrated backup solution. Immutability at the API
   level helps defend against willful or mistaken attempts to overwrite data by
   a user or application issuing S3 commands against a data set, which can
   happen in a ransomware attack.

 * Configurable retention policies  – Businesses have their own unique
   requirements when it comes to keeping data for custom or extended time
   periods. With configurable retention policies, you can customize the duration
   that your data remains fully immutable, whether it’s days or years.
   
 * Compliance mode for extra fortification – For additional protection, this
   mode prevents even the system superadmin from changing immutability
   configurations.






TRUE, INTRINSIC IMMUTABILITY = S3 OBJECT LOCK IMPLEMENTED ON NATIVE OBJECT
STORAGE ARCHITECTURE

Object storage scales to petabytes, is easy to deploy, simple to use and is your
best line of defense to keep data safe even if the worst happens. 

But don’t just take our word for it. Around the world and across industries a
vast majority of organizations are deploying immutable storage, but their data
may still be vulnerable. Your data deserves the strongest form of immutability —
make sure your solution is delivering it.

For more information on the immutability survey, read the press release here.

Read here to learn more about how Scality works with partners like Veeam to
ensure you have unbreakable ransomware protection, true data immutability and
operational efficiency, without sacrificing performance or flexibility.


TwitterLinkedinEmail

PAUL SPECIALE

Chief Marketing Officer at Scality. Expert in Cloud Computing, Object Storage,
NAS & file systems, data management and database technologies.


previous post

WHEN CLOUD IS THE PROBLEM, NOT THE ANSWER

next post

TALES FROM THE FRONTLINES: HOW TO BOUNCE BACK FROM A BATCH DISK DRIVE FAILURE
WITH ZERO DATA LOSS

RELATED ARTICLES


INTRODUCING CORE5: A NEW STANDARD OF CYBER-RESILIENT STORAGE

May 28, 2024


NAVIGATING DATA PRIVACY, DATA SOVEREIGNTY AND DATA PROTECTION:...

May 23, 2024


TALES FROM THE FRONTLINES: HOW TO BOUNCE BACK...

March 20, 2024


WHEN CLOUD IS THE PROBLEM, NOT THE ANSWER

February 8, 2024


EVENT PLANNING GOES GREEN: HOW WE CREATED A...

January 31, 2024


HOW SCALITY HELPED ME BUILD A SIMPLE “HYPERSONIC...

December 7, 2023


SCALITY DATA STORAGE PREDICTIONS: A LOOK BACK AT...

November 30, 2023


EXPLORING THE DEPTHS: REVELATIONS ABOUT DATA I GAINED...

November 21, 2023


SIMPLIFYING CYBER-RESILIENT, IMMUTABLE BACKUP STORAGE

November 15, 2023






Facebook Twitter Instagram Linkedin

@2023 - Scality. All Right Reserved. Designed and Developed by Us


 * Industry
 * Open Source
 * Leadership
 * Insights
 * Scality Life



日本語
Powered by Localize
English
×


NOTICE

We and selected third parties use cookies or similar technologies for technical
purposes and, with your consent, for other purposes as specified in the cookie
policy.



Use the “Accept” button or close this notice to consent.

Press again to continue 0/1
Learn more
Accept