April 18, 2019
Topics: Cloud Volumes ONTAP Data ProtectionAdvanced6 minute readRansomware ProtectionSecurity
Write once, read many (WORM) storage is designed for scenarios where it is imperative that data is not changed or deleted after it has been written. This requirement may be to satisfy compliance regulations in the financial or healthcare sector, or to capture a golden copy of business records for later auditing and reconciliation. WORM storage also protects data against malicious attacks, such as ransomware or cryptoviral extortion. With a WORM storage solution, enterprise organizations are guaranteed that their original data is preserved.
In this blog, we examine the business cases for WORM data storage and how the addition of NetApp® cloud WORM (based on NetApp SnapLock®) to NetApp Cloud Volumes ONTAP® enhances data protection capabilities in the cloud.
Using WORM Data Storage: Cloud Data Security, Data Protection, and Privacy
WORM data storage is used to prevent data from being manipulated in any way after it has been committed to the storage medium. In some cases, this is to ensure compliance with mandatory regulations such as HIPAA, GDPR, SEC 17a-4, and many others. In other cases, WORM storage is used to implement self-regulatory policies within an organization. For example, businesses may decide to archive emails, HR records, surveillance data, voice recordings, or other historical data to WORM storage.
Another primary use case for WORM storage is to overcome data integrity issues by maintaining the integrity of stored data over time, and to provide protection against the operational impact of malicious attacks. WORM data storage protects against attempts to make data unreadable through encryption procedures that can only be undone by the attacker, and can therefore be used for extortion. As well as external threats, WORM storage also protects data against malicious internal access, such as from a rogue administrator. These scenarios can be nightmares for a company, with real impacts on business operations and profits; WORM storage offers an easy way to avoid that pain entirely.
WORM storage may be implemented in one of two ways depending upon the level of control of the underlying storage:
- Hardware compliant: 100% physical control of underlying storage. Where an end user has physical control of the underlying storage, then a more strict approach to data retention via WORM file locking can be taken, ensuring the data being stored cannot be compromised. This approach can prevent anyone, even storage administrators, from making changes to the data before an expiration date or event. Common use cases may include ensuring legal compliance with the data retention policies in sectors such as the financial and healthcare industries.
- Software based: Less than 100% control of underlying storage. Where an end user does not have control over the underlying storage, such as with a software defined deployment on-premises or in the cloud, then ensuring the most strict retention policy is typically not available. WORM file locking in these environments is an excellent solution for use cases like maintaining accurate historical business records, such as escrow, product information, or software versions, and to protect data against security threats, such as ransomware and phishing attacks.
NetApp’s New Cloud WORM File Locking Feature
NetApp ONTAP storage systems support WORM file locking with the built-in SnapLock feature, an industry-certified solution for WORM data storage that meets the strict standards for compliance with SEC, FINRA, and CFTC regulations. With the introduction of cloud WORM storage, the SnapLock feature now extends to Cloud Volumes ONTAP using AWS storage or Azure storage and its existing suite of cloud data protection capabilities.
Cloud WORM powered by SnapLock helps to ensure data security in cloud computing. It’s easy to integrate with other archiving systems, as well as other ONTAP data protection technologies, such as SnapMirror® unified data replication to support both backup and DR workloads. SnapLock offers two data retention models.
SnapLock Compliance offers the most strict retention of data and is compliant with multiple industry regulations, such as SEC 17a-4, FINRA, and CFTC.
SnapLock Enterprise can be deployed for more flexible regulatory requirements and organization-defined policies. Cloud Volumes ONTAP now offers SnapLock Enterprise WORM data storage in the cloud.
The key difference between SnapLock Compliance and SnapLock Enterprise is that system administrators are able to destroy SnapLock Enterprise volumes before the end of the data retention period. When files on a SnapLock volume have been committed, they are given an expiration date before which they cannot be deleted or changed. For SnapLock Compliance volumes, the files cannot be changed in any way, even if they were created in error. SnapLock Enterprise, however, gives administrators the ability to delete, but not update, the data when necessary. This gives end users greater control to manage WORM storage volumes when compliance with external data protection regulations is not required.
By using cloud WORM and SnapLock as part of Cloud Volumes ONTAP, organizations can further increase their level of cloud data protection and enforce tighter restrictions on how their data is stored and manipulated. This level allows a wider adoption of cloud-based deployment for systems that require the superior levels of control provided by WORM storage, such as cloud-based archives for data stored on premises or in other cloud systems. SnapLock has been tried and tested in ONTAP systems over 10 years, and it brings a mature feature set and solid implementation of WORM storage to Cloud Volumes ONTAP.
Cloud WORM powered by SnapLock extends and complements the existing cloud storage data protection features built into Cloud Volumes ONTAP. Using NetApp Snapshot™ technology, space-efficient and point-in-time copies of a storage volume can be created instantly, regardless of the source data size. With SnapMirror replication technology, volumes are incrementally synchronized at the block level, between both NetApp on-premises storage systems and/or deployments of Cloud Volumes ONTAP, in any combination and in any direction. Cloud Volumes ONTAP AWS high availability enables the setup of a pair of virtual storage systems in the cloud that can synchronously replicate data between each other, thereby ensuring high availability across availability zones.
Companies can use the NetApp cloud WORM solution powered by SnapLock to protect their data and make sure that it is immutability and won’t be altered, used against them, or deleted. As part of NetApp’s continuing evolution of their cloud platform, Cloud Volumes ONTAP now also supports SnapLock Enterprise, helping customers achieve new levels of data integrity and data security in cloud computing.
Cloud WORM powered by SnapLock can be used to reinforce data integrity and security by creating secure and immutable data storage volumes in the cloud. The extra level of protection provided by SnapLock helps Cloud Volumes ONTAP customers migrate more of their long-term data storage from on-premises systems into the cloud.
To try the new data locking features with Cloud Volumes ONTAP, register for a trial preview of cloud WORM powered by SnapLock today.