Write once read many (WORM) describes a data storage media in which information, once written, cannot be modified. It ensures the highest level of integrity and data security by eliminating the risk of important data from being deleted or modified. Commvault provides the WORM feature that prevents the accidental deletion of data that is not qualified for aging.
Notes
- Once applied, the WORM functionality is irreversible.
- You cannot delete data on a client if WORM is enabled on any associated subclients.
Commvault offers two types of WORM functionality: WORM storage lock and compliance lock.
WORM Storage Lock
You can use the WORM storage lock option for both deduplicated and non-deduplicated data in disk libraries. WORM storage lock provides data security at the physical (hardware) level.
Notes
If you enable the WORM storage lock, the compliance lock is automatically enabled. Also, you can enable only the compliance lock.
Compliance Lock
Compliance lock is a security control that provides protection from destructive tasks such as deleting backups, storage, apps, servers, and backup destination copies, and reducing retention for disk storage vendors within the CommCell Console interface. You can enable the compliance lock at the storage level, and all associated backup destination copies will be locked and protected.
Compliance lock provides data security only at the software level (within the Commvault user interface) by protecting data against rogue users that use compromised credentials.
The combination of WORM storage lock and compliance lock features results in immutable backups that neither the storage administrator nor the Commvault administrator can delete.