Configuring WORM Storage Mode on Cloud Storage

Write once read many (WORM) describes a data storage media in which information, once written, cannot be modified. It ensures the highest level of integrity and data security by eliminating the risk of important data from being deleted or modified. Commvault provides the WORM feature that prevents the accidental deletion of data that is not qualified for aging.

Note

Once applied, the WORM functionality is irreversible.

Commvault offers two types of WORM functionality: WORM storage lock and compliance lock.

WORM Storage Lock

You can use the WORM storage lock option for both deduplicated and non-deduplicated data in cloud environments. Object lock is supported for Commvault supported vendors.

WORM storage lock provides data security at the physical (hardware) level.

Notes

  • Do not enable WORM storage lock at the backend systems or applications, other than those specified in Configuring WORM Storage Lock.

  • If you enable the WORM storage lock, the compliance lock is automatically enabled. Also, you can enable only the compliance lock.

Compliance Lock

Compliance lock is a security control that provides protection from destructive tasks such as deleting backups, storage, apps, servers, and backup destination copies, and reducing retention for cloud storage vendors within the CommCell Console interface. You can enable the compliance lock at the storage level, and all associated backup destination copies will be locked and protected.

Compliance lock provides data security only at the software level (within the Commvault user interface) by protecting data against rogue users that use compromised credentials.

The combination of WORM storage lock and compliance lock features results in immutable backups that neither the storage administrator nor the Commvault administrator can delete.

Loading...