Write once read many (WORM) describes a data storage media in which information, once written, cannot be modified. It ensures the highest level of integrity and data security by eliminating the risk of important data from being deleted or modified. Commvault provides the WORM feature that prevents the accidental deletion of data that is not qualified for aging.
Note
Once applied, the WORM functionality is irreversible.
Commvault offers two types of WORM functionality: WORM storage lock and compliance lock.
WORM Storage Lock
You can use the WORM storage lock option for both deduplicated and non-deduplicated data in cloud environments. Object lock is supported for Commvault supported vendors.
WORM storage lock provides data security at the physical (hardware) level.
Note
- If you enable the WORM storage lock, the compliance lock is automatically enabled. Also, you can enable only the compliance lock.
Compliance Lock
Compliance lock is a security control that provides protection from destructive tasks such as deleting backups, storage, apps, servers, and backup destination copies, and reducing retention for cloud storage vendors within the CommCell Console interface. You can enable the compliance lock at the storage level, and all associated backup destination copies will be locked and protected.
Compliance lock provides data security at the software level (within the Commvault user interface) by protecting data against rogue users that use compromised credentials.
The combination of WORM storage lock and compliance lock features results in immutable backups that neither the storage administrator nor the Commvault administrator can delete.