Hi, I’m in Vegas this week for VeeamON 2022, just had a sneak peek of some of the content, and some very cool demos to look out for (a special session by Rick Vanover). Moving to S3-compatible object storage next. An interesting trend is the adoption of S3-compatible object storage by enterprises. If in 2021, data showed that object storage was almost exclusively used by enterprise customers, these days there is also a long tail of smaller deployments on vendors like Wasabi (Cloud Hot Storage). It’s a very interesting solution, I encourage you to visit the Wasabi stand if you participate at VeeamON in Vegas (exhibitors area). With it, you can store your data by making data storage simple, affordable, fast, and secure (compliance, sovereignty). Basically, there are many use cases, such as offsite backup, especially with Veeam. Shortly, I will publish some blog posts about Wasabi with Veeam. Here’s a blog post about the Object Lock feature powered by Wasabi.
Challenges with protecting data:
Many organizations still view cloud storage as less secure than air-gapped, offline storage. These organizations feel that if data is connected to a network, it can be accidentally deleted or susceptible to ransomware. The traditional method of air gapping data for protection meant that an organization’s data was stored offline in an LTO tape cartridge or HDD that was disconnected from power sources. Retrieving data stored in this fashion could take many hours to days and is vulnerable to bit rot or damage that could ultimately destroy the data. Object Lock removes the perceived vulnerability of errant deletion or ransomware while keeping the integrity of the data, and having the data readily available and instantly accessible.
What is Object Lock?
Object Lock is a data protection feature wherein a user can designate certain files or “objects” to be immutable, meaning they cannot be altered or deleted by anyone. Via the policies of data management applications, users set an allotted time for an object to be immutable, after which it can be altered or deleted.
Why does Object Lock matter?
Because things change – especially staff. Using immutable objects ensures that information is immune from accidental or intentional deletion and alteration. It guarantees that once the information lands in the Wasabi hot storage cloud, it will remain there until the lock expires. Because cyber criminals attack backups and archives as part of their ransomware campaigns. It isn’t enough that they’re taking down the primary systems, but they’re also attacking the secondary/backup systems to ensure they get their ransom…
Because regulators check these things, all the time. It’s essential that data in regulated industries be safeguarded for compliance and consumer protection standards.
Because legal proceedings depend on a chain of custody and immutability when it comes to digital evidence, like surveillance video, now that deep fakes and altered footage have become a threat to justice.
Compliance Mode & Governance Mode
Wasabi Object Lock is available in two retention modes:
• Compliance mode
• Governance mode
With compliance mode, a protected file or object can’t be overwritten by any user or Wasabi engineer. When an object is locked in compliance mode, its retention date can’t be shortened. Immutable objects in Compliance mode will remain immutable until the end of their retention period. With governance mode, only users with special permission, such as the root user in the account can reduce the retention settings. This allows you to grant special permission to some users if necessary. Both retention modes allow users to place a legal hold on specific objects. The legal hold prevents a locked object from being overwritten or deleted once the original retention date has been reached. Legal holds on objects can be lifted by an authorized user. The object will remain protected until the retention period expires. For this reason, we recommend that users only store data in compliance mode that they are certain will not need to be changed.
Object Lock and Bucket Immutability: Two Options for Data Protection
To set Object Lock permissions you must first create a new bucket with Object Lock enabled. You can not add Object Lock capabilities to an existing bucket. In an Object Lock-enabled bucket, retention periods can be set at the object level for each individual object. Alternatively, buckets can be configured to allow for a default retention setting for all objects that are placed in them. For example, if the bucket level policy is set to retain an object for 30 days, the 30-day retention is calculated and applied as each object is added. Therefore, users do not have to set each object’s retention individually. Wasabi also supports immutable buckets. In an immutable bucket, all objects are made immutable according to a uniform set of parameters. All of the objects in the bucket share the same expiration date. There can be no variation in the retention period between individual objects. This form of data protection is a great fit for protecting archival data or primary data that may not have additional copies.
Both Object Lock and immutable buckets prevent the most common causes of data loss and tampering:
• Combat ransomware and viruses
• Avoid accidental data erasure
• Ensure regulatory compliance
• Mitigate financial risks and legal exposure
Use object immutability for greater control over individual object retention rates, and use bucket immutability for protecting large swaths of data.
Veeam and the S3-compatible object storage solutions: Blog Post
[PODCAST] Veeam User Group France #1: Record
Veeam is not affected by Log4J vulnerability: Blog Post
Conti initiates their attacks on Backup: Blog Post
Backup with Trusted Repository Storage: Blog Post.
Step by Step Guide Veeam B&R 11 Upgrade: Guide.
Veeam CDP and Application consistency: Blog Post.
Veeam improves the engine in version 11: Blog Post.
Veeam B&R v11 and ReFS: Blog Post.
Veeam B&R 11 – Continuous Data Protection: Blog Post.
Microsoft Teams Backup with VBO v5: Blog Post.
Protect your Backup against Ransomware: Blog Post.