{"id":78195,"date":"2023-09-05T11:47:08","date_gmt":"2023-09-05T15:47:08","guid":{"rendered":"https:\/\/www.commvault.com\/?p=78195"},"modified":"2024-12-19T10:28:56","modified_gmt":"2024-12-19T15:28:56","slug":"what-is-data-immutability","status":"publish","type":"post","link":"https:\/\/www.commvault.com\/blogs\/what-is-data-immutability","title":{"rendered":"What is Data Immutability?"},"content":{"rendered":"\n
Cyber threats continue to evolve and become more persistent. Worldwide spending on security solutions and services is expected to reach nearly $300 billion in 20261<\/sup> – a 37% increase from current spending, indicating the increasing threat level. Surprisingly, despite greater awareness and investment, 83% of organizations have experienced more than one data breach in their lifetime2<\/sup>. These numbers highlight the crucial need for recovery readiness, with data security a top concern as cloud storage becomes the popular option for offsite backups.<\/p>\n\n\n\n Immutability is defined as \u201cthe ability of any data to be maintained in a non-fungible state for a specific duration of time\u201d. Data<\/em> immutability can be attained via various methods working in conjunction with each other. An immutable architecture, then, is a model in which no updates, security patches, or configuration changes happen \u201cin-place\u201d on production systems. If any change is needed, a new version of the architecture is built and deployed into production. Immutability protects within, as well as outside of the backup solution.<\/p>\n\n\n\n Organizations need an immutable architecture to ensure their data is safe and secure and, more importantly, ready whenever they need to restore it. Immutability is a proven technique used to reduce cyber-attacks on backup data and ensure that backup copies aren\u2019t changed in any way.<\/p>\n\n\n\n The best indicator that you have a reliable backup solution is your ability to recover data quickly. This comes partly from proper planning and architecting your backup and recovery solution. However, this can be a difficult challenge when your data is up against so much opposition. In the past, hardware failures, natural disasters, and human error were likely \u201ctop of mind\u201d outage threats. Today, ransomware and insider threats have taken over as top concerns. It\u2019s apparent that planning and architecture design is not enough; today\u2019s backup and recovery solution must be immutable, so you have peace of mind that your data is safe.<\/p>\n\n\n\n There is an essential distinction between mutable and immutable infrastructure when protecting valuable data. Traditional mutable infrastructure is more flexible and allows for updates and integrations to be made quickly, but this can also make it easier for cybercriminals to access and manipulate data. <\/p>\n\n\n\n These bad actors often target businesses through data breaches, which can have severe consequences such as reputational damage, loss of revenue, and legal problems. This is where an immutable architecture comes in, offering a more secure and tamper-proof solution to protect data from internal and external threats.<\/p>\n\n\n\n Immutable storage is essential for any organization to protect its business-critical or private data. This is especially important for industries like healthcare, finance, and law, which have strict legal and regulatory requirements to safeguard sensitive data from unauthorized access or tampering. Immutable storage helps organizations comply with requirements like those put forth by the SEC, CFTC, and FINRA related to the recording, storage and retention of electronic records and facilitates easy recovery in case of data loss or corruption.<\/p>\n\n\n\n With every environment having its own mix of infrastructure, securing backup data against random unauthorized changes can seem challenging. Therefore, Commvault has taken an agnostic approach to immutability. Leveraging a hardened, multi-layered approach to data protection, we provide robust controls that prevent various types of threats to backup data and ensure copies are highly recoverable from accidental deletion or malicious attack. Natively, all backup data is protected at the storage level. Backup copies and operations live in a virtually air-gapped location, in an isolated security domain, decoupled from source environments. Retention locks can also be applied to prevent unwarranted modifications to data retention policies.<\/p>\n\n\n\n With Commvault Cloud, you do not need special hardware or cloud storage accounts to lock backup data against ransomware threats. If you happen to have Write-Once, Read Many (WORM), object lock, or snapshot supported hardware (which Commvault fully supports), you can still use Commvault\u2019s built-in locking capabilities to complement and layer on top of existing security controls. Having the ability to layer security controls across different infrastructure types is what places Commvault\u2019s immutable solution ahead of the competition.<\/p>\n\n\n\n Multi-factor authentication, AES 256 bit at-rest encryption, firewalls, and other zero-trust access controls block internal and external movement of data by unauthorized parties. All security protocols employed adhere to security best practices and are based upon NIST 800-53, SOC2 type II, and ISO27001:2013 guidelines and compliance requirements.<\/p>\n\n\n\n With built-in zero-trust security protocols, Commvault Cloud meets the most stringent confidentiality, integrity, and availability standards for government agencies and business, alike.<\/p>\n\n\n\n Commvault\u2019s machine learning platform extends immutable protection capabilities by providing a proactive platform for detecting and responding to threats accordingly. We employ a multi-layered approach to protect against various threat vectors and ensure data is safe and include storage locking to combat ransomware and Zero trust AAA controls up and down the backup and recovery stack to provide comprehensive protection. Isolation and air gapping utilizes TLS encrypted network topologies and infrastructure is hardened to reduce the attack surface.<\/p>\n\n\n\n At a high level, the Commvault platform includes these seven layers combined with immutable cloud storage:<\/p>\n\n\n\nThe need for immutability<\/h2>\n\n\n\n
Mutable vs. Immutable<\/h2>\n\n\n\n
Immutability for regulatory compliance<\/h2>\n\n\n\n
Commvault Cloud is immutable by default<\/h3>\n\n\n\n
Commvault Cloud\u2019s immutable infrastructure architecture<\/h2>\n\n\n\n