Write-Once-Read-Many (WORM) Storage: Your Data Set in Stone
To see write-once-read-many in action, visit the Museum of Palermo. It houses the Palermo Stone–a sturdy, black piece of basalt rock with engravings about the events of its time. Four thousand four hundred forty years old, it survived unscathed to our times.
Contemporary businesses seek similar information security but face more significant threats than just the passage of time. Take ransomware — the criminal practice of encrypting data for payment. It hits organizations 1.7 million times daily, but they’re not powerless against it.
Immutable storage comes to the rescue as the only known “lightning rod” capable of deflecting ransomware. At its core lies the write-once-read-many principle — a modern take on the Palermo Stone.
What is Write-Once-Read-Many?
Write-Once-Read-Many (WORM) is a data storage technology that permits only a single, irreversible write to a medium. Once that write is complete, authorized personnel can read it, but no one can change it. In technical terms, the data in WORM storage becomes immutable.
All types of WORM storage afford the same true immutability — whether they are hardware-based or software-based. Although initially developed for optical discs, contemporary WORM storage spans virtually all kinds of media—from CDs to tapes to HDDs to the cloud.
Types of WORM storage
WORM technology dates back to the 1970s. In those days, WORM data was physically etched on optical discs using lasers. The discs ranged from 5.4 to 14 inches in diameter. Sometimes, only a dedicated device could read them.
WORM range has expanded over time and now includes:
- The cloud.
- Solid-State Storage Drives.
- Hard drives.
The line of currently available WORM-compatible media is so diverse that you might wonder which one fits your bill best. To make the decision easier, we prepared a cheat sheet with the most important facts on the various WORM media on the market (Table 1).
WORM medium | Pros | Cons |
The Cloud | Reliable, accessible, non-physical | Expensive |
Tape | High capacity, affordable | Not durable, temperature-sensitive |
Solid-State Storage Drives | High capacity, accessible | Temperature-sensitive |
Hard drives | High capacity, affordable, accessible | Temperature-sensitive |
Table 1: Comparison of WORM-compatible media
As far as WORM-compatible media go, hard drives stand out from the rest. Their only apparent drawback, which they share with almost all the other types, is temperature sensitivity. This, however, is a requirement easily met by modern IT infrastructures.
Other than that, hard drives can handle large amounts of data per second, do not drain organizational budgets, and rely on a software-based WORM mechanism, which brings in additional savings.
How does Write-Once-Read-Many work?
There are two types of WORM storage: hardware-based and software-based. Hardware-based WORM media, such as optical discs, cannot be used more than once. This makes them extremely expensive in the current, data-driven business environment.
Organizations produce so much sensitive data that storing it in single-use hardware-based WORM media proves unsustainable. A solution to this problem is a software-based approach. Under this paradigm, an authorized person disables write access at a software level. Depending on the configuration, the write access can be restored once the data no longer needs protection, which frees up the space for further use.
Do I need WORM storage?
The following questions will help you decide whether your organization needs WORM storage. If you answer “yes” to any of those questions, your organization may benefit from WORM-compatible storage.
- Are you under a legal obligation? The law requires some industries, such as finance and healthcare, to use immutable storage to prove data integrity.
- Do you want to prevent data manipulation? WORM storage provides assurance against both accidental and intentional data changes.
- Do you have an archive to protect? WORM storage ensures that historical data remains intact.
- Do you need to safeguard sensitive data? Intellectual property, trade secrets, and other types of classified information are kept safe under WORM protection.
- Are you concerned about ransomware? WORM media can straighten ransomware defense because they cannot be overwritten or encrypted.
How does WORM defy ransomware?
There’s no easy way out of ransomware. You can either stand your ground and pray for decryption while bleeding $5,600 per minute of downtime or lose anyway by paying the ransom with no real guarantees. Your best bet? Preemptive action. Pull the rug from under the ransomware and watch it tumble headfirst to the floor.
A successful ransomware attack hinges on your inability to restore encrypted files. That’s why attackers target backups—they want to push you to the edge of a cliff without a parachute. But you can glue that parachute to yourself. WORM will do the same for your backup.
WORM underpins the core and only strategy against ransomware: immutable backups. These backups use the write-once-read-many technology to make data immutable. As a result, they cannot be modified once written, so encryption slides off of them as if they were sunflower oil.
Closing remarks
WORM-compatible storage provides a great way to protect any data from unintentional changes or malicious tampering. Ransomware, in particular, looms as the leading menace of mid-size organizations. Air-gapped WORM backup is the best precaution against a ransomware attack a company can take.
The choice of the medium for WORM storage depends on the amount of data and the available budget. Hardware-based solutions can be used only once, which takes up space and incurs high costs. In contrast, software-based WORM media have greater capacity and can be reused, which makes them the better option for the economically minded with large data pools.
Ootbi from Object First is a software-based offline WORM backup appliance utilizing a set of hard drives and a hardened Linux OS to provide top-tier defense against ransomware. Explicitly designed for Veeam, Ootbi fits into a 3-2-1 backup strategy recommended as one of the best practices for data protection.