Why Immutability Should Be a Standard Feature in Cloud Storage
Data is the new gold in our digital society, and the loss of it can cause panic or serious consequences. Recently, I saw an article about the Oakland, CA, police department losing 25 percent of its body cam videos due to someone pushing the wrong button and accidentally deleting files during a software upgrade.
The Oakland example is about human error, but who can forget the WannaCry ransomware attack and compromised data returned for a fee? Scary for certain, and all too common, but easily preventable with something new to disk-based storage called “immutable buckets.”
“Immutability” means that data, once written, cannot be deleted or altered for a pre-determined length of time – or in some cases, forever. It’s the protection of content from accidental or malicious destruction or alteration.
Immutability is by no means a new concept in security. Paper documents signed in pen and ink and locked away in secure vaults is conceptually similar and has long been the gold standard in the legal world. In the digital world, IT folks make backup tapes and store them in bank vaults or secure warehouses. While taking media off-line and storing it in a bunker is a good way to protect it from accidental erasure or from being overwritten, it also makes the data so difficult to retrieve that it’s almost useless.
In the last few years, developments in encryption and security technology have made it possible to create immutable storage from ordinary computer disk drives. Here’s how it works: when you create a storage bucket (similar to a folder in the PC world), you can flip a switch and make that bucket immutable, meaning any data stored in that bucket cannot be erased or modified for some pre-determined length of time – a highly desirable feature that should be baked into any data storage option.
Why is this a huge improvement in data security? Most people in the IT world worry about equipment failure as the likely cause of data loss. This used to be a real problem, but not so much anymore. Loss from equipment failure is called “durability,” and it is usually expressed in “nines”, e.g., 99.999 percent, or “five nines.” Amazon S3, for example, has 11 nines of durability. In other words, if you stored a million one-megabyte files with Amazon, statistically you might lose one file every 659,000 years. There is so much redundancy built into these systems that actually losing a file almost never happens. People obsessing over the durability of this or that storage system are barking up the wrong tree.
My years at Carbonite (a company I founded) taught me that even the best run shops lose data every day – but most of it is due to 1) human error, 2) malware and ransomware, 3) bugs in application software that accidently overwrite or delete data, and 4) employee or insider sabotage. However, if you store data in immutable buckets, all of those risks disappear. If you try to delete or modify data stored in an immutable bucket, you just get an error message. The WannaCry virus would have zero impact on immutable data.
So, what’s the downside of immutability? Well, if you can’t erase data, it means you’re stuck paying for the storage even if you no longer need the data. Before you put data into an immutable bucket, you need to reconcile yourself with the value of doing so. As the cost of immutable data storage drops, the cost/benefit equation shifts dramatically. Even if you can’t clean up data that is stored in immutable buckets, who cares if it’s super cheap? It’s probably not worth the effort even if you could get rid of data that you no longer need.
Some data are so valuable that immutability is a no-brainer. For example, the movie Avatar cost $237 million to produce. In the end, all you have to show for it is about a petabyte of data. That’s a valuable data set and you’re probably never going to throw it away. If you had the option of storing it immutably so that some overworked IT person couldn’t mistakenly push the wrong button and destroy it, it would be a no-brainer.
Here’s another example, the LSST telescope in Chile goes online next year. The telescope itself cost over $1 billion to construct and all you have to show for it will be roughly 18 terabytes of data every night that will be mined by astronomers for decades to come. If you lose that data, you’ve essentially lost a big chunk of that billion dollars. Why take a chance with accidents, malware, sabotage, hardware failures, etc.? In cases like these, immutability would still be a bargain.
I feel this way about the videos of my kids when they were growing up. I’d gladly pay to have them stored in an immutable bucket if it really meant that I couldn’t accidentally delete them.
Making electronic data immutable has been something of an afterthought until recently. But with massive growth in data, and the risk of another global ransomware attack looming, I believe that immutable storage must become a standard feature in cloud storage. And as prices drop, the case for immutability becomes even more compelling.
David Friend is CEO of Wasabi.