virtualhome.blog My blog about virtualized infrastructures, backup and disaster recovery topics and the cloud !
Related Articles
Immutable Storage is not enough may be a little sensationalist, but I would like to explain and elaborate on why I see it that way. This is not a Clickbait blog post, but rather an explanation and elaboration. I want to make sure to listen on “terms” and “buzzwords” carefully.
What does Immutability mean
If you really translate what Immutability means, it basically a functionality which means you cannot modify things. The word comes from the Latin “immutabilis” — “not changeable”. The other way around, Mutable from Latin “mutabilis” means “changeable”.
So Immutability refers to a fixed, unchangeable state. Once something, for example a backup has been created its content, the file, or the structure remains the same forever or for a given “immutability period”.
However, this means Immutability has some major advantages, especially in the Data Protection / Storage World.
- It prevents accidental or malicious changes on purpose to sensitive data
- It makes behaviour on systems somewhat predictable, because you know that nothing changes under the hood
-
It helps with ensuring compliance, which is mostly used for Audits
Let’s introduce a new term now
As a german native speaker, it’s a very hard to pronounce that word, but I rather want to talk about “Indelibility” than Immutability.
Let’s define Indelibility real quick.
The word comes from Latin “indelibilis”, from in- (not) + “delere” (to destroy, erase). So it literally means “cannot be erased.” This means you cannot delete it, in ANY case. This is the important part and also a very big difference between those two terms.
What’s the difference, really ?
The difference between those two terms is actually a very interesting but also significant one.
The problem with the term immutability is that is commonly adopted and used as the “go to term” for protection of storage data especially in the data protection space. It prevents unauthorized modifications, however and that is the key difference, it does not prevent deletion. Immutability only ensures, that data cannot be changed or altered. Cyberattacks and ransomware however often target backup data first and try to simply delete it rather than trying to modify it. Of course, without a privileged user, immutable data like on an immutable XFS system cannot be deleted. But once you reach “Persistence” and have a privileged user, you are able to delete that “immutable data”.
Ultimately, Indelibility means, that data simply cannot be deleted. Not by accident and not by a malicious actor until a defined retention period or policy is met.
I’m not saying, and I want to emphasize that again, that immutable data can always be deleted. However, in some cases, like an XFS file system, it is feasible. You simply need root access to do so. This also applies to other examples like commits in a GIT repository. Commits might be immutable in the history, but you can still rewrite history with git filter-branch or git gc –prune. Another example would be Amazon S3 and Object Lock in Governance Mode. Normal users cannot delete it, but users / administrators with special permissions can ovverride governance mode. As you can see there are many more examples here you could think of when you define the term “immutability” correctly.
Key technologies we are talking about in the data protection and storage world are obviously the following: Object Lock on S3, WORM, Retention Policies and Legal Holds as well as Air-Gapped Backups.
Why is Indelibility more important than Immutability ?
When we talk about an incident, a ransomware attack or any other malicious happening, the belief to get 100% clean data is simply wrong. That in fact is the key difference for me at least why Indelibility is way more significant than Immutability.
In then end, I want at least to have “some” data with which I can start recovering, cleaning or bringing back online from, than no data because it has been deleted !
Especially in the era of threat detections, anomaly detection and systems which can predict disasters happen, there is not a guarantee that you get 100% clean data.
What do I want to say ultimately ?
The key distinction is the action being prevented: changing vs. deleting.
Indelibility is not automatically included in Immutability. They are two distinct, though often related, concepts in data protection. While the terms are frequently used together or even interchangeably in marketing, they technically prevent different actions.
First, Immutability is not enough for data resilience. Indelibility and having at least some data left because it couldn’t be deleted. Data which cannot be deleted but maybe cleaned is still almost always better than immutable data which could have been deleted.
Furthermore, I want to encourage people to listen. Is the feature / functionality “Immutability” or “Indelibility” ? Try to uncover marketing buzzwords, and especially try to avoid that “Immutability” is the holy grail and only this word exists.
Why Immutability is not enough
If you have read until here, you know that I’m trying to uncover the terms in marketing and what they technically do. Furthermore, we all agree on that Immutable Storage itself is not enough to achieve Cyber Resiliency. When I present the topic Cyber Resiliency in total, I always use the “symbol” of an onion.
An onion perfectly describes how an environment should be protected – in layers. In the middle of that onion is your data. As many layers as you can introduce to an IT architecture, the harder it gets to break it. Layers in this case means, security / immutability and indelibility features and functionalities. That being said, Immutable storage is not enough 🙂 In the end, all those layers reflect protective shields to the most important thing – your data.
I hope you understood this kind of sensationalist post, but I think it really matters to actually understand what a buzzword / term does exactly and that a single buzzword / term is not enough!
