Why Use Immutable Storage?
Data has become a global currency, and its value has nowhere to go but up. According to The Economist online, the world’s most valuable resource is no longer oil, but data. The volume and velocity of data creation are astounding, and some estimates say that something like a self-driving car can generate 100 gigabytes per second. In response, industrial companies like GE and Siemens have positioned themselves as data firms.
To maintain, and even grow this value, data pedigree must be beyond reproach. Protecting this pedigree is generally refer to as immutability and describes a property of being unchanging or unable to be changed over time. Immutability is especially essential in law enforcement where prosecutors rely on data to prove their case. This property may also be one reason why The Justice Department is changing its approach to collecting data stored in the cloud. After taking a closer look at this growing trend, guidance from the DOJ’s Computer Crime and Intellectual Property Section of the Criminal Division directs prosecutors to go directly to agencies and organizations when seeking access to their data rather than to the cloud service provider storing the information. Preparing for these increasingly inevitable inquiries, government agencies should now closely review their current cloud data storage vendor’s data immutability service level agreement.
The new guidance advises prosecutors to seek data from the agency when doing so would not compromise the investigation. This is because some providers may not have the capability to preserve and disclose information or have full access to an enterprise’s data. Under 18 U.S.C. § 2703(f), however, the Government could approach a cloud-service provider directly to preserve data without agency prior knowledge.
Agencies must also be able to identify a legal contact within the organization that is knowledgeable of cloud-based storage and able to assist law enforcement with contacting the appropriate CSP point of contact. This is crucial to any requirement associated with interposing privilege or other objections to the collection of data. Failure to have such a contact in the organization could also be a reason for the DoJ to seek data directly from the cloud-service provider without agency participation.
Threats to the immutability of data put into the cloud include:
- Data deterioration caused by the use of inappropriate storage technology
- Intrusion by an external agent which could lead to data breach or loss
- A malicious employee programmer changing production code to allow intrusion
- Physical removal or destruction of data
- Random disk failures could result in data loss if there isn’t sufficient redundancy
- Data could suffer from “bit rot” and deteriorate if it is not checked and refreshed on a regular basis
When reviewing a cloud service provider’s SLA, ensure that none of the provider’s employees can change application code on a production system without first undergoing thorough review and testing. The data centers themselves must also contain appropriate physical security using things like biometric access control and man-traps. The data should also be extremely durable guaranteeing at least 11 nines. The provider should also periodically read every data object every 90 days to detect and automatically correct any random errors.
Wasabi is one of the few cloud service providers capable of meeting these minimum data immutability standards. Management of its data storage service is built around two simple rules:
- No one person should be able to destroy data that is in an immutable bucket; and
- Nobody should be able to touch a production system anonymously.
This means when using Wasabi immutable buckets, no one can delete or alter your data–not even a systems administrator.