Data has become a global currency, and its value has nowhere to go but up.\u00a0 According to The Economist online, the world\u2019s most valuable resource is no longer oil, but data. The volume and velocity of data creation are astounding, and some estimates say that something like a self-driving car can generate 100 gigabytes per second. In response, industrial companies like GE and Siemens have positioned themselves as data firms.\r\n\r\nTo maintain, and even grow this value, data pedigree must be beyond reproach. Protecting this pedigree is generally refer to as immutability and describes a property of being unchanging or unable to be changed over time.\u00a0 Immutability is especially essential in law enforcement where prosecutors rely on data to prove their case. This property may also be one reason why The Justice Department is changing its approach to collecting data stored in the cloud. After taking a closer look at this growing trend, guidance from the DOJ\u2019s Computer Crime and Intellectual Property Section of the Criminal Division directs prosecutors to\u00a0go directly to agencies and organizations when seeking access to their data rather than to the cloud service provider storing the information. Preparing for these increasingly inevitable inquiries, government agencies should now closely review their current cloud data storage vendor\u2019s data immutability service level agreement.\r\n\r\nThe new guidance advises prosecutors to seek data from the agency when doing so would not compromise the investigation. This is because some providers may not have the capability to preserve and disclose information or have full access to an enterprise\u2019s data. Under\u00a018 U.S.C. \u00a7 2703(f), however, the Government could approach a cloud-service provider directly to preserve data without agency prior knowledge.\r\n\r\nAgencies must also be able to identify a legal contact within the organization that is knowledgeable of cloud-based storage and able to assist law enforcement with contacting the appropriate CSP point of contact. This is crucial to any requirement associated with interposing privilege or other objections to the collection of data. Failure to have such a contact in the organization could also be a reason for the DoJ to seek data directly from the cloud-service provider without agency participation.\r\n\r\n\r\n\r\nThreats to the immutability of data put into the cloud include:\r\n\r\n \tData deterioration caused by the use of inappropriate storage technology\r\n \tIntrusion by an external agent which could lead to data breach or loss\r\n \tA malicious employee programmer changing production code to allow intrusion\r\n \tPhysical removal or destruction of data\r\n \tRandom disk failures could result in data loss if there isn\u2019t sufficient redundancy\r\n \tData could suffer from \u201cbit rot\u201d and deteriorate if it is not checked and refreshed on a regular basis\r\n\r\nWhen reviewing a cloud service provider\u2019s SLA, ensure that none of the provider\u2019s employees can change application code on a production system without first undergoing thorough review and testing. The data centers themselves must also contain appropriate physical security using things like biometric access control and man-traps. The data should also be extremely durable guaranteeing at least 11 nines. The provider should also periodically read every data object every 90 days to detect and automatically correct any random errors.\r\n\r\nWasabi is one of the few cloud service providers capable of meeting these minimum data immutability standards. Management of its data storage service is built around two simple rules:\r\n\r\n \tNo one person should be able to destroy data that is in an immutable bucket; and\r\n \tNobody should be able to touch a production system anonymously.\r\n\r\nThis means when using Wasabi immutable buckets, no one can delete or alter your data\u2013not even a systems administrator.