Worm storage, the immutable solution

Blogs and Articles

Various information security requirements and regulations dictate or suggest that organizations use WORM storage for data they cannot afford to lose.

January 4, 20207 mins
Digital Solutions Overview

Organizations use WORM (Write Once, Read Many)-compliant storage to satisfy industry regulations, mitigate risks and address information security.

WORM Storage for Data That Must Live On

WORM (Write Once, Read Many) storage includes all media that allow organizations to write data one time, to be read and used as often as needed. Various information security requirements and regulations dictate or suggest that organizations use WORM-compliant storage for data they cannot afford to lose.

The other benefits of WORM-compliant storage make it the go-to technology for preserving data long-term. For example, WORM offers a selection of media types that keep it affordable while making it immutable, using hardware or software approaches.

WORM-compliant storage has scaled up as data continues to accumulate exponentially. Scalable solutions are an essential addition to organizations' options.

WORM Storage for Availability, Integrity and Risk

For information security, organizations must maintain data availability, integrity and confidentiality. People must be able to access the data, or it has no value. They need to have the correct data to achieve reliable results and to avoid risks associated with incorrect or flawed data. Organizations must also protect data for the sake of people's privacy and to avoid the risks associated with openly publishing or misusing the data.

Organizations can maintain data availability and integrity with WORM-compliant storage so that no one can erase, corrupt or alter the data for the required retention period, and so those who have access rights can read and use the data unhindered. They also can maintain confidentiality with encryption for data at rest, which typically offers WORM-compliant storage options.

The costs when data changes or ceases to exist are high. Not only can data loss or alteration lead to lawsuits, fines and other expenses, but organizations also suffer direct losses based on the value and utility of the data and in the case of permanent loss. Data loss can doom an organization when it can't continue business processes that depended on the data. In fact, only 6% of organizations that suffer significant data losses survive longer than two years, according to Gartner.

Specific data is required to be available for eDiscovery; thus, organizations must be able to locate all the relevant data so they can produce it at the court's request. Organizations must also be able to audit their approach to maintaining data for eDiscovery to prove that they kept all the data. WORM-compliant storage aligns with this audit requirement, too.

Satisfying Regulations and Avoiding Fines

Most organizations adopt WORM storage to meet some regulatory requirement. WORM-compliant storage plays a vital role here. Securities and Exchange Commission rule 17a-4 requires brokers and dealers to retain protected financial data such as account numbers, credit cards and transaction details for a period further specified by the Commission. Brokers and dealers must keep some information for five to seven years or longer to meet FINRA rules. The finance industry uses WORM-compliant storage for this purpose.

When finance data changes or disappears, FINRA and the Securities and Exchange Commission can levy fines and penalties against the data's caretakers. Penalties can be millions of dollars. In 2016 alone, FINRA fined 12 organizations $14.4 million for failing to protect records against alteration, which they could have done using WORM-compliant storage.

Corporations use WORM storage to comply with the Sarbanes-Oxley Act as it relates to long-term, unalterable data storage. Healthcare providers use WORM-compliant technologies to preserve elements of medical records that the HIPAA act protects. In both cases, data caretakers who fail to meet these requirements can face fines and penalties.

The National Institute of Standards and Technology (NIST) suggests WORM-compliant storage as an option for guarding the integrity of data at rest in federal information systems as part of its Special Publication 800-53, SC-28 Protection of Information at Rest, where it states that "integrity protection can be achieved, for example, by implementing Write-Once-Read-Many (WORM) technologies." NIST 800-53 is a commonly recommended standard for organizations inside and outside the U.S. government that must meet the highest security standards and regulatory requirements.

The Benefits of Write Once, Read Many Storage

WORM storage is ideal for any data that organizations must preserve as-is for many years. WORM media are available with native write-once capabilities and in formats that use hardware or software to enforce the write-once feature.

The availability of WORM media in so many formats ensures that customers find the solution that best suits their needs. Some media are easier and cheaper to scale than others, for example. It is common to find storage arrays that allow companies to set write-once capabilities for only a portion of the overall storage media so they can make the most of storage purchases through adaptability.

Write Once, Read Many Storage Scales Up

Data is accumulating at an alarming rate. People create 2.5 quintillion bytes of data daily, and that rate is increasing. WORM storage is scalable at a pace that keeps up with data's unwieldy rate of expansion. WORM technologies can provide organizations with technical expertise and human capital to contain their data and relieve them of investment in capital expenditures.