What is write once read many (WORM) compliant storage?

Protection October 17, 2022
BlogHeroImage

Organizations accumulate a lot of data, but sometimes they need or want to store that data in an unalterable way.

A non-profit might want to periodically store it’s financial information this way for legal reasons. A university might want to store graduation records this way in case an accident destroyed the physical records. Businesses might want unalterable records to prevent tampering that could cover up a fraud.

A common approach to this is called write once read many, or WORM, compliant storage. With a name like that, it’s no surprise that people struggle to understand it.

We’re here to help you get a handle on it. Let’s go!

What Is Write Once Read Many?

The simple explanation is that it’s immutable storage. You can write data to the storage device or media precisely one time. After that, no one can legitimately change the data in any way.

 

A simple version of WORM storage is a CD-R disc. You can write data to the blank disc, but then it’s stuck that way forever. You can damage or destroy the disc to deny someone access to it, but you can’t change the data that’s stored on it.

What WORM storage does allow is multiple readings of the data. Assuming the disc or drive isn’t damaged, there’s no real limit to how often you can read the data.

Software-Based WORM Compliant Storage

The real challenge today is that there is so much data. Even the terabytes of capacity available on some Blu-ray drives isn’t enough in an age where many businesses measure data in petabytes.

 

The answer to the problem is software-based systems that mimic the attributes that make physical media WORM. The software needs to accomplish four essential things.

·      It must only allow data to be written onto a drive once.

·      It must prevent anyone from deleting that data.

·      It must keep records of both data writing and access, to ensure no one tampers with the data.

·      It must allow anyone with the proper credentials to read the data on demand.

This solves the size problem you get with the physical media storage. A server equipped with this software secures the data while offering the storage capacity of hard drives.

This makes it feasible for businesses to keep write once read many storage in-house, or for cloud storage companies to offer it as a service.

Redundancy

One real concern about WORM compliant storage is data loss.

Let’s say you burn something to a CD to make sure you’ve got it in a form no one can alter. Let’s say you store it on-site, but the building burns down. Now you don’t have the CD or the computer.

If you’re committed to physical media, it means you need to plan ahead. To be safe, you need at least two copies of the CD, DVD, or Blu-ray discs. One of those copies needs to be in off-site storage.

Since you’re probably storing sensitive information, security is the main problem with this approach. Anywhere but a safety deposit box makes the discs vulnerable. If you have any customer data stored, it could open you up to liability if the discs get stolen.

Redundancy is easier with a cloud storage service. They can store the data on multiple servers in multiple locations to prevent data loss. This type of redundancy is standard practice at many cloud storage providers.

If you’re concerned about data loss, you can always ask what kind of redundancies your provider offers.

WORM Records Retention

If you’re hanging onto records for legal reasons, such as financial and tax records, there’s a built-in expiration date. In most cases, you won’t need to keep them for more than 7 years.

 

If you’ve just stored them on a CD or some other physical media, you can destroy the media.

When you store it in the cloud, you’ll need to set up retention periods. Simply put, this is a feature in the software unlocks the data after a set period of time. After the data unlocks, you can delete it or have the company delete it for you.

Depending on your storage needs, you’ll want to check and see what kind of retention options a company offers. You might want to keep permanent digital copies of someone’s correspondence but only store financial records for a period of time. In that case, you’ll want a company that offers more granular control of retention periods.

If you just need to store one group of files for a fixed period of time, you can probably get away account level retention periods.

Do I Need WORM Compliant Storage?

Unless your business is in securities or health care, which fall under SEC rules or HIPAA privacy rules, you’re probably not legally required to have write once read many compliant storage.

Legal requirements aren’t the only reasons to make use of WORM compliant storage. If you want to archive records of historical value, WORM storage makes sense for you.

If you’re worried someone on your staff is doctoring your business records, unalterable copies can help to prove or disprove the fear.

It could even serve as a way to safeguard proof of trade secrets or intellectual property at a particular point in time.

Parting Thoughts

Write once read many compliant storage gives organizations a way to secure information in a form that no one can tamper with. This can happen with something as simple as a CD-R or with software-driven cloud storage.

The choice of media often depends on the scale of the data. You can store a handful of documents on physical media without trouble. Petabytes of data need a robust in-house storage ecosystem or a cloud storage provider.

If you choose to use a cloud storage service, be sure to ask about their retention period options and redundancies.

NetBackup SaaS Protection offers WORM storage that can meet your needs, even if you’re operating under SEC, FINRA, FDA or other compliance regulations. For more information about how we can help your organization, contact us today.

blogAuthorImage
Dave Henry
Product Marketing Manager, Veritas Alta SaaS Protection