Tape Storage

Virtual Tape Data Immutability with LWORM

By LIZBETH RAMIREZ LETECHIPIA posted Wed February 24, 2021 10:54 AM


Data Immutability, or tamper-proof storage, prevents any attacker, external or internal, from changing or deleting data. IBM TS7700 offers Logical write-once-read-many-times (LWORM) to protect data from logical corruption, both from malicious attacks such as ransomware and from inadvertent mishaps.[1]

LWORM is a software-emulated SEC Rule 17a-4(f) compliant, virtual equivalent of the WORM capability that is available on physical tape media. This LWORM technology creates immutable copies of data. After the data is written, it can never be altered, no matter how many times it is read. This makes the data secure (or immutable) against both malware and internal threats. While the TS7770 does not have nor interact with DS8900F Safeguarded Copy to guarantee immutability of the data, the LWORM capability prevent overwriting and reduce the risk of data loss due to human error.

The IBM TS7700 has strengthened its LWORM functionality by incorporating retention as part of the LWORM function.  When TS7700 creates its LWORM volumes, DFSMS HDR1 retention policies are created and never modified. This prevents tapes from being deleted for a fixed amount of time or “forever”. TS7700 LWORM technology provides organizations with two important benefits. First, it ensures compliance assurance for data that requires it. Second, it creates well-protected copies of data that can be used for normal data stores, even if compliance is not specifically required.

TS7700 is also implementing an LWORM Retention Protection capability that enables you to modify the retention mode and retention period on your virtual tapes.

LWORM Retention Protection helps you comply with industry regulations on data that you must retain for compliance purposes. Additionally, LWORM Retention Protection enables environments that are subject to SEC 17a-4, CTCC, and FINRA regulations, which also require WORM storage. LWORM Retention protection works for virtual tapes that are archived and can be configured at the pool (a logical collection of tapes) level using API. TS7700 Retention Protection period begins when a virtual tape is archived, by ejecting or exporting it from the backup application, and once the virtual tape is in archived status.

To help support the long-term retention of reference data and meet requirements of regulatory bodies worldwide, microcode capabilities enable TS7700 solutions to support a virtual equivalent of write-once-read-many (WORM) functionality. Of course, tape offers the advantage of portability, which allows for a physical “air gap” between data and online hackers, providing a uniquely effective safeguard against cyber attacks.

IBM TS7700 is leader in disaster recovery storage for IBM Z mainframe environments. Its virtualization engine provides unique capabilities that are specifically tied to how z/OS operates and how typical tape workloads operate. Find out more mission critical capabilities that IBM TS7700 Virtual Tape library can offer to your mainframe environments here.


[1] ESG, Jack Poller, Enhancing End-to-end Cyber Resilience in IBM Z Whitepaper, August 2020