Cyber resilience:
Cyber resilience is a concept that brings business continuity, information systems security and organizational resilience together. The concept describes the ability to continue delivering intended outcomes despite experiencing challenging cyber events, such as cyberattacks, natural disasters or economic slumps. A measured level of information security proficiency and resilience affects how well an organization can continue business operations with little to no downtime.
IBM Storage Protect ver.8.1.18 introduces support of WORM Object storage using S3 object Lock:
To help protect containers in an existing cloud environment, from being deleted or overwritten, enable cloud data lock when you define the storage pool. Cloud data lock leverages Immutable Object Storage feature for Write Once Read Many (WORM) storage, which offers protection for data that is stored in the bucket. The bucket must specify a default retention period and an Object Expiration rule must not be assigned to the bucket. An object that is locked cannot be overwritten or deleted until its lock expires. The retention mode that is specified on the bucket determines the rigidity of the object lock.
The S3 Object Lock has two Object Locking modes: Governance and Compliance.
Governance Mode allows for some administrative users to delete objects that are locked. This mode is the default in IBM Storage Protect, as it is the least restrictive.
Compliance Mode allows NO ONE to delete the objects once they are locked. This mode can be turned on for cloud providers by setting it as the default mode on the bucket on cloud provider side. IBM Storage Protect will detect this setting and then use it when writing new objects to the bucket.
When the server writes a container to cloud storage, a lock expiration date for the container is calculated based on the lock duration. As more files are backed up, deduplication processing might create more references to data extents within the container. As new references are added, the container's lock expiration is recalculated based on the most-recent file that is referencing the container.
IBM Storage Protect supports both the locking modes as mentioned above.
References:
https://www.ibm.com/support/pages/ibm-spectrum-protect-object-storage-support
https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock.html#object-lock-overview