Protection of your objects and backup data with the S3 Object Lock

26. May 2020

With the S3 Object Lock, objects are stored in a WORM model (WORM = write-once-read-many). WORM protection makes sense if it is absolutely necessary that objects or data cannot be changed or deleted.

Regardless of whether an enterprise has to comply with regulations, for example in the financial or healthcare sector, or whether copies of important business documents are simply to be backed up; NetApp's S3 Object Lock offers unalterable storage and protection against the deletion of objects and data.

Benefits of NetApp StorageGRID Object Lock

  • With the StorageGRID Object Lock, companies can prevent an object from being deleted or overwritten for a certain time or indefinitely.
  • The object lock helps to fulfill legal requirements that require WORM storage
  • A further level of protection against object changes and deletions can also be added (particularly useful for ransomware attacks, for example)
  • There are no additional costs for using this function

Example for the successful use of the Object Lock

Many enterprises which use StorageGRID of NetApp profit today also from the WORM function.

Protection against ransomware attacks

shield virus regular

The WORM function provides additional protection for objects. In the event of a ransomware attack, objects cannot be encrypted or deleted, which leads to increased protection of these objects.

Protect unchangeable documents

file archive regular

The WORM function is helpful everywhere where unchangeable recordings must be stored and a certain retention period must be kept. If for example a row of recordings must be stored ten years and another row only five years, the two rows of recordings can be provided with the respective desired storage duration. This means that the retention period of different objects within the same bucket in S3 can be adjusted to the desired length.

Retaining objects in the same storage resource

save obect storage s3


The S3 Object Lock also provides high flexibility for companies that keep a large number of objects in the same storage resource and only want to apply locks to a subset of them.

Options for managing the retention of objects

NetApp's S3 Object Lock provides two ways to manage the retention of objects. These are the retention periods on the one hand and the legal retention periods on the other.

Retention periods
A retention period protects an object for a fixed period. During this period, the desired object is protected against manipulation and cannot be overwritten or deleted. To do this, a retention period must be defined, which is provided with a time stamp in the object's metadata by StorageGrid S3. This shows when the retention period expires. The object can only be overwritten or deleted after the defined retention period has expired, unless a legal retention period has also been defined for the object. A retention period is defined either in number of days or in number of years.

Legal retention periods
Thanks to the S3 Object Lock it is possible to define a legal retention period for objects. The legal retention periods also prevent objects from being overwritten or deleted. Retention periods are valid until they are removed.

Legal retention periods are to be considered independently of retention periods. If the object lock is activated for the bucket that contains the object, legal retention periods can be defined or removed, regardless of whether a retention period has been defined for the specified objects.


Does the S3 Object lock sound interesting for your company? We would be happy to guide you through the process.

Michael TrutmannMichael Trutmann
Solution Architect & Consultant
michael.trutmann@itpoint.ch
+41 41 798 80 48

Blog