Types of Immutable Data Vaults - Zerto

Types of Immutable Data Vaults

Est. Reading Time: 3 minutes

When we think of the concept of immutable data vaults (IDV) as it relates to data protection, the first thought that comes to mind is: is the data secure and safe? Typically, that is the case—unless the data was somehow compromised prior to it being converted to its immutable state. We all know how important it is to have safe, secure copies of our data, but a common afterthought is how to recover immutable data, and the efforts and time that go into recovery. Cyber vault solutions that ensure both secured data storage and reliable fast recovery are the best options.

Immutable data vaults are designed to store data in a way that prevents any alterations, deletions, or unauthorized changes to the data once it is stored. This is particularly important for industries with strict data retention and compliance requirements, such as finance and healthcare. Several types of immutable data vaults are used in the realm of data protection:

  1. Storage Array-Based: Write once, read many (WORM) storage systems are one of the most common types of immutable data vaults. When we look at array-based immutability options there are typically two industry-standard categories: “governance mode,” where copies cannot be altered or deleted except by super-admins, and the stricter “compliance mode,” whereby copies cannot be altered or deleted by anyone, including super-admins and support.
  2. Cloud Storage-Based: Some cloud storage providers offer WORM capabilities as a service. Most of these capabilities are enabled on the cloud object storage level via an “object lock.” You can find these capabilities on many of the cloud providers, such as AWS and Azure.
  3. Distributed Ledger Technology (DLT) Vaults: DLT is a broader term that includes blockchain but can also encompass other forms of distributed ledgers. DLT can be used to create immutable data vaults where data is distributed across multiple nodes, making it difficult to alter. One of the most common DLT’s is Hyperledger Fabric.
  4. Immutable File Systems: Some operating systems and file systems offer features that make it extremely difficult to modify or delete files once they are written. This can be used to create immutable data vaults on a system level. At the OS level, there are several ways to achieve immutability, and there are immutable operating systems that can provide some of the highest levels of security such as BottleRocket, Talos Linux, and Flatcar.

While these types of data vaults are great, they are even more beneficial when paired with an isolated recovery environment (IRE). An IRE is a dedicated, secure recovery environment equipped with resources to verify and recover data from an immutable data copy. Immutable data architecture means that data, once written, can never be changed, and so it cannot be encrypted by ransomware.

An IRE with immutable storage does not replace a traditional data protection tool but is meant as a tertiary solution for critical data. Gartner recognizes the value of combining these two types of technologies together and says, “Isolated recovery environments (IREs) with immutable data vaults (IDVs) provide the highest level of security and recovery against insider threats, ransomware, and other forms of hacking.

Take the next step in data vault security and ensure that your data is both protected and recoverable by combining both an immutable data vault and an isolated recovery environment together to achieve rapid air-gapped recovery. This can be done with the Zerto Cyber Resilience Vault which is a purpose-built IRE and IDV combined into a single solution.

Watch this brief video to understand the concepts of the Zerto Cyber Resilience Vault, or for a deeper dive, visit the Zerto Cyber Resilience Vault page.


Andrew Silva
Technical Marketing Manager for Competitive Intelligence

Andrew Silva is a seasoned professional in the field of technology and marketing, currently serving as a Technical Marketing Manager for Zerto, a Hewlett Packard Enterprise company. With over a decade of experience in architect and engineering roles, Andrew has established himself as an expert in various domains, including data centers, cloud computing, virtualization, data protection, and security. With a strong focus on customer success, Andrew is committed to helping organizations optimize their technology investments and achieve their business goals. He thrives on the opportunity to educate and empower customers, enabling them to leverage the latest advancements in technology for increased- efficiency, reliability, and security. Outside of work, Andrew cherishes quality time with his family and enjoys the simple pleasures of country living. He embraces the challenges and rewards of maintaining a small hobby farm. And is a passionate professional who combines his technical expertise, marketing acumen, and love for the countryside to make a positive impact in the technology industry.