Data immutability – the next line of defence against ransomware

The next line of defence against ransomware

A healthy backup strategy is an important defence against ransomware infection. But as cyber criminals get smarter, backups are also under attack; auto-sync technologies risk replicating and overwriting your backups

Enter data immutability, a technique that dramatically improves the security of your backups.

Old concept, new name

Immutable backups are designed to be unchangeable after creation. Your immutable data repository or file system can only be written to once – at the point of creation. Providing the correct backup software is in place, the archive cannot be overwritten, amended or appended to – which means that ransomware cannot corrupt it.

The concept of data immutability is not new, even if the term is only now entering common usage. Write Once Read Many (WORM) backups are a common feature of backup tapes and optical disks for instance. Both these media types are effectively “tamper proof”, not least because they are then physically separated from the rest of the network too (see our blog on air gaps for more information).

Why does immutability matter?

Modern hardware design has made it hard to lose data through equipment failure or human error. Hardware features like RAID disk arrays are specifically designed to prevent data loss, even in the most catastrophic circumstances.

Unfortunately, ransomware impacts the data and not the hardware protection in place, which is why immutability needs to be an aspect of your data protection routines.


Compliance is built on trust, and trust is built on reliable data. Even if ransomware obliterates production files, your organisation must retain a workable backup from which to recover.

Choosing immutable storage ensures that your data is still accurate following a disaster and that your organisation is meeting its data protection obligations. There will almost always be a clean, current copy of your data ready for recovery.

Significant cost savings

Downtime is incredibly expensive, averaging £59,960 per hour – and that is on top of the ransom demanded by the malware. Being able to begin restoration from a trusted backup immediately will help to reduce downtime and the overall cost of an infection.

Immutability has applications across a range of industries, such as:

  • The legal industry can maintain and prove chain of custody
  • The science and research industry can trust their measurement data is as accurate as it was at the point of collection
  • Healthcare records can be stored securely, in line with relevant data protection and privacy laws
  • Financial transaction data is protected against tampering, protecting customers of banks and financial services providers.

Wherever mission critical data is stored, immutability provides an additional layer of security against loss or tampering.

Words of warning

Immutable backups are just one part of a wider data protection strategy and should be planned for accordingly. Immutability cannot protect against physical damage to infrastructure like that caused by fire, floods or deliberate tampering for example, so you will still need additional to maintain multiple copies offsite.

Your backup plans will also need to address specific questions such as, how long will your tamper-proof data need to be retained for? This is an important issue to address as the cost of storage will escalate as the volumes increase – particularly when dealing with large files.

It is also important to ensure that your immutable backups are being scanned as they are created to ensure bad code and malware is not being included in the archive.  Failing to complete this most basic of checks could compromise the backup entirely, rendering it untrustworthy and effectively useless.

To reiterate, immutability is just one element of an effective data protection strategy. Established principles like the 3-2-1 protocol still apply – although you can add a further layer of immutability to better protect your archives against ransomware and other external threats. This is particularly true as hybrid infrastructure, and therefore increased complexity, becomes the norm. You can read more about this in our eBook: Effective data protection in a hybrid environment.

Get a no-obligation, independent review of your backup strategy by taking advantage of our free backup health check today