Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

AirGap immutability and WORM lock: what does this mean for resilience?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 10141
Topic starter  

TL;DR: AirGap is immutable by design and supports WORM lock across cloud targets such as Amazon S3 Object Lock and Azure Blob immutability policies, according to Commvault, while also arguing that backup TCO must include compute and operational overhead, not storage alone. The practical question is no longer whether immutable backups exist, but whether teams have validated real recovery behaviour under attack conditions.

NHIMG editorial — based on content published by Commvault: AirGap immutability, WORM lock support, and backup resilience claims

Questions worth separating out

Q: How should organisations test whether immutable backups actually survive an attack?

A: They should test the full recovery path, not just the backup job.

Q: Why does WORM lock change the way backup costs should be evaluated?

A: WORM lock creates retention that cannot be optimised like mutable storage, so the right cost model must include infrastructure, compute, operations, and restore validation.

Q: What do security teams often get wrong about immutable backups?

A: They often treat immutability as proof of resilience.

Practitioner guidance

  • Validate immutability at the storage layer Test whether protected backup objects remain unchangeable across the exact storage targets you use, including cloud object storage and any on-premises repositories.
  • Model full backup total cost of ownership Include compute, infrastructure, operational overhead, and restore validation effort when comparing immutable backup designs.
  • Exercise recovery under attack conditions Run restore simulations against production-like data and measure whether backups survive malicious deletion, credential compromise, and constrained recovery windows.

What's in the full article

Commvault's full analysis covers the operational detail this post intentionally leaves for the source:

  • Specific claims about AirGap immutability and how the platform describes its WORM lock behaviour across supported storage targets.
  • The vendor's own discussion of storage overhead, compute costs, and why it argues total cost of ownership is broader than capacity alone.
  • Details of the Get Real Challenge and how the vendor frames real-world validation of backup and recovery performance.
  • The article's FAQ section, which answers implementation questions about immutability, cloud targets, and resilience testing.

👉 Read Commvault's analysis of AirGap immutability and backup resilience →

AirGap immutability and WORM lock: what does this mean for resilience?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 9696
 

Immutable backup claims only matter when the restore path is equally defensible. A backup platform can prevent modification at rest and still leave organisations exposed if the recovery workflow is weak, overly privileged, or too brittle to survive a real attack. The governance question is not whether immutability exists in isolation, but whether the identity and operational controls around restore can be trusted under pressure. Practitioners should treat backup resilience as an end-to-end control, not a storage feature.

A few things that frame the scale:

  • 88.5% of organisations acknowledge that their non-human IAM practices lag behind or are merely on par with their human identity and access management efforts, according to The 2024 Non-Human Identity Security Report.
  • Only 19.6% of security professionals express strong confidence in their organisation's ability to securely manage non-human workload identities, a confidence gap that often shows up first in privileged recovery paths.

A question worth separating out:

Q: Who should be accountable for backup immutability and restore access?

A: Backup immutability and restore permissions should sit under identity governance, not storage alone. The teams that can change retention settings, manage object-lock policy, or run restores are holding privileged access and should be reviewed accordingly. PAM, access review, and separation-of-duties controls all apply here.

👉 Read our full editorial: Commvault AirGap immutability raises the bar for backup resilience



   
ReplyQuote
Share: