In a nutshell: Immutable backups block delete and overwrite commands at the storage level using cryptographically protected timestamps, ensuring that even compromised administrator accounts cannot destroy backup points before the retention period expires.
Immutable backups are unalterable data backups that have established themselves as a central defense technology against modern ransomware attacks. They use the WORM principle to protect written data from deletion and modification for a defined period of time—even if attackers gain administrative rights.
Modern ransomware attacks follow a targeted two-phase approach: After attackers gain administrative rights, they first compromise the backup infrastructure—deleting historical backup points or encrypting backup repositories completely—before attacking primary systems. The goal is to deprive organizations of recovery capabilities and thereby force them to pay ransom.
Immutable backups address this security gap through a technical procedure in which written data backups are anchored absolutely unchangeable and undeletable in the file system for an exactly defined period of time. Neither a compromised administrator account nor ransomware with highest privileges can lift this lock before the retention period expires—neither physically nor logically.
The foundation is formed by the classic WORM principle (Write Once, Read Many). While this was previously realized via physical media with mechanical write protection, modern cloud-native infrastructure implements software-defined immutability through API controls and hardware-level storage gates. The storage controller monitors a cryptographically protected timestamp at the lowest level. Incoming delete or overwrite commands are consistently blocked by the storage medium’s operating system and rejected with an error code—regardless of the initiator’s administrative rights.
In object storage systems such as Amazon S3, immutability is primarily controlled via S3 Object Lock. The system differentiates two security modes: Governance Mode allows delete and modification operations by regular users and compromised services, but rejects lock modifications. Specific accounts with explicit administrative special permission (such as the s3:BypassGovernanceRetention permission) can still circumvent this restriction. Compliance Mode, on the other hand, prevents all changes and deletions by all accounts without exception.
The National Institute of Standards and Technology (NIST) identifies Data Integrity and prevention of unauthorized deletion as critical pillars of cyber resilience. For CISOs, immutable backups thus form a technically enforced control layer at the storage level that is not subject to administrative errors or compromises.
Source: www.it-daily.net · Published June 16, 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrasing and classification by Lumi News Pipeline v1.7.1.