About immutable and indelible data
NetBackup protects your data from being encrypted, modified, and deleted using WORM properties.
WORM is the acronym for Write Once Read Many.
WORM properties provide two additional levels of security for backup images:
Immutability - this protection ensures that the backup image is read-only and cannot be modified, corrupted, or encrypted after backup.
Indelibility - this property protects the backup image from being deleted before it expires. The data is protected from malicious deletion.
Configuring these WORM properties protects your data from certain malware attacks to some extent, for example ransomware.
NetBackup provides the ability to write backups to WORM storage devices so their data cannot be corrupted. Additionally, it lets you take advantage of advanced options available from your storage vendors to protect your backup data per applicable statutes.
Once the backup images are written using a WORM enabled storage unit, the data cannot be deleted until the WORM Unlock Time and it can no longer be modified. This WORM Unlock Time is set when the image is created or the image expiration period is extended.
The WORM Unlock Time (indelible end time) for a backup is equal to the image expiration time. The retention level in the policy or SLP determines the expiration time.
The only changes that are allowed to the backup image are to extend the expiration date. Be aware the backup expiration date can only be extended, it cannot be shortened. To extend the expiration date, use the bpexpdate -extend_worm_locks command. More information about the bpexpdate is available in the NetBackup Commands Reference Guide