Sign in to my dashboard Create an account

Get immutable storage with SnapLock on a native AWS file service

Meet regulatory compliance, protect your data from ransomware, and enhance security.

front view of a building with pillars and grass in front of the building

Share this page

Jean Banko portrait
Jean Banko

Amazon Web Services (AWS) recently announced support for NetApp® SnapLock® Compliance and NetApp SnapLock Enterprise on Amazon FSx for NetApp ONTAP. FSx for ONTAP is the first and only fully managed file storage service in the cloud that offers immutable storage (WORM protection) for your data.

What is immutable storage?

Immutable storage ensures that data remains static and cannot be tampered with, modified, or deleted for a specified retention period. Although it can be applied to various storage media, including SSDs and HDDs, the cloud makes immutable storage more accessible and flexible.

Trust and compliance are the two pillars of immutable storage. Immutable storage is particularly valuable for organizations seeking to meet regulatory requirements, maintain data integrity, reduce the impact and spread of cyberattacks, and isolate data so that it’s virtually impervious to ransomware.

NetApp and immutable storage

For more than 25 years, NetApp has been a leader in data protection and security. Many on-premises NetApp customers are familiar with our WORM capability using NetApp SnapLock, part of our proven NetApp ONTAP® storage software. SnapLock offers high-performance, disk-based data permanence for both SSD and HDD deployments, making electronic records both unalterable and rapidly accessible. SnapLock provides two retention modes:

  • SnapLock Compliance. This mode is certified to meet stringent records-retention requirements, such as SEC Rule 17a-4, FINRA, HIPAA, and CFTC. Only deliberate destruction, such as physically removing disks from a NetApp system, can result in record deletion before the specified expiration date.
  • SnapLock Enterprise. Similar to SnapLock Compliance, this mode provides protection but allows a trusted administrator to delete SnapLock Enterprise volumes or files, equivalent to physically destroying an optical platter.

SnapLock offers additional capabilities like Legal Hold, Event-Based Retention, and Volume Append Mode, which allows you to incrementally append files while locked for use cases like audio and video surveillance or logging. SnapLock combines data retention with high performance and innovative storage efficiency technologies like deduplication and compression, simplifying archive management and reducing storage requirements.

SnapLock support on FSx for ONTAP

AWS recently announced support for SnapLock Compliance and SnapLock Enterprise on FSx for ONTAP, making immutable file storage readily available in the cloud. Use SnapLock to commit files to WORM storage and set retention periods for WORM-protected data, satisfying regulatory requirements and corporate compliance mandates. With SnapLock, you can:

  • Gain secure retention and adhere to compliance mandates for government or heavily regulated industries.
  • Gain secure retention for business to avoid disruption and to refute false consumer claims.
  • Guard against ransomware and prevent malicious deletion by a rogue administrator. SnapLock prevents the encryption of files by bad actors, thus foiling a ransomware attack before it can take hold.
  • Securely retain audio and video surveillance recordings, emergency phone records, and log files using the WORM-protected data storage technology.

SnapLock Compliance and SnapLock Enterprise offer the following modes:

  • File locking. You can create nonrewritable, nonerasable data on FSx for ONTAP, preventing alteration or deletion until a predetermined retention date. This supports litigation hold and event-based retention, and lets you incrementally append files while remaining locked.
  • Compliance regulations. SnapLock is certified to meet stringent industry compliance requirements, such as SEC Rule 17a-4, FINRA, and CFTC.
  • File retention. SnapLock Compliance is certified to meet strict records-retention requirements, maintaining data permanence and integrity until the specified expiration date. SnapLock Enterprise supports corporate best practices and requirements not covered by regulatory mandates, allowing a trusted administrator to delete SnapLock Enterprise volumes or WORM files before their retention period expires.
  • Replication. FSx for ONTAP integrates with NetApp SnapMirror® technology, enabling you to securely replicate WORM data for compliance purposes while continuing to enforce retention periods.
  • Backup. FSx for ONTAP supports backing up SnapLock volumes.
  • Tiering. You can tier infrequently accessed data in SnapLock volumes to capacity pool storage to lower costs.

Security and compliance certifications

Cohasset Associates compliance assessments are highly regarded in regulated industries. They evaluate the modes and capabilities of vendor solutions and company implementations in comparison to stringent data compliance requirements detailed by regulatory bodies, self-regulatory organizations, and industry standards.

Cohasset asserts that FSx for ONTAP, when properly configured and used with the SnapLock mode in Compliance mode, has functionality that meets the electronic recordkeeping system requirements of SEC Rules 17a-4(f)(2) and 18a-6(e)(2) and FINRA Rule 4511(c), and also supports the regulated entity in its compliance with SEC Rules 17a-4(f)(3)(iii) and 18a-6(e)(3)(iii). Additionally, the assessed functionality of FSx for ONTAP meets the principles-based requirements of CFTC Rule 1.31(c)-(d).

Learn more

You can create SnapLock volumes on all new and existing file systems in all AWS Regions where FSx for ONTAP is available. Existing file systems will get SnapLock support during an upcoming weekly maintenance window. For full details, visit the AWS announcement.

Jean Banko

Jean Banko is senior manager, Product Marketing at NetApp. She is responsible for advancing the company’s global marketing strategy and strengthening market recognition for NetApp’s portfolio on the AWS Cloud.

As a veteran of the cloud computing, AI/ML, and storage industry, Jean has more than 25 years of experience leading and implementing successful global product marketing, product management, and marketing strategies.

View all Posts by Jean Banko

Next Steps

Drift chat loading