The ifs and buts of S3 storage

A good repository for your digital archive is hugely important. We told you that in our previous blog. What is important is the realization that large players in the marketplace do not necessarily have their affairs (and therefore those of their customers) in order. Recently, NAS storage from Qnap was in the news: they were hacked and used to send spam and ransomware mail. By which we want to underline that disruptions and cybercrime occur at all levels.

S3 and immutable flags

The Amazon S3 protocol is a storage protocol for cloud services. It is widely used, obviously in the cloud, but also on premise. Our Silent Bricks also support this protocol. It is a universal and freely accessible storage protocol, so nothing wrong so far. The protocol also supports a so-called immutable flag, which is used in many archive storages. With an immutable flag set, you can no longer modify data written away, at least not via the S3 protocol. You can also accomplish that on your own storage, and it is done. For example, such an immutable flag expires after ten years, so you have ten years of retention time. The S3 protocol ensures that you cannot change your data before that time expires. All fine, but there are snags.

Two marches

There are two “buts. The first but: your data are in storage somewhere. On a Qnap, Silent Brick or whatever. If someone has access to the storage environment, although that person cannot change the S3 data, they can delete the entire storage. So suppose you have a box of stuff. You can’t open the box and take stuff out, but you can throw the whole box away. So you have to make sure that you secure access to the management interface very well.

Time Travel

Much more exciting is the second but: playing with time. As mentioned, with an immutable flag, the S3 data cannot change in, say, ten years. But: how does storage know that the ten years are not over yet? This is done using a time server. If you want to delete data, you can mess with the time server so that the S3 storage thinks the ten years are already up. Reasoning the other way around, then, is to prevent cybercriminals from playing with time.

Here’s how it is at Silent Bricks

Silent Bricks have a mechanism that monitors that the time cannot have more than a certain deviation: you cannot change the time for more than three minutes each day. Before you then move the clock ten years, you are a lot of time away. Not worth the effort. Thanks to such security mechanisms, the data is truly “immutable.