What Is Immutability?  

Immutability ensures that backup data cannot be changed or deleted for a defined period of time. When enabled in BDRShield, immutability protects restore points stored in object storage against:

• Ransomware attacks

• Malicious insider activity

• Human error or accidental deletions

This gives you the confidence that your backups will always remain intact and available for recovery.

Supported Technologies  

BDRShield leverages the native immutability features of object storage platforms:

• Amazon S3

• S3-Compatible Storage (Wasabi, MinIO, etc.)

Protection is provided using Object Lock and Versioning features.

Immutability Period  

The immutability period is the duration (in days) during which backup data is locked and cannot be deleted.

• Ensures enough time to detect and recover from malicious actions.

• A longer immutability period provides more recovery flexibility but also consumes more storage.

SafeZone Period in BDRShield  

BDRShield introduces an additional safety buffer called the SafeZone period.

• Default: 10 days (for all object storage repositories)

• Configurable: Can be adjusted based on organizational needs

  Effective Immutability = Configured Immutability Period + SafeZone Period

This ensures protection even beyond the configured duration, guarding against accidental or malicious deletions.

Effective Immutability Calculation  

The actual lock applied to backups is calculated dynamically:

Actual Lock End Date = Configured Immutability Period + SafeZone Period − Days Since First Backup

 Example (Configured = 3 days, SafeZone = 10 days)  

•  Aug 1 backup:

• Configured = 3 days

• SafeZone = 10 days

• Total = 13 days → Locked until Aug 13

• Aug 2 backup:

• Still locked until Aug 13

• Effective lock length = 12 days

• Aug 3 backup:

• Still locked until Aug 13

• Effective lock length = 11 days

   All backups created between Aug 1–10 remain locked until Aug 13.
   From Aug 11 onward, a new immutability cycle starts (13 days from Aug 11 → locked until Aug 23).

This rolling calculation ensures consistent protection across schedules.

 Retention Policy and Object Lock Release :

BDRShield immutability works together with retention policies to provide strong data protection while also making sure storage is used efficiently.

• Retention policy decides how many restore points (backups) should be kept.

• When this limit is reached, older backups are marked for cleanup.

• But the cleanup can only happen after the immutability lock period ends, ensuring that important data is never removed too early.

Example: Retention = 3 days, Immutability = 3 days, SafeZone = 10 days  

1. Aug 1 backup is retained until Aug 4.

2. On Aug 4, it is marked for cleanup.

3. However, immutability + SafeZone keeps it locked until Aug 13.

4. On Aug 14, the backup is removed from storage.

5. Remaining data is re-locked until Aug 23.

This mechanism ensures protection while avoiding unnecessary storage usage. SafeZone allows batch cleanup and relocking, improving efficiency and reducing costs.

 
Why the SafeZone Matters ?

Without the SafeZone buffer, locks would expire and extend on a daily basis, leading to frequent and unnecessary operations:

• Example without SafeZone (Immutability = 3 days):

• Aug 1 → locked until Aug 3

• Aug 2 → locked until Aug 4

• Aug 3 → locked until Aug 5

• On Aug 4,  vacuum deletes the data which is marked to delete based on the retention policy [Affected Aug 1 Recovery point ] and valid data's object locking would be extended to Aug 7

• On Aug 5,  Aug 2 is cleaned up and extended to Aug 8

• … and so on.

This creates a chain of frequent lock extensions, causing:

• Higher API call costs

• Increased cloud storage access overhead

• More complexity in lock management

By contrast, with the SafeZone:

• Data locks are extended in bulk at SafeZone intervals.

• Reduced repetitive operations.

• Optimizes cloud costs while maintaining security.

 Representation of Immutability (Object Locking) With and Without Safe Zone: 

Best Practices: Retention vs. Immutability  

BDRShield recommends the following:

• ✅ Immutability ≤ Retention

• Ensures data is locked only as long as it is needed for restores.

• ✅ Enable SafeZone

• Provides additional protection buffer and reduces overhead.

⚠ If Immutability > Retention:

• Objects remain locked longer than needed.

• Leads to higher storage consumption without recovery benefits.

  Optimal Strategy: Align immutability with retention while leveraging SafeZone for efficiency and cost savings.