The release of the Nutanix Files™ 4.2.1 software version adds support for compliance level WORM within Files Storage Service of Nutanix Unified Storage. If you recall from our 4.1 release we introduced support for WORM (see the blog here Nutanix Files Episode 4.1 - A Security Story). In the 4.1 release, Files introduced support for Enterprise or Governance level WORM allowing customers to store files in a write-once-read-many state.However, a user can still be granted access to conduct what are called “privileged deletes”. The privileged access allows operators with the proper permissions the ability to expire a WORM file before the retention timer elapses. This could be fine for organizations where the business requirements are not aligned or not needed to adhere to regulatory requirements to retain WORM stored data in a locked state until the policy expires. However, the ability to delete data before WORM policy expiration is not acceptable for heavily regulated industries that require some or all of their content to be retained unmodified in their WORM state.
As a result, the Enterprise or Governance level WORM capability is not sufficient to satisfy requirements for WORM stored data in more regulated industries such as banking finance, healthcare, government, etc. Customers in these regulated markets need to adhere to regulations such as SEC Rule 17a-4(f), FINRA rule 4511(c), or the principle-based requirements of CFTC Rule 1.31(c)-(d). This level of WORM storage is known as “Compliance” support. What this means simply is that once a file “cools” off and is bound to a WORM policy it must remain in that state until a defined period of time elapses. You are no longer granted the ability to conduct a privilege delete. Short of a natural disaster or similar data center impacting event, files stored on compliance level shares will remain and can’t be removed until the policy timer expires.
You might be thinking, so how can I be sure that my content will remain frozen and keep me in compliance? When a vendor is building a WORM based feature, there is an independent 3rd party evaluation and certification process that the product must undergo. For Nutanix Files that 3rd party was Cohasset Associates, a leading professional services company specializing in records management and information governance consulting services.Cohasset assessed the Nutanix Files v4.2.1 software’s capabilities against five requirements related to the recording and non-rewritable non-erasable storage of electronic records, as detailed in the leading regulations listed earlier. Cohasset’s full report is available and can be downloaded here. Through their independent review and validation, Cohasset’s team demonstrated that Nutanix Files can provide the necessary capabilities to store and retain electronic records in a manner compliant with regulations within the securities broker-dealer industry.
So how does this work: how would you create immutable file sets? It starts by creating a new share on your Nutanix file server (note: existing shares or exports are not supported for defining WORM settings). When creating the share you will need to specify an optional setting labeled “worm_compliance” and set the value to “true”. This will enable the legal hold capability and set up the share so that no users are allowed to delete or modify content until the WORM retention period expires. There are a few other options that will need to be set, which are outlined below (for a full list of options and an example of the commands, consult the Nutanix product documentation for v4.2.1 available on the Nutanix customer portal):
- worm_enabled (true or false) - this enables the feature on the share you are creating
- worm_cooloff_interval (default is 10mins) - specified in seconds, dictates long after a file is saved and closed before its frozen
- worm_retention_period (default is 52 weeks) - specified in seconds, this is how long the file will remain in WORM state until it can be removed.
The flow works a little like this: A user writes a file into a WORM-enabled share. Once saved and the file is closed, a cool-off period begins. This cool off period provides an opportunity for content to still be changed. Once the cool-off period timer expires, the file will transition into a locked state, becoming read-only…a.k.a. WORM. If the file share was defined with “worm_compliance=true” that file will remain read-only until the worm_retention_period timer expires. This helps preserve the state of the file and allows a business to comply with retention regulations such as those outlined earlier.
Nutanix Files can now assist in your data retention needs with WORM, with or without legal hold. For more information on the Nutanix Unified Storage™ offering, head on over to https://www.nutanix.com/solutions/consolidated-storage or reach out to your local Nutanix or Partner teams.
This post was written by Marc Waldrop, Principal Product Manager
2023 Nutanix, Inc. All rights reserved. Nutanix, the Nutanix logo and all Nutanix product, feature and service names mentioned herein are registered trademarks or trademarks of Nutanix, Inc. in the United States and other countries. Other brand names mentioned herein are for identification purposes only and may be the trademarks of their respective holder(s). This post may contain links to external websites that are not part of Nutanix.com. Nutanix does not control these sites and disclaims all responsibility for the content or accuracy of any external site. Our decision to link to an external site should not be considered an endorsement of any content on such a site. Certain information contained in this post may relate to or be based on studies, publications, surveys and other data obtained from third-party sources and our own internal estimates and research. While we believe these third-party studies, publications, surveys and other data are reliable as of the date of this post, they have not independently verified, and we make no representation as to the adequacy, fairness, accuracy, or completeness of any information obtained from third-party sources.
This post may contain express and implied forward-looking statements, which are not historical facts and are instead based on our current expectations, estimates and beliefs. The accuracy of such statements involves risks and uncertainties and depends upon future events, including those that may be beyond our control, and actual results may differ materially and adversely from those anticipated or implied by such statements. Any forward-looking statements included herein speak only as of the date hereof and, except as required by law, we assume no obligation to update or otherwise revise any of such forward-looking statements to reflect subsequent events or circumstances.