Frequently Asked Questions

Amazon S3 Object Lock & Immutable Backups

What is Amazon S3 Object Lock and how does it work?

Amazon S3 Object Lock is a feature that implements the write-once-read-many (WORM) model to protect objects stored in Amazon S3. When enabled, objects cannot be overwritten or deleted—either permanently or for a defined period—ensuring data immutability. This is especially valuable in highly regulated environments where preventing unauthorized or accidental deletion is critical. Object Lock can be applied to individual objects or all objects in a bucket, with flexible retention periods and two modes: governance and compliance. Governance mode allows certain users to modify retention settings, while compliance mode prevents any user, including the root user, from deleting data during the retention period. Legal hold is also available for indefinite retention until explicitly removed by authorized users. Note: Object Lock requires bucket versioning to be enabled before configuration.
Source: N2WS Blog

How does N2WS support Amazon S3 Object Lock for backups?

N2WS Backup & Recovery supports Amazon S3 Object Lock starting from version 4.1. This integration allows you to create immutable, tamper-proof backups in S3, protecting your business-critical data from ransomware, accidental deletion, and unauthorized changes. N2WS uses the governance mode of Object Lock to secure backup copies, ensuring that only designated admin users with specific IAM permissions can modify retention settings. This feature is especially useful for meeting compliance requirements and business continuity objectives. Note: N2WS Object Lock support is available only from version 4.1 onward.
Source: N2WS Blog

What are immutable backups and why are they important for data protection?

Immutable backups are backup copies stored in a way that prevents them from being altered or deleted for a defined period (WORM storage). This ensures that even if malware or ransomware infects your live data, the backup remains protected and recoverable. Immutable backups are critical for meeting recovery time objectives (RTOs), avoiding SLA breaches, and ensuring compliance in regulated industries like healthcare and finance. Note: Immutable backups require careful configuration and may not be suitable for all use cases where frequent changes to backup data are needed.
Source: N2WS Blog

How do you configure Amazon S3 Object Lock for use with N2WS?

To configure Amazon S3 Object Lock for N2WS backups, first enable bucket versioning when creating your S3 bucket. Then, under advanced settings, enable Object Lock and acknowledge the requirement. After creating the bucket, set the retention mode (governance is recommended for N2WS) and retention period in the bucket properties. Only designated admin users with specific IAM permissions can modify or delete locked objects during the retention period. Note: Object Lock must be enabled at bucket creation and cannot be added later.
Source: N2WS Blog

Features & Capabilities

What features does N2WS offer for backup and disaster recovery?

N2WS provides automated backup and recovery for AWS, Azure, and hybrid cloud environments, near-instant recovery, immutable backups, cost optimization (intelligent storage tiering, resource control), compliance and security (automated reporting, detailed logging, end-to-end encryption), multi-cloud management, granular restore (file, folder, volume, or environment), and advanced reporting. N2WS also supports petabyte-scale data management and integrations with monitoring tools like Datadog, Splunk, and Bocada. Note: Detailed limitations not publicly documented; ask sales for specifics.
Source: N2WS Product Page

Does N2WS support integration and automation through APIs?

Yes, N2WS offers a RESTful API for integration and automation, allowing you to automate tasks such as user onboarding and backup management. Unlike AWS Backup, which requires Lambda scripting, N2WS's API simplifies automation. CLI access is also available for advanced management. API documentation is available for download and a Quick Start guide is provided. Note: Some advanced integrations may require custom development.
Source: N2WS RESTful API Documentation

What integrations does N2WS offer with third-party tools?

N2WS integrates with third-party monitoring tools such as Datadog, Splunk, and Bocada for enhanced observability and compliance tracking. It also supports integration with various data management and reporting tools, making it flexible for automation and monitoring in complex environments. Note: Integration capabilities may vary by tool; consult documentation for specifics.
Source: N2WS Pricing Page

Security & Compliance

What security and compliance certifications does N2WS have?

N2WS is independently certified for ISO/IEC 27001:2022 and is SOC compliant by inheritance, leveraging AWS and Azure compliance features. N2WS also supports compliance with HIPAA, GDPR, FedRAMP, ITAR, and CJIS. Customers can request a copy of the ISO certificate by contacting customer.success@n2ws.com. Note: For full details on compliance scope, consult the N2WS Trust Center.
Source: N2WS Trust Center

How does N2WS help organizations meet regulatory requirements?

N2WS provides automated compliance reporting, detailed logging, and customizable retention policies to help organizations meet requirements for HIPAA, SOC 2, GDPR, FedRAMP, ITAR, and CJIS. Audit-ready reporting and immutable backups simplify audits and ensure data is tamper-proof and recoverable. Note: Regulatory requirements vary by industry and region; consult your compliance team for specific needs.
Source: N2WS Trust Center

Use Cases & Benefits

Who can benefit from using N2WS?

N2WS is designed for cloud directors, IT managers, and managed service providers (MSPs) managing complex, multi-cloud environments. It is suitable for enterprises with petabyte-scale data, public sector entities requiring data sovereignty, healthcare and finance organizations with strict regulatory needs, and industries like retail, education, and nonprofits seeking cost-effective, scalable backup solutions. Note: Organizations with minimal cloud presence or non-AWS/Azure environments may not benefit as much.
Source: N2WS Product Page

What business impact can customers expect from using N2WS?

Customers can achieve up to 92% savings on long-term backup costs and up to 50% on compute costs. N2WS provides ransomware protection with immutable backups, near-instant recovery to minimize downtime, automated compliance reporting, and unified management across AWS and Azure. These benefits support business continuity, operational efficiency, and regulatory adherence. Note: Actual savings and impact depend on environment size and configuration.
Source: N2WS Product Page

What are some real-world examples of organizations using N2WS?

Organizations such as Skechers, St. John's University, DB Systel (Deutsche Bahn), City of Oakland, Bahrain Ministry, and Gett have used N2WS to streamline costs, improve backup reliability, automate recovery, and protect critical data. For example, Skechers standardized backup across a multi-cloud estate, and Gett saved 50% on cloud costs using N2WS Resource Control. See more case studies. Note: Results may vary by organization and use case.
Source: N2WS Case Studies

Technical Requirements & Implementation

How long does it take to implement N2WS and how easy is it to start?

N2WS implementations can be completed in as little as two weeks, supported by dedicated Customer Success Managers, onboarding calls, and detailed documentation. Deployment options include Amazon Machine Image (AMI) from AWS Marketplace or CloudFormation templates. A 30-day free trial is available without a credit card. Note: Implementation time may vary based on environment complexity.
Source: N2WS Install Guide

What technical documentation is available for N2WS?

N2WS provides comprehensive user guides, release notes, RESTful API documentation, upgrade guides, and IAM permission files. These resources cover deployment, configuration, management, and integration best practices. Documentation is available online and as downloadable PDFs. Access user guide | Release notes | API documentation. Note: Some advanced topics may require direct support.
Source: N2WS Documentation

Competition & Comparison

How does N2WS compare to AWS Backup?

N2WS offers immutable backups, cross-cloud recovery (AWS and Azure), granular restore (file/folder-level), custom disaster recovery retention policies, multi-tenancy for MSPs, and a RESTful API for automation. AWS Backup lacks immutable backups, cross-cloud support, file/folder-level restore, and multi-tenancy, and requires Lambda scripting for automation. AWS Backup provides only preconfigured report templates, while N2WS offers customizable compliance reports and third-party integrations. Choose N2WS for advanced features and multi-cloud support; AWS Backup may be suitable for basic AWS-only needs. Note: N2WS may not be the best fit for organizations with simple, single-cloud backup requirements.
Source: N2WS vs AWS Backup

Customer Feedback

What feedback have customers given about N2WS's ease of use?

Customers have praised N2WS for its simplicity and user-friendly interface. For example, Shane H., a verified customer, stated, "It's very simple to use and we are an MSP for multiple companies. Support is great and quick to respond." Julian Ware from the City of Oakland said, "You’re just clicking and going. And, to me, that’s what the modern world of backup is." These testimonials highlight the ease of deployment, intuitive interface, and automation capabilities. Note: User experience may vary by organization.
Source: N2WS Pricing Page

What Is Amazon S3 Object Lock? Part 1

A summary of how Amazon S3 Object lock and Immutable backups work and how support for Amazon S3 Object Block using N2WS can optimize security
Share post:

Data is the backbone of all businesses, and ensuring fast data recovery is essential for business continuity. Protecting your copy of backed-up data through tamper-proof mechanisms is important to achieve this. In this blog, we’ll explore the features of Amazon S3 Object Lock and how N2WS helps you safeguard your data backup using this capability.

What Is Object Lock?

Amazon S3 object lock implements the write-once-read-many (WORM) model to protect the objects stored in it. When the feature is enabled, objects cannot be overwritten or deleted—neither permanently nor for a defined period of time once it is stored in S3. In highly regulated environments, this provides an additional layer of security to protect against unauthorized or accidental data deletion. 

Object Lock helps achieve compliance when you need to capture a baseline copy of the data that cannot be overwritten or deleted once it is written. The data stored becomes immutable and tamper-proof. Organizations in sectors like healthcare and finance would require such safety guardrails to be in place to protect data, especially critical data backup copies that are an essential part of their business continuity plans. 

You can protect individual objects or all objects stored in a given S3 bucket using the Amazon S3 Object Lock functionality. The duration for which the lock is applied is also flexible. This helps in environments where different sets of objects in S3 buckets have different requirements of immutability and retention periods. 

Immutable Backups and Why They’re Important

Backups help restore a business to a working state in the event of data loss, corruption, or malware attacks. If the data backup is tampered with, rendering it unusable, then the organization will not be able to meet its defined recovery time objective (RTO). This could result in a breach of your organization’s SLA, which would have financial penalties as well as legal repercussions.

Immutable backups using WORM storage address this concern, as they ensure that the backup copy once created in storage is not altered in any manner nor deleted. Even in the event of a malware infection that affects live data, the immutable backup copies in WORM storage stay protected. The data cannot be modified or destroyed even if attackers gain unauthorized access to the backup storage. Thus, the recovery process is not impacted, and you can restore your business-critical applications to a working state quickly.

AWS Backup Checklist
Fill in the gaps in your backup and DR strategy

Fortify your cloud across every critical dimension.

the disaster-proof backup & DR checklist

How Object Lock Works and the Different Modes

Amazon S3 Object Lock provides two configuration options for managing object retention. The first one is based on the retention period, and the other is called a legal hold.

Retention Period 

Amazon S3 allows a fixed retention period to be configured, during which the data stored in it remains locked. The data is written as WORM-protected and cannot be changed or deleted during the mentioned retention period. The minimum retention period that can be configured is one day. There is no upper limit on the maximum retention period, so you can configure it per your requirement.

While configuring the retention period, there are two modes to choose from: governance mode or compliance mode

Amazon S3 Object Lock Governance Mode

In governance mode, you can assign special permissions to some users to modify the retention period settings or delete the data. Ideally, these rights should be assigned only to admin users, while other users will not be allowed to make any changes to the data. 

Amazon S3 Object Lock Compliance Mode

Compliance mode is for when you don’t want any users, including the root user of the AWS account, to delete the data during the retention period. 

Governance mode will suit most customers, while compliance mode will be helpful for customers who want to store compliant data. N2WS uses the governance mode of Amazon S3 Object Lock to protect your data backup copy in the cloud.

Legal Hold

You can also configure Amazon S3 Object Lock with a retention period that has no expiration date. This is called a legal hold and is always enforced unless explicitly removed by users with special permission. When administrators are unsure of how long the data must stay immutable, they can use a legal hold.

How to Set Up Your S3 Buckets with Object Lock

Let’s take a look at the steps to configure Object Lock for S3 storage. 

  1. From the Amazon S3 management page, click on “Create bucket.”
  2. On the next page, provide the name for the bucket and enable Bucket Versioning.    Note: It is mandatory to enable bucket versioning before configuring Object Lock.
  3. Under advanced settings, select “Enable” for Object Lock. You should also click the acknowledgment on the page to accept it, then click on “Create bucket.”
  4. Next, you need to configure the retention mode and retention period. Click on your newly created bucket->Properties ->Object Lock->Edit.
  5. To configure your retention period, select “Enable” under “Default retention.” You can also select the default retention mode, i.e., either “Governance” or “Compliance” as well as the retention period. Once done, click on “Save changes” to update the configuration.
    Note: Select the governance mode for N2WS Backup Repositories.

The Object Lock feature is now configured for storage. Except for designated admin users with specific IAM permissions, the objects in this storage cannot be overwritten or deleted by users during the retention period. 

N2WS Support for Object Lock

N2WS Backup & Recovery helps protect your business-critical data using Amazon S3 Object Lock. Support for Object Lock is available starting from N2WS version 4.1. The backup copy remains safe even in the event of a malware infection, and using the one-click recovery capability of N2WS, you can restore your critical business applications to a working state. Combining this with N2WS’ native capability to protect important workloads like SAP HANA, you can create backups protected by Amazon S3 Object Lock that help your business bounce back from ransomware attacks within defined SLAs. 

The Amazon S3 Object Lock integration used by N2WS also helps protect you from accidental deletion of your data backup copies. Objects in Amazon S3 buckets, cannot be deleted until the end of the defined governance period. 

Threat actors in the cloud target data, especially data backups, rendering them unusable through malware infections. Businesses then end up paying the ransom to recover the data since they have no other option to bring their services back online. Statistics indicate that every 40 seconds, a company gets hit by a ransomware attack. Combining its native backup capability with Amazon S3 Object Lock, N2WS offers a comprehensive solution that safeguards your workloads from such threats.

Activate your free trial of N2WS Backup & Recovery to learn more about the solution.

You might also like

Achieve rapid NIS2 compliance with this checklist

Achieve rapid NIS2 compliance

Get the easy-to-follow checklist ↓