SnapLock is NetApp’s implementation of WORM (Write Once Read Many) storage to meet compliance requirements for data retention and prevent tampering or deletion. There are two main SnapLock modes with different capabilities: compliance mode and enterprise mode.
Quick Answers
The key differences between SnapLock compliance and enterprise mode are:
- Compliance mode offers stricter WORM capabilities to meet regulatory compliance needs like SEC 17a-4 and HIPAA.
- Enterprise mode provides data permanence but allows deleting files during the retention period if absolutely necessary.
- Compliance retains metadata and restricts changes; enterprise allows metadata changes.
- SnapLock compliance volumes can only be deleted after the retention period expires; enterprise volumes can be deleted anytime.
- Compliance uses cryptographic deletion protection; enterprise relies on standard NetApp volume protection.
In summary, SnapLock compliance mode prioritizes regulatory compliance with inflexible WORM storage. SnapLock enterprise provides more flexibility for general data permanence needs.
What is SnapLock Compliance Mode?
SnapLock compliance mode is designed specifically to meet stringent records retention regulations in heavily regulated industries like financial services, healthcare, and government. It implements non-modifiable WORM storage according to the SEC 17a-4 and HIPAA compliance standards.
The key capabilities of SnapLock compliance mode include:
- Committed WORM retention – Data cannot be changed or deleted during the defined retention period.
- Non-erasable, non-rewritable – Even administrators cannot alter protected data.
- Retained metadata – Timestamps, permissions, and other metadata cannot be altered.
- Cryptographic deletion protection – Prevents deleted file data from being recovered.
- Volume protection – Volumes can only be deleted after retention expiry, not before.
- Tamper-proof audit logs – Logs are protected from changes.
- Strict retention policies – Minimum 1 year retention, up to 70 years.
Compliance mode enforces very strict WORM principles to satisfy both the letter and intent of regulatory compliance statutes. Records cannot be tampered with during their retention period.
Use Cases
SnapLock compliance mode is suited for these regulated use cases:
- Financial trade records subject to SEC 17a-4.
- Protected health information under HIPAA privacy regulations.
- Department of Defense data retention requirements.
- Food and drug safety records governed by FDA 21 CFR Part 11.
- Life science data falling under other strict regulatory statutes.
Essentially any records that must be preserved unaltered according to legal or compliance mandates are good candidates for SnapLock compliance mode.
What is SnapLock Enterprise Mode?
SnapLock enterprise mode provides WORM capabilities for general data permanence needs rather than strict compliance requirements. It prevents accidental or malicious deletion but allows more flexibility than compliance mode.
The key capabilities of SnapLock enterprise mode include:
- Long-term retention – Data permanence for the defined period.
- Protection from deletion -Files can’t be deleted without an override.
- Modification of metadata – Timestamps and permissions can be changed.
- Allows file deletions – Files can be deleted with a policy override.
- Standard volume protection – Volumes are protected but can be deleted anytime.
- No cryptographic deletion – Deleted files can potentially be recovered.
- Minimum 7 day retention – No set maximum retention period.
Enterprise mode offers more flexibility than compliance, while still preventing accidental deletion and providing data permanence assurances.
Use Cases
SnapLock enterprise mode is well suited for these general use cases:
- Data archives that need to be kept for a set period.
- Backup repositories where deleted backups must not be possible.
- Historical records that should be kept intact.
- Log data and audit trails that must be retained.
- Scientific data that needs to persist unaltered.
SnapLock enterprise works for any data that needs guaranteed retention, but doesn’t require the strict governance of compliance mode.
Comparison of SnapLock Compliance vs. Enterprise Mode
This table summarizes the key differences between SnapLock compliance and enterprise modes:
Capability | SnapLock Compliance | SnapLock Enterprise |
---|---|---|
Retention strictness | Absolute retention lock | Prevents deletion without override |
Retention period | 1-70 years | 7 days – no limit |
WORM | Non-erasable, non-rewritable | Deletions allowed with override |
Metadata changes | Prohibited | Permitted |
Deleting volumes | Only after expiry | Allowed anytime |
Deleted file recovery | Cryptographically prevented | Potentially possible |
Use cases | Regulated data retention | General archiving needs |
Conclusion
In summary, SnapLock compliance and enterprise modes serve complementary purposes:
- SnapLock compliance implements immutable WORM storage to meet legal and regulatory retention requirements.
- SnapLock enterprise provides general WORM capabilities for long-term archiving without strict retention locks.
- Compliance focuses on non-erasable, non-rewritable data protection for regulated records.
- Enterprise allows more flexibility like metadata changes but still prevents accidental deletion.
When selecting between the two, consider your specific data retention needs. For regulated data like financial and healthcare records, SnapLock compliance is required. For general archival needs, SnapLock enterprise offers useful permanence with fewer restrictions.