Folder (WORM) Compliance: CTERA Vault

  • 5 minute(s) read
Prev Next

WORM (write once, read many) settings ensures that data cannot be tampered with or deleted. In many industries, and especially regulated industries such as financial services and government sectors, organizations are required to store certain types of data in unalterable formats. CTERA Vault uses WORM technology to prevent editing, overwriting, renaming or erasing this data.

When a cloud drive folder is defined with WORM settings and added to the CTERA Vault, after an initial, optional, grace period, the contents of the folder can be protected from any attempt to change the folder content such as by renaming, moving, modifying, or deleting content for a specified retention period.

Any file in a folder in the CTERA Vault has the same settings restrictions when accessed by CTERA Edge filers, CTERA Drive Connect, and when accessed from an S3 Browser after the cloud drive folder is set up as a bucket, as described in Setting Up Access to Portal Content Using the S3 API: CTERA Fusion.

CTERA Drive Share/Protect (Agent) cannot sync content that is in the CTERA Vault.

Enabling CTERA Vault

CTERA provides a role, Compliance Officer and a permission, WORM that you use to manage WORM settings. The Compliance Officer role automatically has the WORM permission. You can also set the WORM permission for a Read/Write Administrator.

Only administrators with the WORM permission can set up CTERA Vault on a folder.

To enable CTERA Vault:

Setting Up CTERA Vault on a Folder

A folder can only be added to the CTERA Vault when it is created.

To protect a cloud folder with CTERA Vault:

  1. Select Global File System > Cloud Drive Folders in the navigation pane.
    The Cloud Drive Folders page is displayed.
    Image

  2. Click New Folder.
    The New Cloud Drive Folders page is displayed.
    Image

    Note

    When the portal is licensed for global file locking, a Global File Locking option is displayed in the navigation page and the cloud drive folder configuration includes the option to enable Global File Locking.
    image.png
    For details, see Configuring a Folder with File Locking.

  3. Complete the fields as described in Adding or Editing Cloud Folders without saving the new cloud drive folder.

  4. If you are a Compliance Officer or a Read/Write Administrator with the WORM permission, described in Managing Administrator Users, you can set the folder as a WORM folder.

    The WORM option can only be defined when first defining the cloud drive folder.

  5. Click the WORM tab.
    Image

  6. Slide WORM (Write Once Read Many) on to enable CTERA Vault.
    image.png

    Note

    If you do not know the required WORM settings, CTERA recommends checking WORM (Write Once Read Many) and leaving the settings as they are, except for checking the I Understand box.. In this case you will be able to edit the folder to configure compliance at a later date, but this option will not be available if you do not check WORM (Write Once Read Many).

  7. Define the required compliance:
    Grace Period – The period of time before the compliance restrictions are applied.
    Retention Mode – The level of compliance:

    • None – Files in the cloud folder, after the Grace Period, cannot be renamed or modified but they can be deleted.
    • Enterprise – After the Grace Period and for the duration of the Retention Period, the Compliance Officer or a Read/Write Administrator with the Manage Compliance Settings permission can permanently delete files. This mode is useful when the enterprise does not have external compliance regulations but wants to impose enterprise-wide regulations. In this case, compliance is enforced for everyone in the enterprise except for administrators with the Manage WORM Settings permission.
      Note

      An administrator with the Allow Files/Folders Permanent Deletion permission can permanently delete folder content with the Retention Mode set to Enterprise, even if the administrator does not have the Manage WORM Settings permission.

    • Compliance – After the Grace Period and for the duration of the Retention Period no one can delete or make changes to files in the folder.

    Retention Period – How long WORM compliance is applied.

  8. Scroll down and check the I Understand box.

  9. Click Save.
    Image

Changing the WORM Settings for a Folder

Unless WORM (Write Once Read Many) in the WORM tab was enabled when the folder was created in the New Cloud Drive Folder page, WORM settings cannot be set for the folder. If WORM (Write Once Read Many) was enabled when the folder was created, you can edit the WORM settings.

To edit a cloud drive folder in CTERA Vault:

  1. Select Global File System > Cloud Drive Folders in the navigation pane.
    The Cloud Drive Folders page is displayed.
    Image
  2. Click the WORM folder to edit.
    The folder page is displayed with the folder name as the page title.
  3. Click the WORM tab.
    The CTERA Vault configuration is displayed.
    Image
  4. Edit the compliance settings:
    Grace Period – The period of time before the compliance restrictions are applied. Changes to the Grace Period only apply to content added to the folder after the change. Existing content complies with the old setting.
    Retention Mode – The level of compliance. The Retention Mode can be changed from None to Enterprise or Compliance and from Enterprise to None or Compliance but Compliance cannot be changed.
    Retention Period – How long the compliance has to be applied. Changes to the Retention Period only apply to content added to the folder after the change. Existing content complies with the old setting. When the Retention Mode is Compliance the Retention Period can be extended but not shortened.
  5. Click Save.

The changes only apply to new files added to the cloud folder and not files that are already in the cloud folder.

Attempting to Break WORM Settings

If an attempt is made to change content that is in the CTERA Vault, an error is displayed and written to the audit log.

Note

When the Retention Mode is set to Compliance, when attempting to permanently delete content, the permanent deletion process will delete all the files marked for permanent deletion, including all previous versions of these files, until the first file that is in the CTERA Vault that cannot be deleted. The permanent deletion process will then stop.

Examples

  • Attempting to delete a file:
    image.png
  • Attempting to rename a file:
    image.png

Viewing Compliance Content Details

As an administrator with the Manage Compliance Settings permission you can display details of the content in the CTERA Vault.
When displaying the folder that has compliance set, clicking the image.png icon displays content details as well as WORM details in a separate tab.

  • For a single item, which includes the retention mode and when the compliance period ends:
    image.png
  • For multiple items:
    image.png

CTERA Vault Log Entries

If an attempt is made to change content that is in the CTERA Vault, an error is written to the System log.

Note

Attempting to rename a file in the CTERA Vault is logged as a Move operation.

Related articles
  • Folder (WORM) Compliance: CTERA Vault
    Product Documentation > CTERA Portal > 8.2.x (GA Version) > Team Administrator Guide > Managing Portal Folders and Folder Groups > Managing Cloud Drive Folders
  • Folder (WORM) Compliance: CTERA Vault
    Product Documentation > CTERA Portal > 8.1.x (GA Version) > Team Administrator Guide > Managing Portal Folders and Folder Groups > Managing Cloud Drive Folders
  • Adding or Editing Cloud Folders
    Product Documentation > CTERA Portal > 8.3.x (8.3.3000.x GA and 8.3.3300.x EA Version) > Team Administrator Guide > Managing the Global File System > Managing Cloud Drive Folders