Backups stored with write-once-read-many (WORM) policies that prevent any modification, encryption, or deletion — even by administrators — for a defined retention period.
Immutable backups use storage-level or software-level enforcement to prevent any changes to backup data after it is written. Once a backup is created and the immutability lock is applied, it cannot be modified, encrypted, or deleted — not by ransomware, not by a compromised administrator account, and not by the backup software itself. The data remains locked until the retention period expires, at which point it can be automatically purged according to policy.
Cloud storage providers offer immutability through features like AWS S3 Object Lock, Azure Blob Immutable Storage, and Google Cloud Retention Policies. On-premises solutions include purpose-built backup appliances with immutable storage tiers and hardened Linux repositories with immutable flags. The key advantage over traditional backups is that immutability protects against insider threats and compromised credentials — even if an attacker gains admin access to the backup system, they cannot delete immutable backups.
Immutable and air-gapped backups solve the same problem (preventing ransomware from destroying backups) through different mechanisms. Air-gapped backups use physical isolation — the media is disconnected. Immutable backups use logical protection — the data is online but cannot be changed. Many organizations use both: immutable cloud backups for fast recovery and air-gapped tape backups as a last resort. The ideal backup architecture layers both approaches for maximum resilience.