Protecting data from deletion (accidental or intentional) is a key compliance component that touches
every industry. MinIO supports a complete range of functionality including object locking, retention, legal
holds, governance, and compliance. Object locking can be used in conjunction with MinIO versioning to
eliminate the risk of data tampering or destruction.
Retention rules ensure that an object is WORM protected for some period of time. WORM (write once read many) objects cannot be deleted or overwritten, and this retention policy is set at the object level. Retention periods may be set on an object version either explicitly or through a bucket default setting. A default lock configuration set at the bucket level applies to objects that are created subsequently, and does not apply retroactively to versions of objects created previously.
When the bucket default setting is used, a duration is set in either days or years that defines the length of time for which every object version placed in the bucket should be protected. A new object placed in the bucket inherits the protection duration as set for the bucket.
Retention periods may be set explicitly for an object version. Explicit retention periods specify a Retain Until Date for the object version. The Retain Until Date setting is stored in the object version's metadata and protects the object version until the retention period expires.
After the retention period expires, the object version can be deleted unless a legal hold was also placed on the object version.
Explicit retention mode settings override default bucket settings.
Retention periods can be extended easily by submitting a new lock request.
There are two types of modes used to set a retention period for objects and buckets in the Retention framework:
Governance mode is used to protect objects from being deleted by standard users. Some users, however, will need to retain the permissions required to modify the retention settings or delete the objects. Those users will require special permissions such as the s3:BypassGovernanceRetention permission and DeleteObject permission.
Compliance mode is more restrictive and cannot be undone within the retention period. As a result, Compliance mode ensures that no one, including the root user, can delete an object during its retention period.
Legal hold offers the same WORM protection as the retention period, but it has no expiration date. It is an indefinite hold that can only be removed by an authorized user.
Objects continue to be versioned while they have policies defined for retention or legal hold. A copy operation on a version of an object does not carry forward the retention and legal hold settings from the source bucket to the destination.
The gold standard in object locking, retention, and legal holds is validation from Cohasset Associates. MinIO holds a positive assessment from Cohasset Associates regarding object locking capabilities and specifically regarding SEC Rule 17a-4(f), FINRA Rule 4511, and CFTC Regulation 1.31. Rule 17a-4 has specific requirements for electronic data storage, including many aspects of record management, such as the duration, format, quality, availability, and accountability of broker-dealer record retention.
A copy of the Cohasset Associates Assessment report can be downloaded in its entirety and shared with the appropriate regulator when storing data on MinIO. It details exactly how to configure MinIO to meet the requirements as well as the logic underpinning the object locking features.