{"id":6383,"date":"2026-06-19T13:54:43","date_gmt":"2026-06-19T13:54:43","guid":{"rendered":"https:\/\/cloudsave.app\/knowledge-base\/immutable-database-storage-ransomware\/"},"modified":"2026-06-19T14:13:02","modified_gmt":"2026-06-19T14:13:02","slug":"architekt%c5%abriniai-nekintamos-saugyklos-sprendimai-duomen%c5%b3-bazi%c5%b3-archyvams-skirti-apsisaugoti-nuo-i%c5%a1pirkos-reikalaujan%c4%8di%c5%b3-program%c5%b3","status":"publish","type":"post","link":"https:\/\/cloudsave.app\/lt\/knowledge-base\/architekt%c5%abriniai-nekintamos-saugyklos-sprendimai-duomen%c5%b3-bazi%c5%b3-archyvams-skirti-apsisaugoti-nuo-i%c5%a1pirkos-reikalaujan%c4%8di%c5%b3-program%c5%b3\/","title":{"rendered":"Architekt\u016briniai nekintamos saugyklos sprendimai duomen\u0173 bazi\u0173 archyvams, skirti apsisaugoti nuo i\u0161pirkos reikalaujan\u010di\u0173 program\u0173"},"content":{"rendered":"

\u0160iuolaikin\u0117je gr\u0117smi\u0173 aplinkoje i\u0161pirkos reikalaujanti programin\u0117 \u012franga (angl. ransomware<\/em>) evoliucionavo nuo oportunistinio \u0161ifravimo iki itin tikslini\u0173, daugialypio turto prievartavimo kampanij\u0173. Pa\u017eangios nuolatin\u0117s gr\u0117sm\u0117s (APT) ir i\u0161pirkos reikalaujan\u010dios grupuot\u0117s dabar aktyviai ie\u0161ko atsargini\u0173 kopij\u0173 infrastrukt\u016bros ir duomen\u0173 bazi\u0173 archyv\u0173, kol yra \u012fsilau\u017eusios \u012f sistem\u0105. Jei u\u017epuolikas kompromituoja j\u016bs\u0173 pagrindin\u0119 duomen\u0173 baz\u0119 ir tuo pat metu i\u0161trina arba u\u017e\u0161ifruoja j\u016bs\u0173 atsargini\u0173 kopij\u0173 saugyklas, j\u016bs\u0173 organizacijai gresia katastrofi\u0161kas duomen\u0173 praradimas.<\/p>\n

Duomen\u0173 bazi\u0173 administratoriams (DBA) ir \u201eDevOps\u201c in\u017einieriams tradicin\u0117s 3-2-1 atsargini\u0173 kopij\u0173 strategijos nebepakanka. Norint u\u017etikrinti duomen\u0173 i\u0161likim\u0105, infrastrukt\u016bros komandos turi taikyti 3-2-1-1 taisykl\u0119, kurioje paskutinis \u201e1\u201c rei\u0161kia nekintam\u0105 saugykl\u0105<\/strong> (angl. immutable storage<\/em>).<\/p>\n

\u0160iame straipsnyje pateikiama i\u0161sami technin\u0117 analiz\u0117 apie nekintamos saugyklos projektavim\u0105, diegim\u0105 ir valdym\u0105 duomen\u0173 bazi\u0173 archyvams, siekiant u\u017etikrinti visi\u0161k\u0105 atsparum\u0105 i\u0161pirkos reikalaujan\u010dioms programoms.<\/p>\n

Nekintamos saugyklos mechanika<\/h2>\n

Nekintama saugykla remiasi \u201e\u012fra\u0161yti vien\u0105 kart\u0105, skaityti daug kart\u0173\u201c (WORM) architekt\u016bra. Kai duomenys \u012fra\u0161omi \u012f nekintam\u0105 tikslin\u0119 viet\u0105, j\u0173 negali modifikuoti, u\u017e\u0161ifruoti ar i\u0161trinti joks vartotojas \u2013 \u012fskaitant administratorius su \u201eroot\u201c teis\u0117mis ar kompromituotas paslaug\u0173 paskyras \u2013 kol nesibaigia matemati\u0161kai u\u017etikrintas laiko u\u017eraktas.<\/p>\n

Atitikties re\u017eimas (Compliance Mode) vs. Valdymo re\u017eimas (Governance Mode)<\/h3>\n

Diegiant nekintamum\u0105, ypa\u010d debesijos objekt\u0173 saugyklose, tokiose kaip AWS S3, \u201eAzure Blob\u201c ar S3 suderinamuose vietiniuose SAN, b\u016btina suprasti skirtum\u0105 tarp saugojimo re\u017eim\u0173:<\/p>\n

    \n
  • Valdymo re\u017eimas (Governance Mode):<\/strong> Neleid\u017eia standartiniams vartotojams i\u0161trinti ar keisti objekt\u0173. Ta\u010diau vartotojai su tam tikrais IAM leidimais (pvz., s3:BypassGovernanceRetention<\/code>) gali apeiti u\u017erakt\u0105. Tai naudinga testavimui, bet nepakankama apsaugai nuo i\u0161pirkos reikalaujan\u010di\u0173 program\u0173<\/strong>, nes u\u017epuolikai da\u017enai padidina savo teises iki domeno administratoriaus ar \u201eroot\u201c lygio.<\/li>\n
  • Atitikties re\u017eimas (Compliance Mode):<\/strong> Auksinis standartas apsaugai nuo i\u0161pirkos reikalaujan\u010di\u0173 program\u0173. Kai objektas u\u017erakinamas atitikties re\u017eimu, jo saugojimo laikotarpis negali b\u016bti sutrumpintas, o objekto negali i\u0161trinti niekas<\/em>, \u012fskaitant AWS \u201eroot\u201c paskyr\u0105. U\u017eraktas vykdomas saugykl\u0173 klasterio lygiu.<\/li>\n<\/ul>\n

    Nekintamo atsargini\u0173 kopij\u0173 konvejerio projektavimas<\/h2>\n

    Patikima duomen\u0173 bazi\u0173 archyvavimo architekt\u016bra atskiria aktyvias duomen\u0173 bazi\u0173 operacijas nuo nekintamo archyvo lygmens. Nekintamumo negalima taikyti aktyviems duomen\u0173 bazi\u0173 failams (pvz., .mdf<\/code>\/.ldf<\/code> SQL serveryje arba pg_data<\/code> katalogui \u201ePostgreSQL\u201c), nes duomen\u0173 baz\u0117ms reikalinga nuolatin\u0117 skaitymo\/ra\u0161ymo prieiga.<\/p>\n

    Vietoj to, nekintamumas taikomas:
    \n1. Pilnoms ir diferencialin\u0117ms atsargin\u0117ms kopijoms:<\/strong> Bazin\u0117ms duomen\u0173 baz\u0117s momentin\u0117ms kopijoms (angl. snapshots<\/em>).
    \n2. Operacij\u0173 \u017eurnalams \/ WAL failams:<\/strong> Nuolatiniam duomen\u0173 baz\u0117s pakeitim\u0173 srautui, reikalingam atk\u016brimui tam tikru laiko momentu (PITR).<\/p>\n

    Nekintamumo saugyklos tikslai<\/h3>\n

    Nekintam\u0105 saugykl\u0105 galite \u012fdiegti \u012fvairiuose infrastrukt\u016bros lygmenyse:
    \n* Debesijos objekt\u0173 saugykla:<\/strong> \u201eAWS S3 Object Lock\u201c, \u201eAzure Blob Immutable Storage\u201c, \u201eGoogle Cloud Storage\u201c saugojimo politikos.
    \n* Vietin\u0117 objekt\u0173 saugykla:<\/strong> \u201eMinIO\u201c, \u201eCloudian\u201c arba \u201ePure Storage FlashBlade\u201c, palaikantys S3 \u201eObject Lock\u201c API.
    \n* Blokin\u0117\/fail\u0173 saugykla:<\/strong> ZFS su tik skaitymui skirtomis momentin\u0117mis kopijomis ir deleguotu administravimu arba \u201eLinux\u201c fail\u0173 atributais.<\/p>\n

    Nekintamos saugyklos diegimas: technin\u0117s instrukcijos<\/h2>\n

    1. Debesijos objekt\u0173 saugykla: AWS S3 Object Lock<\/h3>\n

    Nor\u0117dami apsaugoti duomen\u0173 bazi\u0173 kopijas ir operacij\u0173 \u017eurnalus AWS, turite \u012fjungti \u201eObject Lock\u201c kuriant kaupykl\u0105 (bucket).<\/p>\n

    Pirmiausia sukurkite kaupykl\u0105 su \u012fjungtu \u201eObject Lock\u201c:<\/p>\n

    aws s3api create-bucket \n    --bucket prod-db-archive-immutable \n    --region us-east-1 \n    --object-lock-enabled-for-bucket\n<\/code><\/pre>\n
    Tada sukonfig\u016bruokite numatyt\u0105j\u0105 saugojimo politik\u0105. Duomen\u0173 bazi\u0173 archyvams 30 dien\u0173 atitikties u\u017eraktas yra standartin\u0117 bazin\u0117 linija, u\u017etikrinanti, kad tur\u0117site m\u0117nesio trukm\u0117s nekei\u010diamas atsargines kopijas.<\/p>\n
    aws s3api put-object-lock-configuration \n    --bucket prod-db-archive-immutable \n    --object-lock-configuration '{\n        "ObjectLockEnabled": "Enabled",\n        "Rule": {\n            "DefaultRetention": {\n                "Mode": "COMPLIANCE",\n                "Days": 30\n            }\n        }\n    }'\n<\/code><\/pre>\n
    Kai j\u016bs\u0173 duomen\u0173 baz\u0117s atsargini\u0173 kopij\u0173 scenarijus ar agentas \u012fkelia fail\u0105 \u012f \u0161i\u0105 kaupykl\u0105, S3 automati\u0161kai apskai\u010diuoja Retain Until Date<\/code> (saugojimo iki datos) pagal objekto suk\u016brimo laiko \u017eym\u0105 plius 30 dien\u0173.<\/p>\n
    2. Vietinis nekintamumas: ZFS ir \u201eLinux\u201c atributai<\/h3>\n
    Jei archyvuojate duomen\u0173 bazes \u012f vietin\u012f \u201eLinux\u201c atsargini\u0173 kopij\u0173 server\u012f, galite pasiekti pseudo-nekintamum\u0105 naudodami chattr<\/code> komand\u0105 arba tikr\u0105 nekintamum\u0105 naudodami ZFS momentines kopijas.<\/p>\n
    Naudojant \u201eLinux\u201c chattr<\/code>:<\/strong>
    \n\u017dyma +i<\/code> (nekintamas) neleid\u017eia modifikuoti, i\u0161trinti ar pervadinti failo.<\/p>\n
    # I\u0161kelkite duomen\u0173 baz\u0119\npg_dump -U postgres -Fc mydb > \/backups\/mydb_$(date +%F).dump\n\n# Padarykite atsargin\u0119 kopij\u0105 nekintam\u0105\nsudo chattr +i \/backups\/mydb_$(date +%F).dump\n\n# Patikrinkite atribut\u0105\nlsattr \/backups\/mydb_$(date +%F).dump\n# I\u0161vestis: ----i---------e------- \/backups\/mydb_2023-10-27.dump\n<\/code><\/pre>\n
    Pastaba: Nors chattr<\/code> sustabdo paprastus i\u0161pirkos reikalaujan\u010di\u0173 program\u0173 scenarijus, patyr\u0119s u\u017epuolikas su \u201eroot\u201c prieiga gali tiesiog paleisti chattr -i<\/code>. Tod\u0117l tai turi b\u016bti derinama su grie\u017eta RBAC (prieigos kontrol\u0117) ir izoliuotais atsargini\u0173 kopij\u0173 tinklais.<\/em><\/p>\n
    Naudojant ZFS momentines kopijas:<\/strong>
    \nZFS suteikia daug stipresn\u0119 apsaug\u0105. Suk\u016brus momentin\u0119 kopij\u0105 ir u\u017ed\u0117jus jai \u201elaikym\u0105\u201c (hold), u\u017ekertate keli\u0105 jos sunaikinimui.<\/p>\n
    # Sukurkite atsargini\u0173 kopij\u0173 duomen\u0173 rinkinio momentin\u0119 kopij\u0105\nzfs snapshot tank\/db_backups@archive_$(date +%F)\n\n# U\u017ed\u0117kite \u201elaikym\u0105\u201c ant momentin\u0117s kopijos, kad i\u0161vengtum\u0117te i\u0161trynimo\nzfs hold keep_30_days tank\/db_backups@archive_$(date +%F)\n\n# Net \u201eroot\u201c negali sunaikinti \u0161ios momentin\u0117s kopijos neat\u0161auk\u0119s \u201elaikymo\u201c\nzfs destroy tank\/db_backups@archive_$(date +%F)\n# I\u0161vestis: cannot destroy 'tank\/db_backups@archive_...': dataset is busy\n<\/code><\/pre>\n
    Duomen\u0173 baz\u0117ms skirtos archyvavimo strategijos<\/h2>\n
    Norint pasiekti atk\u016brim\u0105 tam tikru laiko momentu (PITR), turite nuolat archyvuoti operacij\u0173 \u017eurnalus \u012f savo nekintam\u0105 saugykl\u0105.<\/p>\n
    \u201ePostgreSQL\u201c WAL archyvavimas su \u201epgBackRest\u201c<\/h3>\n
    pgBackRest<\/code> yra itin patikimas atsargini\u0173 kopij\u0173 \u012frankis, skirtas \u201ePostgreSQL\u201c, kuris nat\u016braliai palaiko S3 suderinamas saugyklas. Nor\u0117dami apsaugoti savo \u201eWrite-Ahead Logs\u201c (WAL), sukonfig\u016bruokite pgBackRest<\/code> tiesiogiai \u012fkelti duomenis \u012f j\u016bs\u0173 nekintam\u0105 S3 kaupykl\u0105.<\/p>\n
    J\u016bs\u0173 pgbackrest.conf<\/code> faile:<\/p>\n
    [global]\nrepo1-type=s3\nrepo1-s3-bucket=prod-db-archive-immutable\nrepo1-s3-region=us-east-1\nrepo1-s3-endpoint=s3.amazonaws.com\nrepo1-s3-key=AKIAIOSFODNN7EXAMPLE\nrepo1-s3-key-secret=wJalrXUtnFEMI\/K7MDENG\/bPxRfiCYEXAMPLEKEY\n\n# U\u017etikrinkite, kad saugojimo laikotarpis atitikt\u0173 j\u016bs\u0173 S3 Object Lock konfig\u016bracij\u0105\nrepo1-retention-full=2\nrepo1-retention-archive=2\n\n[prod_cluster]\npg1-path=\/var\/lib\/postgresql\/14\/main\n<\/code><\/pre>\n
    Svarbus aspektas:<\/em> Jei j\u016bs\u0173 S3 kaupykla taiko 30 dien\u0173 atitikties u\u017erakt\u0105, bet pgBackRest<\/code> bando i\u0161trinti WAL failus po 14 dien\u0173 pagal repo1-retention-archive<\/code>, i\u0161trynimo API u\u017eklausos nepavyks. Turite u\u017etikrinti, kad j\u016bs\u0173 atsargini\u0173 kopij\u0173 programin\u0117s \u012frangos saugojimo politika b\u016bt\u0173 ilgesn\u0117 arba lygi saugyklos lygmens nekintamam u\u017eraktui.<\/p>\n
    \u201eMicrosoft SQL Server\u201c: atsargin\u0117 kopija \u012f URL<\/h3>\n
    SQL Server palaiko nat\u016bralias atsargines kopijas tiesiai \u012f S3 suderinam\u0105 objekt\u0173 saugykl\u0105. Galite sukonfig\u016bruoti \u201eSQL Server Agent\u201c u\u017eduot\u012f, kad .bak<\/code> ir .trn<\/code> failai b\u016bt\u0173 ra\u0161omi tiesiai \u012f nekintam\u0105 kaupykl\u0105.<\/p>\n
    CREATE CREDENTIAL [s3:\/\/prod-db-archive-immutable.s3.us-east-1.amazonaws.com]\nWITH IDENTITY = 'S3 Access Key',\nSECRET = 'AccessKeyID:SecretAccessKey';\nGO\n\nBACKUP DATABASE [ProductionDB]\nTO URL = 's3:\/\/prod-db-archive-immutable.s3.us-east-1.amazonaws.com\/ProductionDB_Full.bak'\nWITH FORMAT, COMPRESSION, STATS = 10;\nGO\n<\/code><\/pre>\n
    Automatizavimas ir orkestravimas su \u201eCloudSave\u201c<\/h2>\n
    Nekintam\u0173 saugojimo v\u0117liav\u0117li\u0173 valdymas, prieigos rakt\u0173 keitimas ir sinchronizacijos tarp duomen\u0173 bazi\u0173 saugojimo politik\u0173 bei saugykl\u0173 u\u017erakt\u0173 u\u017etikrinimas naudojant pasirinktinius scenarijus yra labai link\u0119s \u012f klaidas. Viena neteisinga konfig\u016bracija \u201ecron\u201c u\u017eduotyje ar API i\u0161kvietime gali palikti j\u016bs\u0173 archyvus pa\u017eeid\u017eiamus arba sukelti spar\u010diai augan\u010dias debesijos saugyklos i\u0161laidas d\u0117l palikt\u0173, u\u017erakint\u0173 objekt\u0173.<\/p>\n
    \u012emoni\u0173 lygio atsargini\u0173 kopij\u0173 platformos, tokios kaip \u201eCloudSave\u201c, supaprastina \u0161i\u0105 architekt\u016br\u0105. \u201eCloudSave\u201c nat\u016braliai integruojasi su \u201eAWS S3 Object Lock\u201c, \u201eAzure Blob Immutable Storage\u201c ir vietiniais S3 suderinamais API.<\/p>\n
    Konfig\u016bruojant duomen\u0173 baz\u0117s atsargini\u0173 kopij\u0173 plan\u0105 \u201eCloudSave\u201c platformoje:
    \n1. Platforma automati\u0161kai tvarko VSS (\u201eVolume Shadow Copy Service\u201c) ramyb\u0117s b\u016bsen\u0105 SQL Serveriui arba pg_start_backup()<\/code> API \u201ePostgreSQL\u201c duomen\u0173 bazei.
    \n2. Ji perduoda deduplikuotus, u\u017e\u0161ifruotus atsargini\u0173 kopij\u0173 duomenis tiesiai \u012f saugykl\u0105.
    \n3. \u201eCloudSave\u201c dinami\u0161kai taiko WORM API i\u0161kvietimus (pvz., PutObjectRetention<\/code>) kiekvienam objektui atskirai, puikiai suderindama saugyklos u\u017erakto trukm\u0119 su politikoje nustatytu saugojimo grafiku.
    \n4. Jei u\u017epuolikas kompromituoja \u201eCloudSave\u201c valdymo konsol\u0119, jis vis tiek negali i\u0161trinti atsargini\u0173 kopij\u0173, nes atitikties u\u017erakt\u0105 vykdo pagrindin\u0117 saugyklos infrastrukt\u016bra, o ne atsargini\u0173 kopij\u0173 programin\u0117 \u012franga.<\/p>\n
    Geriausia nekintam\u0173 duomen\u0173 bazi\u0173 archyv\u0173 praktika<\/h2>\n
    Nor\u0117dami u\u017etikrinti, kad j\u016bs\u0173 nekintama architekt\u016bra b\u016bt\u0173 tikrai atspari, laikykit\u0117s \u0161i\u0173 sistem\u0173 in\u017einerijos geriausi\u0173 praktik\u0173:<\/p>\n
    1. Grie\u017eta NTP sinchronizacija<\/h3>\n
    Nekintami u\u017eraktai yra matemati\u0161kai susieti su laiko \u017eymomis. Jei NTP (tinklo laiko protokolo) paslauga j\u016bs\u0173 saugykl\u0173 masyve ar atsargini\u0173 kopij\u0173 serveryje yra kompromituota arba i\u0161siderina, tai gali sukelti u\u017erakt\u0173 per ankstyv\u0105 pasibaigim\u0105 arba j\u0173 visi\u0161ko nepasibaigimo problem\u0105. U\u017etikrinkite, kad j\u016bs\u0173 saugykl\u0173 infrastrukt\u016bra naudoja autentifikuotus, perteklinius NTP \u0161altinius.<\/p>\n
    2. IAM vaidmen\u0173 ir kredencial\u0173 izoliavimas<\/h3>\n
    Kredencialai, naudojami ra\u0161ymui \u012f nekintam\u0105 kaupykl\u0105, turi tur\u0117ti tik s3:PutObject<\/code> ir s3:PutObjectRetention<\/code> leidimus. Jie niekada<\/strong> netur\u0117t\u0173 tur\u0117ti s3:DeleteObject<\/code> ar s3:PutBucketObjectLockConfiguration<\/code> leidim\u0173.<\/p>\n
    Ma\u017eiausi\u0173 privilegij\u0173 IAM politikos pavyzdys duomen\u0173 baz\u0117s atsargini\u0173 kopij\u0173 agentui:<\/p>\n
    {\n    "Version": "2012-10-17",\n    "Statement": [\n        {\n            "Effect": "Allow",\n            "Action": [\n                "s3:PutObject",\n                "s3:GetBucketObjectLockConfiguration"\n            ],\n            "Resource": [\n                "arn:aws:s3:::prod-db-archive-immutable",\n                "arn:aws:s3:::prod-db-archive-immutable\/*"\n            ]\n        }\n    ]\n}\n<\/code><\/pre>\n
    3. Saugojimo laikotarpio nustatymas<\/h3>\n
    Nenustatykite atitikties u\u017erakt\u0173 itin ilgiems laikotarpiams (pvz., 7 metams d\u0117l atitikties) savo pirminiame greito atk\u016brimo lygmenyje. Duomen\u0173 baz\u0117s generuoja did\u017eiulius WAL\/operacij\u0173 \u017eurnal\u0173 duomen\u0173 kiekius. \u0160i\u0173 duomen\u0173 u\u017erakinimas metams sukels eksponentin\u012f saugyklos i\u0161laid\u0173 augim\u0105.
    \nVietoj to naudokite pakopin\u012f po\u017ei\u016br\u012f:
    \n* Operatyvinio atk\u016brimo lygmuo:<\/strong> 14\u201330 dien\u0173 nekintamas saugojimas pilnoms kopijoms ir \u017eurnalams.
    \n* Ilgalaikio archyvavimo lygmuo:<\/strong> M\u0117nesin\u0117s pilnos atsargin\u0117s kopijos, perkeltos \u012f \u201eGlacier\u201c\/\u201eDeep Archive\u201c su \u201eVault Lock\u201c 1\u20137 metams.<\/p>\n
    4. Reguliarus atk\u016brimo testavimas izoliuotuose (air-gapped) VPC<\/h3>\n
    Nekintamumas garantuoja, kad duomenys negali b\u016bti i\u0161trinti, bet negarantuoja, kad duomenyse n\u0117ra login\u0117s korupcijos. Turite automatizuoti savo nekintam\u0173 duomen\u0173 bazi\u0173 archyv\u0173 atk\u016brim\u0105 \u012f izoliuot\u0105, nuo tinklo atjungt\u0105 VPC arba VLAN. Vykdykite DBCC CHECKDB<\/code> (SQL Server) arba pg_amcheck<\/code> (\u201ePostgreSQL\u201c) atkurtiems duomenims, kad patikrintum\u0117te strukt\u016brin\u012f vientisum\u0105.<\/p>\n
    I\u0161vada<\/h2>\n
    Apsauga nuo i\u0161pirkos reikalaujan\u010di\u0173 program\u0173 yra pratybos, kuriose daroma prielaida, kad \u012fsilau\u017eimas jau \u012fvyko. Iki to laiko, kai j\u016bs\u0173 SIEM sistemoje suveikia \u012fsp\u0117jimas, gr\u0117smi\u0173 veik\u0117jai tikriausiai jau band\u0117 kompromituoti j\u016bs\u0173 atsargini\u0173 kopij\u0173 infrastrukt\u016br\u0105. Suprojektuodami savo duomen\u0173 bazi\u0173 archyvus naudodami nekintam\u0105 saugykl\u0105 atitikties re\u017eimu, atimate i\u0161 u\u017epuolik\u0173 j\u0173 pagrindin\u012f svert\u0105. Nesvarbu, ar naudojate vietinius debesijos API, ZFS \u201elaikymus\u201c, ar \u012fmon\u0117s orkestravimo platform\u0105, toki\u0105 kaip \u201eCloudSave\u201c, WORM saugyklos diegimas neb\u0117ra pasirinktinis \u2013 tai privalomas \u0161iuolaikinio duomen\u0173 bazi\u0173 administravimo ir atk\u016brimo po nelaimi\u0173 ramstis.<\/p>\n","protected":false},"excerpt":{"rendered":"
    ** Learn how to protect enterprise database archives from ransomware using immutable storage. Discover technical implementation steps for AWS S3 Object Lock, ZFS, PostgreSQL, and SQL Server.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_title":"Immutable Database Storage to Defeat Ransomware","rank_math_description":"** Learn how to protect enterprise database archives from ransomware using immutable storage. Discover technical implementation steps for AWS S3 Object Lock, ZFS, PostgreSQL, and SQL Server.","rank_math_focus_keyword":"immutable database storage","footnotes":""},"categories":[543],"tags":[4670,4671,4672,1321,4673,4674],"class_list":["post-6383","post","type-post","status-publish","format-standard","hentry","category-database-backup","tag-3-2-1-1-backup","tag-data-survivability","tag-database-archives","tag-enterprise-backup","tag-immutable-storage","tag-ransomware-protection"],"yoast_head":"\nImmutable Database Storage to Defeat Ransomware<\/title>\n<meta name=\"description\" content=\"** Learn how to protect enterprise database archives from ransomware using immutable storage. Discover technical implementation steps for AWS S3 Object Lock, ZFS, PostgreSQL, and SQL Server.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cloudsave.app\/lt\/knowledge-base\/architekt%c5%abriniai-nekintamos-saugyklos-sprendimai-duomen%c5%b3-bazi%c5%b3-archyvams-skirti-apsisaugoti-nuo-i%c5%a1pirkos-reikalaujan%c4%8di%c5%b3-program%c5%b3\/\" \/>\n<meta property=\"og:locale\" content=\"lt_LT\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Architekt\u016briniai nekintamos saugyklos sprendimai duomen\u0173 bazi\u0173 archyvams, skirti apsisaugoti nuo i\u0161pirkos reikalaujan\u010di\u0173 program\u0173\" \/>\n<meta property=\"og:description\" content=\"** Learn how to protect enterprise database archives from ransomware using immutable storage. Discover technical implementation steps for AWS S3 Object Lock, ZFS, PostgreSQL, and SQL Server.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cloudsave.app\/lt\/knowledge-base\/architekt%c5%abriniai-nekintamos-saugyklos-sprendimai-duomen%c5%b3-bazi%c5%b3-archyvams-skirti-apsisaugoti-nuo-i%c5%a1pirkos-reikalaujan%c4%8di%c5%b3-program%c5%b3\/\" \/>\n<meta property=\"og:site_name\" content=\"CloudSave\" \/>\n<meta property=\"article:published_time\" content=\"2026-06-19T13:54:43+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-06-19T14:13:02+00:00\" \/>\n<meta name=\"author\" content=\"shervinrv\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"shervinrv\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minut\u0117s\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/cloudsave.app\\\/lt\\\/knowledge-base\\\/architekt%c5%abriniai-nekintamos-saugyklos-sprendimai-duomen%c5%b3-bazi%c5%b3-archyvams-skirti-apsisaugoti-nuo-i%c5%a1pirkos-reikalaujan%c4%8di%c5%b3-program%c5%b3\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/cloudsave.app\\\/lt\\\/knowledge-base\\\/architekt%c5%abriniai-nekintamos-saugyklos-sprendimai-duomen%c5%b3-bazi%c5%b3-archyvams-skirti-apsisaugoti-nuo-i%c5%a1pirkos-reikalaujan%c4%8di%c5%b3-program%c5%b3\\\/\"},\"author\":{\"name\":\"shervinrv\",\"@id\":\"https:\\\/\\\/cloudsave.app\\\/lt\\\/#\\\/schema\\\/person\\\/286beefe68281d868e87f46603a7ae4d\"},\"headline\":\"Architekt\u016briniai nekintamos saugyklos sprendimai duomen\u0173 bazi\u0173 archyvams, skirti apsisaugoti nuo i\u0161pirkos reikalaujan\u010di\u0173 program\u0173\",\"datePublished\":\"2026-06-19T13:54:43+00:00\",\"dateModified\":\"2026-06-19T14:13:02+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/cloudsave.app\\\/lt\\\/knowledge-base\\\/architekt%c5%abriniai-nekintamos-saugyklos-sprendimai-duomen%c5%b3-bazi%c5%b3-archyvams-skirti-apsisaugoti-nuo-i%c5%a1pirkos-reikalaujan%c4%8di%c5%b3-program%c5%b3\\\/\"},\"wordCount\":1393,\"publisher\":{\"@id\":\"https:\\\/\\\/cloudsave.app\\\/lt\\\/#\\\/schema\\\/person\\\/286beefe68281d868e87f46603a7ae4d\"},\"keywords\":[\"3-2-1-1 backup\",\"data survivability\",\"database archives\",\"Enterprise Backup\",\"immutable storage\",\"ransomware protection\"],\"articleSection\":[\"Database Backup\"],\"inLanguage\":\"lt-LT\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/cloudsave.app\\\/lt\\\/knowledge-base\\\/architekt%c5%abriniai-nekintamos-saugyklos-sprendimai-duomen%c5%b3-bazi%c5%b3-archyvams-skirti-apsisaugoti-nuo-i%c5%a1pirkos-reikalaujan%c4%8di%c5%b3-program%c5%b3\\\/\",\"url\":\"https:\\\/\\\/cloudsave.app\\\/lt\\\/knowledge-base\\\/architekt%c5%abriniai-nekintamos-saugyklos-sprendimai-duomen%c5%b3-bazi%c5%b3-archyvams-skirti-apsisaugoti-nuo-i%c5%a1pirkos-reikalaujan%c4%8di%c5%b3-program%c5%b3\\\/\",\"name\":\"Immutable Database Storage to Defeat Ransomware\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/cloudsave.app\\\/lt\\\/#website\"},\"datePublished\":\"2026-06-19T13:54:43+00:00\",\"dateModified\":\"2026-06-19T14:13:02+00:00\",\"description\":\"** Learn how to protect enterprise database archives from ransomware using immutable storage. Discover technical implementation steps for AWS S3 Object Lock, ZFS, PostgreSQL, and SQL Server.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/cloudsave.app\\\/lt\\\/knowledge-base\\\/architekt%c5%abriniai-nekintamos-saugyklos-sprendimai-duomen%c5%b3-bazi%c5%b3-archyvams-skirti-apsisaugoti-nuo-i%c5%a1pirkos-reikalaujan%c4%8di%c5%b3-program%c5%b3\\\/#breadcrumb\"},\"inLanguage\":\"lt-LT\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/cloudsave.app\\\/lt\\\/knowledge-base\\\/architekt%c5%abriniai-nekintamos-saugyklos-sprendimai-duomen%c5%b3-bazi%c5%b3-archyvams-skirti-apsisaugoti-nuo-i%c5%a1pirkos-reikalaujan%c4%8di%c5%b3-program%c5%b3\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/cloudsave.app\\\/lt\\\/knowledge-base\\\/architekt%c5%abriniai-nekintamos-saugyklos-sprendimai-duomen%c5%b3-bazi%c5%b3-archyvams-skirti-apsisaugoti-nuo-i%c5%a1pirkos-reikalaujan%c4%8di%c5%b3-program%c5%b3\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/cloudsave.app\\\/lt\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Architekt\u016briniai nekintamos saugyklos sprendimai duomen\u0173 bazi\u0173 archyvams, skirti apsisaugoti nuo i\u0161pirkos reikalaujan\u010di\u0173 program\u0173\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/cloudsave.app\\\/lt\\\/#website\",\"url\":\"https:\\\/\\\/cloudsave.app\\\/lt\\\/\",\"name\":\"CloudSave\",\"description\":\"CloudSave\",\"publisher\":{\"@id\":\"https:\\\/\\\/cloudsave.app\\\/lt\\\/#\\\/schema\\\/person\\\/286beefe68281d868e87f46603a7ae4d\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/cloudsave.app\\\/lt\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"lt-LT\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/cloudsave.app\\\/lt\\\/#\\\/schema\\\/person\\\/286beefe68281d868e87f46603a7ae4d\",\"name\":\"shervinrv\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"lt-LT\",\"@id\":\"https:\\\/\\\/cloudsave.app\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/Logo_Name-2.png\",\"url\":\"https:\\\/\\\/cloudsave.app\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/Logo_Name-2.png\",\"contentUrl\":\"https:\\\/\\\/cloudsave.app\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/Logo_Name-2.png\",\"width\":859,\"height\":150,\"caption\":\"shervinrv\"},\"logo\":{\"@id\":\"https:\\\/\\\/cloudsave.app\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/Logo_Name-2.png\"},\"sameAs\":[\"http:\\\/\\\/cloudsave.app\"],\"url\":\"https:\\\/\\\/cloudsave.app\\\/lt\\\/knowledge-base\\\/author\\\/shervinrv\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Immutable Database Storage to Defeat Ransomware","description":"** Learn how to protect enterprise database archives from ransomware using immutable storage. Discover technical implementation steps for AWS S3 Object Lock, ZFS, PostgreSQL, and SQL Server.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cloudsave.app\/lt\/knowledge-base\/architekt%c5%abriniai-nekintamos-saugyklos-sprendimai-duomen%c5%b3-bazi%c5%b3-archyvams-skirti-apsisaugoti-nuo-i%c5%a1pirkos-reikalaujan%c4%8di%c5%b3-program%c5%b3\/","og_locale":"lt_LT","og_type":"article","og_title":"Architekt\u016briniai nekintamos saugyklos sprendimai duomen\u0173 bazi\u0173 archyvams, skirti apsisaugoti nuo i\u0161pirkos reikalaujan\u010di\u0173 program\u0173","og_description":"** Learn how to protect enterprise database archives from ransomware using immutable storage. Discover technical implementation steps for AWS S3 Object Lock, ZFS, PostgreSQL, and SQL Server.","og_url":"https:\/\/cloudsave.app\/lt\/knowledge-base\/architekt%c5%abriniai-nekintamos-saugyklos-sprendimai-duomen%c5%b3-bazi%c5%b3-archyvams-skirti-apsisaugoti-nuo-i%c5%a1pirkos-reikalaujan%c4%8di%c5%b3-program%c5%b3\/","og_site_name":"CloudSave","article_published_time":"2026-06-19T13:54:43+00:00","article_modified_time":"2026-06-19T14:13:02+00:00","author":"shervinrv","twitter_card":"summary_large_image","twitter_misc":{"Written by":"shervinrv","Est. reading time":"9 minut\u0117s"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/cloudsave.app\/lt\/knowledge-base\/architekt%c5%abriniai-nekintamos-saugyklos-sprendimai-duomen%c5%b3-bazi%c5%b3-archyvams-skirti-apsisaugoti-nuo-i%c5%a1pirkos-reikalaujan%c4%8di%c5%b3-program%c5%b3\/#article","isPartOf":{"@id":"https:\/\/cloudsave.app\/lt\/knowledge-base\/architekt%c5%abriniai-nekintamos-saugyklos-sprendimai-duomen%c5%b3-bazi%c5%b3-archyvams-skirti-apsisaugoti-nuo-i%c5%a1pirkos-reikalaujan%c4%8di%c5%b3-program%c5%b3\/"},"author":{"name":"shervinrv","@id":"https:\/\/cloudsave.app\/lt\/#\/schema\/person\/286beefe68281d868e87f46603a7ae4d"},"headline":"Architekt\u016briniai nekintamos saugyklos sprendimai duomen\u0173 bazi\u0173 archyvams, skirti apsisaugoti nuo i\u0161pirkos reikalaujan\u010di\u0173 program\u0173","datePublished":"2026-06-19T13:54:43+00:00","dateModified":"2026-06-19T14:13:02+00:00","mainEntityOfPage":{"@id":"https:\/\/cloudsave.app\/lt\/knowledge-base\/architekt%c5%abriniai-nekintamos-saugyklos-sprendimai-duomen%c5%b3-bazi%c5%b3-archyvams-skirti-apsisaugoti-nuo-i%c5%a1pirkos-reikalaujan%c4%8di%c5%b3-program%c5%b3\/"},"wordCount":1393,"publisher":{"@id":"https:\/\/cloudsave.app\/lt\/#\/schema\/person\/286beefe68281d868e87f46603a7ae4d"},"keywords":["3-2-1-1 backup","data survivability","database archives","Enterprise Backup","immutable storage","ransomware protection"],"articleSection":["Database Backup"],"inLanguage":"lt-LT"},{"@type":"WebPage","@id":"https:\/\/cloudsave.app\/lt\/knowledge-base\/architekt%c5%abriniai-nekintamos-saugyklos-sprendimai-duomen%c5%b3-bazi%c5%b3-archyvams-skirti-apsisaugoti-nuo-i%c5%a1pirkos-reikalaujan%c4%8di%c5%b3-program%c5%b3\/","url":"https:\/\/cloudsave.app\/lt\/knowledge-base\/architekt%c5%abriniai-nekintamos-saugyklos-sprendimai-duomen%c5%b3-bazi%c5%b3-archyvams-skirti-apsisaugoti-nuo-i%c5%a1pirkos-reikalaujan%c4%8di%c5%b3-program%c5%b3\/","name":"Immutable Database Storage to Defeat Ransomware","isPartOf":{"@id":"https:\/\/cloudsave.app\/lt\/#website"},"datePublished":"2026-06-19T13:54:43+00:00","dateModified":"2026-06-19T14:13:02+00:00","description":"** Learn how to protect enterprise database archives from ransomware using immutable storage. Discover technical implementation steps for AWS S3 Object Lock, ZFS, PostgreSQL, and SQL Server.","breadcrumb":{"@id":"https:\/\/cloudsave.app\/lt\/knowledge-base\/architekt%c5%abriniai-nekintamos-saugyklos-sprendimai-duomen%c5%b3-bazi%c5%b3-archyvams-skirti-apsisaugoti-nuo-i%c5%a1pirkos-reikalaujan%c4%8di%c5%b3-program%c5%b3\/#breadcrumb"},"inLanguage":"lt-LT","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cloudsave.app\/lt\/knowledge-base\/architekt%c5%abriniai-nekintamos-saugyklos-sprendimai-duomen%c5%b3-bazi%c5%b3-archyvams-skirti-apsisaugoti-nuo-i%c5%a1pirkos-reikalaujan%c4%8di%c5%b3-program%c5%b3\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/cloudsave.app\/lt\/knowledge-base\/architekt%c5%abriniai-nekintamos-saugyklos-sprendimai-duomen%c5%b3-bazi%c5%b3-archyvams-skirti-apsisaugoti-nuo-i%c5%a1pirkos-reikalaujan%c4%8di%c5%b3-program%c5%b3\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cloudsave.app\/lt\/"},{"@type":"ListItem","position":2,"name":"Architekt\u016briniai nekintamos saugyklos sprendimai duomen\u0173 bazi\u0173 archyvams, skirti apsisaugoti nuo i\u0161pirkos reikalaujan\u010di\u0173 program\u0173"}]},{"@type":"WebSite","@id":"https:\/\/cloudsave.app\/lt\/#website","url":"https:\/\/cloudsave.app\/lt\/","name":"CloudSave","description":"CloudSave","publisher":{"@id":"https:\/\/cloudsave.app\/lt\/#\/schema\/person\/286beefe68281d868e87f46603a7ae4d"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cloudsave.app\/lt\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"lt-LT"},{"@type":["Person","Organization"],"@id":"https:\/\/cloudsave.app\/lt\/#\/schema\/person\/286beefe68281d868e87f46603a7ae4d","name":"shervinrv","image":{"@type":"ImageObject","inLanguage":"lt-LT","@id":"https:\/\/cloudsave.app\/wp-content\/uploads\/2026\/02\/Logo_Name-2.png","url":"https:\/\/cloudsave.app\/wp-content\/uploads\/2026\/02\/Logo_Name-2.png","contentUrl":"https:\/\/cloudsave.app\/wp-content\/uploads\/2026\/02\/Logo_Name-2.png","width":859,"height":150,"caption":"shervinrv"},"logo":{"@id":"https:\/\/cloudsave.app\/wp-content\/uploads\/2026\/02\/Logo_Name-2.png"},"sameAs":["http:\/\/cloudsave.app"],"url":"https:\/\/cloudsave.app\/lt\/knowledge-base\/author\/shervinrv\/"}]}},"_links":{"self":[{"href":"https:\/\/cloudsave.app\/lt\/wp-json\/wp\/v2\/posts\/6383","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudsave.app\/lt\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudsave.app\/lt\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudsave.app\/lt\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudsave.app\/lt\/wp-json\/wp\/v2\/comments?post=6383"}],"version-history":[{"count":1,"href":"https:\/\/cloudsave.app\/lt\/wp-json\/wp\/v2\/posts\/6383\/revisions"}],"predecessor-version":[{"id":6444,"href":"https:\/\/cloudsave.app\/lt\/wp-json\/wp\/v2\/posts\/6383\/revisions\/6444"}],"wp:attachment":[{"href":"https:\/\/cloudsave.app\/lt\/wp-json\/wp\/v2\/media?parent=6383"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudsave.app\/lt\/wp-json\/wp\/v2\/categories?post=6383"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudsave.app\/lt\/wp-json\/wp\/v2\/tags?post=6383"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}