OtterStorage
en
EspañolEnglish
Become a Founding Otter
Documentation / Reference / Security

Security at OtterStorage

How we keep your objects intact, available, and protected against deletions, overwrites, and attacks.

The security of object storage is built in layers: data durability (so it isn't lost), immutability (so it can't be altered), access control (who can do what), and encryption (so no one reads it along the way). OtterStorage combines all of them on top of the standard S3 API.

Durability with Erasure Coding (EC)

Instead of storing several full copies of the same object (3x replication, which triples the space), OtterStorage uses Erasure Coding: a mathematical technique that delivers high durability at a much lower storage cost.

How it works

Each object is split into k data fragments, and m additional parity fragments are computed (a scheme is denoted k+m, for example 8+4). The k+m fragments are spread across different disks and nodes. The key property:

  • The object can be reconstructed from any subset of k fragments out of the k+m total.
  • In other words, the system tolerates the simultaneous loss of up to m fragments (disks or nodes) without losing a single byte.

With an 8+4 scheme, for example, you can lose 4 devices at once and keep serving the data, with a storage overhead of only (8+4)/8 = 1.5x—versus the 3x of triple replication for comparable tolerance.

EC = more durability per dollar: protection against hardware failures without paying triple for space. That's why we don't replicate 3x; we use Erasure Coding.

What it means for you

  • High durability of objects by design, without your having to configure anything.
  • Automatic reconstruction: if a disk fails, the system regenerates its fragments from the rest.
  • Cost efficiency, reflected in our per-TB pricing.

EC durability protects against infrastructure failures. To protect yourself against human error or attacks (deliberate deletion/alteration), add versioning, Object Lock, and Legal Hold.

Versioning

Versioning keeps the previous versions of an object every time it's overwritten or deleted. It's your safety net against accidental overwrites and deletions.

  • On overwrite, the previous version is kept and remains accessible by its versionId.
  • On delete, a delete marker is created instead of removing the data; you can recover the previous version.
# Activar versionado
aws --profile otter s3api put-bucket-versioning \
  --bucket mi-bucket \
  --versioning-configuration Status=Enabled

# Listar versiones
aws --profile otter s3api list-object-versions --bucket mi-bucket

Combine versioning with lifecycle rules to expire old versions and control cost. Remember: in OtterStorage, deletions are not billed.

Object Lock (WORM immutability)

Object Lock applies a WORM model (Write Once, Read Many): a locked object cannot be deleted or modified until its retention expires. It's the technical foundation for compliance and anti-ransomware protection at the object level.

Retention modes

  • Governance (GOVERNANCE): protects the object, but users with special permissions can lift the retention. Useful for preventing accidental deletions.
  • Compliance (COMPLIANCE): no one—not even the owner—can delete or shorten the retention before the date. For strict regulatory requirements.

The bucket must be created with Object Lock enabled (which also enables versioning). This is done from the console when creating the bucket: your keys are scoped to a single bucket and cannot create buckets. Once created, you apply per-object retention from the CLI:

aws --profile otter s3api put-object \
  --bucket bucket-worm --key contratos/2026.pdf --body ./2026.pdf \
  --object-lock-mode COMPLIANCE \
  --object-lock-retain-until-date 2031-06-11T00:00:00Z

Legal Hold (per-bucket legal retention)

OtterStorage's Legal Hold freezes an entire bucket for legal or compliance reasons, reversibly and governed from the console by the account administrator. Unlike Object Lock (which sets retention object by object), Legal Hold acts on the entire bucket with a single switch.

While the Legal Hold is active, the bucket is blocked from:

  • Deleting or overwriting objects and versions.
  • Changing or deleting the bucket policy and its lifecycle.
  • Deleting the bucket itself.
  • Creating new access keys for the bucket.

It's applied through a bucket policy managed by OtterStorage; you simply turn it on or off from the console (with confirmation). It's ideal for court orders, audits, and evidence preservation. More detail in the Legal Hold guide.

Encryption and access control

  • In transit: all traffic travels over TLS/HTTPS.
  • At rest: data is encrypted in storage.
  • Per-bucket keys: each bucket has its own access/secret keys, isolated from the rest.
  • Policies: control who can access what with S3 policies.

Recommended defense layers

  • Durability (EC): included, protects against hardware failures.
  • Versioning: recover from mistakes and overwrites.
  • Object Lock: WORM immutability for critical backups.
  • Legal Hold: reversible freeze of the entire bucket for compliance.
  • Encryption + per-bucket keys + policies: access control.

Questions? Return to the documentation or write to us.

Ready to protect your data?

Create your account and enable immutability in minutes.

Hazte Founding Otter