Back to Blog
Compliance

Object Locking for Compliance

How WORM storage helps meet regulatory requirements for data retention.

E

ElasticLake Team

November 8, 2025

Object Locking for Compliance

What is Object Locking?

Object locking, also known as WORM (Write Once Read Many) storage, prevents objects from being deleted or modified for a specified period. This is essential for meeting regulatory compliance requirements.

Why Object Locking Matters

Many industries have strict data retention requirements:

  • Healthcare (HIPAA): Medical records must be retained for specific periods
  • Finance (SEC Rule 17a-4): Trading records must be immutable
  • Legal (eDiscovery): Documents may need preservation holds
  • Government: Various record-keeping mandates

How ElasticLake Object Locking Works

Retention Modes

Governance Mode

  • Objects can't be deleted by regular users
  • Users with special permissions can override
  • Good for: Internal policies, soft compliance

Compliance Mode

  • Objects cannot be deleted by anyone, including root
  • Not even ElasticLake support can remove them
  • Good for: Regulatory compliance, legal holds

Setting Retention

import boto3
from datetime import datetime, timedelta

s3 = boto3.client(
    's3',
    endpoint_url='https://api.elasticlake.com',
    aws_access_key_id='YOUR_KEY',
    aws_secret_access_key='YOUR_SECRET'
)

# Enable object locking on bucket creation
s3.create_bucket(
    Bucket='compliance-records',
    ObjectLockEnabledForBucket=True
)

# Set default retention
s3.put_object_lock_configuration(
    Bucket='compliance-records',
    ObjectLockConfiguration={
        'ObjectLockEnabled': 'Enabled',
        'Rule': {
            'DefaultRetention': {
                'Mode': 'COMPLIANCE',
                'Years': 7
            }
        }
    }
)

Per-Object Retention

# Upload with specific retention
s3.put_object(
    Bucket='compliance-records',
    Key='financial-report-2025.pdf',
    Body=data,
    ObjectLockMode='COMPLIANCE',
    ObjectLockRetainUntilDate=datetime.now() + timedelta(days=2555)  # 7 years
)

Legal Holds

Beyond retention periods, you can place legal holds on objects:

# Place legal hold
s3.put_object_legal_hold(
    Bucket='compliance-records',
    Key='contract-v1.pdf',
    LegalHold={'Status': 'ON'}
)

Legal holds:

  • Prevent deletion regardless of retention period
  • Must be explicitly removed
  • Useful for litigation or investigation holds

Best Practices

  1. Plan retention policies before storing data
  2. Use Compliance mode for regulatory requirements
  3. Document your retention policies and procedures
  4. Test recovery procedures regularly
  5. Monitor object lock status in your compliance dashboard

Compliance Certifications

ElasticLake maintains certifications relevant to regulated industries:

  • SOC 2 Type II
  • ISO 27001
  • HIPAA eligible

Get Started

Ready to implement compliant storage? Contact our enterprise team to discuss your requirements.

Need help with compliance? Our team can guide you through implementation.

Ready to Try ElasticLake?

Start with our free tier and experience predictable cloud storage pricing.

Get Started Free More Articles