Enabling Ransomware Protection and CV WORM are definitely steps towards securing your data, they do not constitute making the data immutable (unless you’re using HyperScale X).
As Mike notes, Ransomware Protection makes sure non-CV processes cannot access your data from any compromised MAs. CV WORM makes sure no one accidently or maliciously deletes data before it has reached it’s configured retention from the CV GUI. They compliment each other.
What’s missing from an immutability perspective is direct access. If you’re using a NAS storage array, with the right credentials you could map to the \\nas\share from your laptop (or any computer) and delete the data directly. This bypasses the CV stack, so the RP+WORM options cannot help.
To make the data immutable, we need RP+WORM enabled, plus one of these:
1) Use Commvault HyperScale X storage. These have storage which is local to the MAs and not presented externally to the network, so no horizontal access to the data.
2) Enable “immutability” on your storage/cloud. This is a more complex discussion, but note it will require periodic sealing of your DDBs and you’ll consume 3x your normal storage.
Thanks,
Scott