Research Finder
Find by Keyword
Wasabi Introduces Covert Copy to Strengthen Storage-Native Cyber Resilience
A hidden, immutable object-storage capability designed for ransomware defense, compliance, and reliable data recovery – at no extra cost
12/04/2025
Key Highlights:
- Wasabi has launched Covert Copy, a patent-pending capability that creates an immutable, invisible secondary copy of selected object-storage buckets.
- The hidden copy cannot be viewed, enumerated, modified, or deleted without multi-user authentication, which strengthens protection against ransomware and insider threats.
- This capability is integrated directly into Wasabi Hot Cloud Storage with no additional infrastructure, cost, or workflow changes required.
- It aligns with the needs of regulated industries that require tamper-proof retention, administrative isolation, and automated policy controls.
- Covert Copy is available immediately at no extra cost, consistent with Wasabi’s predictable pricing model and emphasis on operational simplicity.
The News
Wasabi has introduced Covert Copy, a patent-pending capability that creates an immutable, invisible secondary copy of selected object-storage buckets. The hidden copy cannot be viewed, enumerated, modified, or deleted without multi-user authentication, which strengthens protection against ransomware and insider threats. Covert Copy integrates directly into Wasabi Hot Cloud Storage with no additional infrastructure, fees, or workflow changes. Full details are available in Wasabi’s press release.
Analyst Take
Covert Copy addresses a clear and growing requirement in object-storage environments: the need to maintain a protected, isolated version of essential data without adding systems, workflows, or operational overhead. As organizations shift more operational datasets, logs, model artifacts, and backup content into object storage, the consequences of corruption or deletion have increased. A hidden, immutable copy provides a dependable path to recovery even if the primary buckets are compromised.
Financial services, healthcare, government, and other compliance-focused sectors increasingly require tamper-proof retention, administrative isolation, and predictable, automated policy enforcement. In my view, Covert Copy supports these needs by allowing organizations to tie hidden copies directly to lifecycle policies and retention rules while avoiding the complexity of external air-gap infrastructure.
AI pipelines, curated lakehouse zones, training datasets, and feature stores all rely on object storage. Interruptions or corruption at this level can stall or distort production workflows. Covert Copy offers a clean rollback point that helps teams restore data pipelines quickly and confidently.
To access a Covert Copy, organizations must use root credentials, root MFA, and obtain approval through multi-user authentication. Any granted access lasts only for a 24-hour window before the bucket locks again. This controlled, time-bound restoration model strengthens the isolation design and significantly reduces exposure from compromised credentials or privileged misuse.
Covert Copy buckets remain fully invisible in normal bucket listings and API queries and appear only in a dedicated view in the Wasabi console, reinforcing the principle that protected data copies should remain undiscoverable unless a verified access request is approved.
I believe an important aspect of this announcement is Wasabi’s continued focus on affordability. This capability is included at no additional cost, which matters for organizations that do not have the budgets of large global enterprises. Many smaller IT teams, municipalities, clinics, school systems, and regional service providers face the same ransomware and compliance pressures as large institutions but often cannot justify the expense or complexity of multi-system air-gap architectures. Wasabi’s decision to embed this level of protection directly into its core storage service keeps higher levels of protection within reach for a broader set of customers.
Covert Copy also adds protection in situations where insider threats or credential compromise are a concern. As the company states, attackers cannot delete what they cannot see. Multi-user authentication reduces the risk that a single compromised account can alter protected data. The design fits well with the principles I have heard from the Wasabi leadership team: keep storage simple, predictable, and resilient without adding layers of operational burden. This approach strengthens the safety of object-storage environments in a direct and customer-focused way.
Wasabi’s broader approach to cyber-resilient storage emphasizes strong baseline security without complex layering or premium pricing. Wasabi’s strategy includes encryption by default, strong access controls, Object Lock for immutability, regional redundancy options, and an architecture designed to avoid unexpected costs. In my view, Wasabi extends this strategy by adding a storage-native protection layer that helps customers recover from threats even when attackers target administrative access or storage configuration.
What Was Announced
Wasabi announced the availability of Covert Copy, a patent-pending capability within Wasabi Hot Cloud Storage that allows organizations to generate a hidden, immutable secondary copy of selected object-storage buckets. Once enabled, the platform creates a duplicate version of the data that is isolated from administrative access, cannot be enumerated through the console or APIs, and is protected by strict multi-user authentication controls. This gives organizations a storage-level recovery point that remains intact even if primary buckets are compromised by ransomware, insider threats, or accidental deletion.
Covert Copy presents a streamlined and tightly integrated approach: users only need to select the buckets they wish to protect and initiate the protection via console or API. Administrators can choose to include specific object versions, apply filters, or protect the full bucket contents, aligning the protection scope with existing lifecycle and retention practices. The immutable, hidden copy is created and managed transparently by Wasabi. From the user’s perspective, data protection becomes as simple as a few clicks, with protection built into the storage tier itself.
Once a bucket is fully populated, nothing new is ever written to it. It becomes a fixed recovery point with no ongoing synchronization to production workloads, which reduces operational exposure and preserves a clean baseline for recovery.
Administrators can enable Covert Copy through the Wasabi console or API and apply it to individual buckets or defined groups, allowing the feature to integrate naturally with existing lifecycle policies and retention rules. Because the capability is built directly into Wasabi Hot Cloud Storage, customers do not need to deploy additional infrastructure, manage external systems, or modify their current protection workflows. Covert Copy operates on a rolling 30-day protection cycle. The copy remains locked unless an administrator intentionally disables auto-renewal, and even then, deletion requires multi-user authentication and cannot occur until the full protection window elapses. This adds another safeguard against accidental or unauthorized removal.
Covert Copy is included at no additional cost, consistent with Wasabi’s focus on predictable and straightforward pricing.
Looking Ahead
Covert Copy is likely to play a meaningful role as organizations shift more AI and analytics workloads into production environments. These workloads depend on reliable object storage for training datasets, curated lakehouse zones, inference pipelines, and continuous data ingestion. The quality, integrity, and recoverability of that data will influence the dependability of downstream models and analytical outputs. Hidden immutable copies offer a practical way to maintain clean baselines and restore operations quickly after corruption, deletion, or attack.
I will look for adoption in regulated industries, where tamper-proof retention and administrative isolation are increasingly non-negotiable. Mid-sized financial institutions, healthcare systems, government agencies, and education providers often manage tight budgets yet face the same data-integrity requirements as large enterprises. Covert Copy’s integration into the base storage service could give these organizations a level of resilience typically associated with more complex and expensive architectures.
From a competitive standpoint, creating isolated, tamper-proof copies of data often requires organizations to manage multiple tools, accounts, and protection workflows, which increases both complexity and operational risk. Covert Copy streamlines this by delivering hidden, immutable protection directly within the storage layer, reducing the chance of misconfiguration or gaps in recovery.
Platform expansion is another area to watch. Wasabi’s stated intention to bring this new capability to its high-performance SSD tier indicates that this capability is becoming a foundational part of the company’s storage roadmap. Extended to Wasabi Fire in 2026, the feature would support high-speed workloads that include AI training, real-time analytics, and large-scale data ingestion.
Over time, storage-native immutability and hidden copies may reshape how organizations design their recovery strategies. Traditional approaches that rely on separate systems, air-gap hardware, or multi-tiered backup architectures may evolve as object storage itself becomes a more capable foundation for resilience. If this trend continues, Covert Copy could signal a broader shift toward embedded, always-available protection within cloud storage platforms.
In my view, this announcement strengthens Wasabi’s position in the object-storage market by providing a straightforward, affordable, and effective way to safeguard critical data. As AI and data-intensive workloads expand, and as regulatory pressures continue to rise, storage-native capabilities like this will become increasingly important for organizations seeking reliable and cost-conscious resilience.
Don Gentile | Analyst-in-Residence -- Storage & Data Resiliency
Don Gentile brings three decades of experience turning complex enterprise technologies into clear, differentiated narratives that drive competitive relevance and market leadership. He has helped shape iconic infrastructure platforms including IBM z16 and z17 mainframes, HPE ProLiant servers, and HPE GreenLake — guiding strategies that connect technology innovation with customer needs and fast-moving market dynamics.
His current focus spans flash storage, storage area networking, hyperconverged infrastructure (HCI), software-defined storage (SDS), hybrid cloud storage, Ceph/open source, cyber resiliency, and emerging models for integrating AI workloads across storage and compute. By applying deep knowledge of infrastructure technologies with proven skills in positioning, content strategy, and thought leadership, Don helps vendors sharpen their story, differentiate their offerings, and achieve stronger competitive standing across business, media, and technical audiences.