Many security compliance policies, such as corporate or government data retention policies, may specify that data is to be retained without modification for a specified period of time. For example, compliance storage may provide data retention with write-once-read-many (WORM) access for retained data. A compliance application may be specifically developed to implement a data retention policy for a certain application or set of applications. For example, the compliance application may understand how data is maintained by a database application. Accordingly, the compliance application may copy data, satisfying the data retention policy (e.g., database data that has not been modified for at least 3 days), from primary storage used by the database application to the compliance storage for lockdown for a lockdown retention period (e.g., the data may be retained in the compliance storage, with WORM access, for 2 months).
Some computing environments may not have access to a compliance application that understands how to implement a data retention policy for a particular application (e.g., a storage server may not have access to a compliance application; the storage server may host a custom storage application for which a compliance application does not understand how to implement a data retention policy; etc.). Accordingly, a data scanner may be configured to implement auto commit functionality. The data scanner may periodically or continuously walk a data container, such as a volume, to identify and commit files to compliance storage for data retention. For example, the data scanner may auto commit files to compliance storage for lockdown by identifying files that not have been modified for an auto commit time period, such as 3 days. Unfortunately, the data scanner cannot instantaneously traverse the data container, and thus files may not be auto committed to compliance storage at a time when such files satisfy the auto commit time period (e.g., 5 minutes may lapse from when a file has satisfied the 3 day data retention criteria and the data scanner evaluating the file for auto commit to compliance storage). Thus, the data retention policy may not be adequately satisfied and/or security vulnerabilities or data loss may occur. Additionally, the data scanner may utilize a system clock, which may be vulnerable to malicious tampering by a user or storage administrator, for determining how long a file has gone unmodified. As more data containers, such as volumes, are to be monitored by the compliance application, the compliance application may be unable to scale appropriately because the compliance application scans each data container for identifying data for compliance storage lockdown.