CMORG: Data Vaulting Requires Integrity Checks

CMORG’s Data Vaulting Guidance: Integrity Validation Is Now a Core Requirement

In January 2025, the Cross Market Operational Resilience Group (CMORG) published Cloud-Hosted Data Vaulting: Good Practice Guidance. It is a timely and important contribution to the operational resilience of the UK financial sector.

CMORG deserves recognition for treating recovery architecture as a priority, not a future initiative. In financial services, the consequences of a cyber event extend well beyond a single institution. When critical systems are disrupted and recovery fails, the impact can cascade across customers, counterparties, and markets. The broader issue is confidence. A high-profile failure to recover can create damage that reaches far beyond the affected firm.

This is why CMORG’s cross-industry collaboration matters. It reflects an understanding that resilience is a shared responsibility.

Important Theme: Integrity Validation

The guidance does a strong job outlining the principles of cloud-hosted vaulting, including isolation, immutability, access control, and key management. These are necessary design elements for protecting recovery data against compromise.

But a highly significant element of the document is its emphasis on integrity validation as a core requirement.

CMORG Foundation Principle #11 states:

“The data vault solution must have the ability to run analytics against its objects to check integrity and for any anomalies without executing the object. Integrity checks must be done prior to securing the data, doing it post will not ensure recovery of the original data or the service that the data supported.”

This is a critical point. Immutability can prevent changes after data is stored, but it cannot ensure that the data was clean and recoverable at the time it was vaulted. If compromised data is written into an immutable environment, it becomes a permanently protected failure point.

Integrity validation must occur before data becomes the organization’s final recovery source of truth.

CMORG Directly Addresses the Risk of Vaulting Corrupted Data

CMORG reinforces this reality in Annex A, Use Case #2, which addresses data corruption events:

“For this use case when data is ‘damaged’ or has been manipulated having the data vaulted would not help, since the vaulted data would have backed up the ‘damaged’ data. This is where one would need error detection and data integrity checks either via the application or via the backup product.”

This is one of the most important observations in the document. Vaulting can provide secure retention and isolation, but it cannot determine whether the data entering the vault is trustworthy. Without integrity controls, vaulting can unintentionally preserve compromised recovery points.

The Threat Model Has Changed

The guidance aligns with what many organizations are experiencing in practice. Cyber-attacks are no longer limited to fast encryption events. Attackers increasingly focus on compromising recovery, degrading integrity over time, and targeting backups and recovery infrastructure.

These attacks may involve selective encryption, gradual corruption, manipulation of critical datasets, or compromise of backup management systems prior to detonation. In many cases, the goal is to eliminate confidence in restoration and increase leverage during extortion.

The longer these attacks go undetected, the more likely compromised data is replicated across snapshots, backups, vaults, and long-term retention copies. At that point, recovery becomes uncertain and time-consuming, even if recovery infrastructure remains available.

Why Integrity Scanning Must Happen Before Data Is Secured

CMORG’s point about validating integrity before data is secured is particularly important. Detection timing directly affects recovery outcomes. Early detection preserves clean recovery points and reduces the scope of failed recovery points. Late detection increases the likelihood that all available recovery copies contain the same corruption or compromise.

This is why Elastio’s approach is focused on integrity validation of data before it becomes the foundation of recovery. Organizations need a way to identify ransomware encryption patterns and corruption within data early for recovery to be predictable and defensible.

A Meaningful Step Forward for the Industry

CMORG’s cloud-hosted data vaulting guidance represents an important milestone. It reflects a mature view of resilience that recognizes vaulting and immutability as foundational, but incomplete without integrity validation. The integrity of data must be treated as a primary control.

CMORG is correct to call this out. It is one of the clearest statements published by an industry body on what effective cyber vaulting must include to support real recovery.