File immutability using a deduplication file system in a public cloud using new filesystem redirection

What is claimed is: 1. A computer-implemented method, comprising: defining a protection duration from a first date to a fixed future date; applying a retention lock to one or more data objects stored in a first filesystem in cloud storage during the protection duration, the retention lock preventing deletion, modification or movement of the data objects by an unauthorized entity; defining a renew threshold date within the protection duration; spawning, on the renew threshold date, a new filesystem in the cloud storage; writing a data object to the cloud through a cloud bucket using a PUT request; adding appropriate headers in the PUT request to ensure objects are locked as part of a write operation of the data object itself; redirecting all new data objects to the new filesystem, wherein the new data objects are locked for the protection duration; and destroying the first filesystem. 2. The method of claim 1 further comprising: cleaning up expired objects from the first filesystem; and spawning additional filesystems repeatedly during the protection duration to provide complete protection to all data objects in the cloud storage. 3. The method of claim 1 wherein the protection duration is selected based on a data ingest rate and an amount of data turned over by a garbage collection cycle, and further wherein the retention lock is a compliance retention lock. 4. The method of claim 1 wherein the redirecting step is performed using an operating system scale-out architecture that a manages storage resources for space balancing. 5. The method of claim 1 wherein the redirecting step is performed by one of: using automated processes to make clients aware of the new filesystem, or using manual modifications in the clients to point to the new filesystem. 6. The method of claim 1 wherein the first date corresponds to a date that a first data object is written to the cloud storage, and wherein the renew threshold date is selected based on one of: a proportion of the protection duration, or a total cleanable space. 7. The method of claim 1 wherein the cloud storage comprises part of a deduplication backup system including a process executed by a data storage server running a deduplication filesystem. 8. The method of claim 7 wherein each of the first and new filesystems are deduplication filesystems. 9. A computer-implemented method, comprising: defining a repeatable retention lock period recurring from a fixed date, with each retention lock period having a fixed end date; applying a retention lock to one or more data objects stored in a first filesystem in cloud storage during each retention lock period, wherein the retention lock protects data objects written any time during a respective retention lock period only up to the corresponding fixed end date; defining a renew threshold date for each retention lock period within the protection duration; spawning, on each renew threshold date, a new filesystem in the cloud storage; writing a data object to the cloud through a cloud bucket using a PUT request; adding appropriate headers in the PUT request to ensure objects are locked as part of a write operation of the data object itself; redirecting all new data objects to the corresponding new filesystem, wherein the new data objects are locked for the protection duration; and destroying the first filesystem. 10. The method of claim 9 wherein the redirecting step is performed using an operating system scale-out architecture that a manages storage resources for space balancing. 11. The method of claim 9 wherein the redirecting step is performed by one of: using automated processes to make clients aware of the new filesystem, or using manual modifications in the clients to point to the new filesystem. 12. The method of claim 9 wherein the retention lock preventing deletion, modification or movement of the data objects by an unauthorized entity. 13. The method of claim 12 wherein the repeatable retention lock period is recurred as long as new data objects are written to cloud storage, or live data objects are carried forward by a garbage collection operation, and wherein the renew threshold date is selected based on one of: a proportion of the retention lock period, or a total cleanable space. 14. The method of claim 13 wherein the retention lock period is selected based on a data ingest rate and an amount of data turned over by each garbage collection cycle, and wherein the retention lock is a compliance retention lock. 15. The method of claim 9 wherein the cloud storage comprises part of a deduplication backup system including a process executed by a data storage server running a deduplication filesystem, and wherein each of the first and new filesystems are deduplication filesystems.