Tape storage has been around for a long time. It was one of the first ways to store large amounts of data, and it’s still used today in many cases. But is tape storage air-gapped? Can tape storage be successfully attacked by ransomware? And what are the backup and recovery challenges that come along with tape storage?
We’ll answer all these questions in this blog post!
Is tape storage air-gapped?
Tape systems aren’t innately air-gapped. The way they are deployed and used determines how secure and air-gapped they are.
If tape storage is connected to the same network as the production environment or backup server(s), then it’s not air-gapped. That’s because ransomware attacks all connected storage systems in a network.
Alternatively, if different tape storage arrays are manually rotated and often offline, then they are air-gapped as long as they are disconnected and offline; for the most part. However, this process is error-prone and it puts your business data at risk. Which is why most data protection experts advise automation rather than relying on manual processes.
Can ransomware attack data stored in tape storage?
With each ransomware attack, hackers invest more resources into improving the code and evolving the malware. In the past, ransomware would only target your production environment. Today, ransomware is programmed to target your production environment, data storage system, backup servers, tape libraries, and any other device connected to the network.
Most ransomware lay dormant for months, tracking target storage repositories and connected tape libraries, before attacking the network. This implies that even if you’re manually rotating tape arrays daily, it’s likely that ransomware will still get to it.
Unless you’re using a software that let’s you set up Write-Once Read-Many (WORM) volumes using tape drive(s) or your tape storage is offline and disconnected, ransomware will maliciously encrypt the data stored in them.
Backup and recovery challenges of using tape storage
If you decide to use tape storage as a primary backup repository and restore measure for your critical business data centers, then there are a number of challenges you need to be aware of:
- Writing backup data to magnetic tape drives is slower in comparison to disk drives. This implies that the larger the volume of data, the longer it’ll take for it to be written to the tape library. The tape library will be connected to the network and hence the data stored in it will be vulnerable to ransomware.
- In addition to the slow write speeds, restoring your data center using tape backups is also slower than when it’s done using disks. In the event of a successful ransomware attack, this increases downtime and the resulting loss of money, reputation, and business.
- Integrating hardware RAID controllers and/or software RAID with tape drives is expensive and requires additional components and planning.
Should you use tape storage for backup and recovery?
In general tape storage is not recommended as a backup and recovery repository. This is because of tape media’s slow write speeds, security risks, and cost.
If you still insist on using tape storage for backup purposes then here are a few tape-specific best practices to follow:
Use encryption to secure tape backups
Give tape libraries a dedicated network connection and segment them off from the rest of your production environment using firewalls, routers, etc.
If possible keep tape drives offline when not in use for backup and/or rotate tape media daily.
Using encryption features such as AES 256-bit encryption for data at rest and SSL/TLS for data transfers also adds a necessary layer of data protection.
Long term archiving
Tape storage is still used today in many cases because it provides tape media that is high capacity and has long-term archival capabilities.
Media stored in tape systems can last up to 30 years, and it’s still possible for tape media manufacturers such as Sony and Fujifilm to extend this shelf life even further. Tape storage used by the military is said to be safe from data deterioration for at least 50 years.
This makes tape drives a good repository for backup data that needs to be retained for years as per compliance regulations or internal business policies.
Transfer large volumes of cold data
Tape’s low weight and portability is also an advantage in various enterprise industries. Large amounts of tape with large capacities are able to be moved with ease compared to traditional disks which weigh significantly more.
Energy efficient: Less power consumption
Tape media allows for less power in comparison to disk-based systems making it perfect for usage in remote locations where power availability can be challenging.
How to effectively use tape storage?
This means that tape is often seen merely as an auxiliary or offline “archive” solution when in reality it should be used alongside disk-based systems by leveraging its strengths and compensating for tape’s weaknesses.
The best way to use tape storage is by using it as an archive solution where you write and store older data that isn’t accessed frequently, but needs to be retained for regulatory or business reasons so that the information can still be retrieved long-term.
If your backup process involves rotating tapes on a daily basis then tape storage makes the most sense as a long-term archive solution where you write and store your data once, but can still access it years later.
As an additional bonus tape storage is space efficient which means that if you’re running out of disk capacity or rack space in your data center then tape will be able to help alleviate this problem as well.
Tape storage is not a silver bullet solution to data backup and recovery, but it does have some distinct advantages over disk-based systems that make tape drives an important cog in your archival system.
Conclusion
Tape storage is a cost-effective way to store data that can be used for many purposes. However, there are some drawbacks when it comes to using tape storage as your primary backup system.
First of all, while the contents on tape may not have been exposed in a ransomware attack or malware infection yet, this doesn’t mean they won’t ever get attacked and become compromised over time.
The second issue with relying solely on tapes is how difficult it can be if you need to recover any lost data from them because tapes take so long to access and read – which could lead to huge delays depending on what type of downtime you’re trying to avoid!
We can help you leverage your tape storage for long term backup data archiving. Contact us to discuss your projects today!