‘Air Gap’ Your Data with Tape, LTO Group Says
April 18, 2018 Alex Woodie
Here’s one more reason why tape’s demise has been prematurely recorded: Tape helps to protect data by providing an “air gap” between live production systems and protected data. That’s according to a new report sponsored by the LTO group. In other news, IBM made an LTO announcement that’s pertinent to IBM i shops.
In a new white paper issued last week, IDC raised the specter of tape-based storage systems providing an air gap that is actively thwarting attempts by cybercriminals to compromise production systems, in those that would otherwise be vulnerable to ransomware attacks.
“Recently, tape has shown itself to be an effective means of providing an ‘air gap’ between live data and protected data,” the IDC’s Phil Goodwin writes in his April 10 report, titled “Using Tape to Optimize Data Protection Costs and Mitigate the Risk of Ransomware for Data-Centric Organizations.”
“This air gap is essential to thwarting more sophisticated ransomware and malware that attempts to corrupt live, backup, and archive data simultaneously,” he continues. “While some are attempting to write-off tape, it has proven to be an important building block of a complete modern data protection plan all at the industry’s lowest cost per gigabyte.”
While the firewall is a better-known instrument (and metaphor) for protecting back-office systems from undesirable elements arriving via the Internet, the air gap approach is also worth considering.
Source: Guri, Mirsky, and Elovic SlideShare presentation.
“An air-gap is a cyber security measure for securing a computer network by physically isolating it from other networks, such as the public Internet or another unsecured local area network,” write security researchers Mordechai Guri, Yisroel Mirsky, and Yuval Elovic in a SlideShare presentation.
However, air gapped networks are not completely protected, and security researchers have demonstrated ways to compromise systems that are not connected to external networks, including via thermal, acoustic, optical, and radio channels.
Nevertheless, it’s worth noting that by storing data offline in a tape cartridge, a given piece of data benefits from an additional layer of protection from ransomware and other attacks than if that data was stored in an online database or file system.
The IDC’s Goodwin points out that, as data volumes continue to grow, failure to protect important data can make us all susceptible to ransomware attacks. “Unrecoverable data is a cardinal sin of data protection, yet our research shows that nearly 25% of organizations have suffered unrecoverable data loss within the past three years,” he writes.
Other forms of data protection – including data replication techniques like snapshots, mirrored databases, remote replications, and object storage – are designed to protect against system or site-related failures. “However, data corruption and malware can be unwittingly replicated, leading to unrecoverable data loss from malicious attacks, especially internal attacks such as those perpetrated by disgruntled employees,” Goodwin adds.
The cloud can provide some elements of data protection, but it’s not always the answer, “as its use does not inherently introduce an air gap into the data protection stream,” Goodwin notes. “The challenge for IT organizations is never allowing data to get into an unrecoverable state while ensuring that data is protected from unauthorized disclosure.”
In other news, IBM announced that customers who have purchased the encryption add-on for TS4500 tape libraries, known as feature number 1604, can now use multiple types of LTO media in the library. Big Blue also announced a new five-pack LTO 7 option. You can read the IBM announcements here (pdf).
