Another big year for tape as ... oops. 2020 sales dropped 8% thanks to 'global shutdowns' Despite a record year in 2019 that many analysts believed would only be topped in 2020, a report by tape storage heavyweights at the LTO org says the medium's sales dropped significantly last year – by nearly 8 per cent – with 105,198PB of total tape capacity (compressed) shipped. Tape shipments over the past few years have …
But why would we need tape now?
We use the cloud for e v e r y t h i n g and it is completely safe and secure and nothing can go wrong with it. That nice salesman told me that, just before he jetted off for his month-long holiday in Barbados, once I signed that lengthy contract that I didn't bother to read.
Tape is dead; long live the cloud!
How very post-modern ironic of you. The world+dog does a cost-benefit trade off, comes up with an answer. And you think everyone is just all stupid, Ok.
Consider an alternative. You are correct for your own business, and they are correct for theirs. And this data shows that your use case is a shrinking percentage of the world.
What does that tell you about your business use-case future?
Horses for courses, certainly that’s always true. But tape is still dying.
The point you are missing is that there is a feedback mechanism between sales, R&D spend, and price. As a tech becomes more niche, there is simply less profit to re-invest in the next generation. Which means both that the next generation lags, and that the price goes up. Which means fewer buyers, and cycle repeats.
TLDR;
You have a valid use-case. But world+dog isn’t going to subsidise it.
> that never touched digital technology.
about that...
if the makers of those tapes are not using digital intermediate step, but are instead degrading their original master, they are simply stupid
yes, tape mastering is usually much better, as it is from before loudness wars, but it has nothing to do with digital vs analog
That's just an argument for cold backups. Whether disk or tape, as long as you don't have it online, it can't be encrypted after the fact. Also a good argument for frequently testing such things, as a ransomware operator who recognizes that you have cold backups might hit some of those first so they're unavailable when you go to restore. If you can catch it when your most recent cold backup is encrypted, then you might be able to cut off the attack on the hot systems which are targeted later.
This is why you air-gap your backup network where possible. I remember reading about some guy that removed the routes to the backup server from the switch's routing table when the backups were finished, probably just as effective while retaining some usability and automation.
Not so much about ransomware, but "air gap" as in "not in the same building" also has its advantages such as e.g. a fire, flood or whatevs. I picked that one up from a former employer who I think had discovered this the hard way back in the 1970s so they'd swap the batches of backup tapes with those at a neighbouring site on a regular basis. I do much the same with my home backups, given that of all our stuff, data is probably our most precious possession. Scary that so many people have just one copy of all their photos, correspondence, digital creations, music etc on a phone or laptop... I occasionally try to lecture friends about backing up but it's a difficult subject to get people excited about!
Admittedly a bit off-topic and I admit I use hard drives to backup my home stuff but at least it means it gets done regularly.
<blockquote>Also a good argument for frequently testing such things, as a ransomware operator who recognizes that you have cold backups might hit some of those first</blockquote>
Except ransomware can "hit some of those" in a way that they will still verify and restore and run just fine... right up until you hit a certain date when the self encryption locks down.
The real answer is host based intrusion detection systems. You do have Tripwire / Samhain, etc., installed and running reports at least weekly on all your servers, don't you? Required by PCI-DSS if you're handling credit cards, and an excellent idea on all other servers, too. Tells you when your files get silently damaged by corrupt hardware or misbehaving software, even without malevolent intruders.
"Except ransomware can "hit some of those" in a way that they will still verify and restore and run just fine... right up until you hit a certain date when the self encryption locks down."
I'm no expert, but I'd imagine that's rather harder to do with basic tapes or disks. Unless you can reprogram the firmware on a tape reader or disk controller, then it can't encrypt itself on a schedule. The closest I can think is that they would bother to deploy something to the restore system just to hide that the individual tape was encrypted, but that's a large risk because that would have to include the decryption key which they don't want the user to recover. Also, it's a lot of extra effort. Your prevention suggestions are good.
You don't need to "encrypt on a schedule," you can encrypt files on the disk right away but insert code in all the executables which enables them to read the encrypted files... until a certain date is reached.
If you have a hint this is happening, you could restore to a clean system, with the date set to the past, and absolutely no network connectivity (which would make it possible for the code to see it's being tricked). But it would be sophisticated enough to befuddle most techs, and make recovery from backups difficult and slow at best.
Errrrr, no, because any system that allows you to decrypt a file naturally posesses the decryption key, which means you can just decrypt it yourself later as long as you have the backup. I can't think of any ransomware solution out there right now that works like this.
And backup restores don't have to be on a live system. Just restore from backup, decrypt the files using the known decryption key(s), and clean the bits from the executables. It will be tedious yes but I imagine entirely automatable with some work. At that point the entire scheme is thwarted and even after being "encrypted" no data is truly lost from that time period. Alternatively just restore from earlier backup.
You also can't tell me that major AV vendors will not have a decryption tool ready in like a day or two after the first in-the-wild samples are analyzed.
Who is disconnecting their disk based backup server from the network after a backup? What happens when you run the next backup, and it has to be connected again? Ransomware is persistent, once it gets in your network it will be around when your next backup is run. A disk based backup server has access to ALL your backups (unless you make separate offline backups, using something that never allows for the opportunity to overwrite non-expired backups) so ransomware can trash them all.
Can't do that with tape, if tapes are physically exported from the silo on a regular basis. Even if they are left in the silo, ransomware would have to be execute the right instructions to get it to put old tapes into the drives to overwrite them. While that's possible to do I doubt any ransomware is that sophisticated - they are going for volume, not to insure 100% of their attacks are successful by covering every corner case.
"Who is disconnecting their disk based backup server from the network after a backup?"
Don't conflate the server and the storage medium. To quote doublelayer "That's just an argument for cold backups. Whether disk or tape, as long as you don't have it online, it can't be encrypted after the fact."
Yes, plenty of backup servers store to disks that are kept offline. Look up RDX drives.
OK that looks like something that might backup a small office. No one is going to use drives that store a max of 4 TB each in an enterprise environment, that would be far more labor intensive than tape backups due to the small size and with a greater chance of loss of data since dropping a disk drive is much more likely to be a problem than dropping a tape cartridge.
So while in theory you're right, in practice I doubt this use is very widespread. I've consulted in enterprises for 20 years, and never seen anyone using removable disks for backup.
A disk which stores 4 TB versus a tape which stores 6 TB. If they're fast at installing new drives, that can take the storage capacity up to 9 TB per tape. They could also start using larger disks. That's not a major difference.
The reason large companies often use tapes instead of disks for cold backups is that it's cheaper once you use enough storage to cover the costs of readers. It's also generally thought better for long-term archives. For cold backups for short-term periods, disk works well too and the hardware exists for it.
We utilize Veeam on an enterprise-grade SAN with multiple RAID arrays for both cold and warm storage. We have the ability to swap out arrays of disks for offline storage. It's really not as rare as you seem to think.
And yes, our disks are rather "small" at I believe 4-8TB each depending on the performance target.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
