IBM TS4500 with LTO-9
In a recent article by well-known tech pundit Henry Newman proposed that tape was not viable as a stronger last line of defense against cyber attacks, specifically ransomware. I am not going to dispel any of what Henry has said, but I will point out facts in his recommended question sequence that should give pause for thought.
Let me first say that at very small installations you will find that I am a proponent of Flash as a BaR medium. This is at the TB to hundreds of TB range. I mean if you are going to spend the money and use a powered media why settle with disk. Tape at the very small capacity is designed for shipping, movement and interoperability of data where internet may not be available (yes that exists). Tape is a large scale usage the more data the more efficiencies tape offers, multi-PB to Exabyte is where tape lives. Stealing a line from the movie The Right Stuff: “out there where the demons lay!”.
Let’s take a look at those 7 questions:
Q: If a ransomware attack happens on your system(s) and all the data is encrypted, is it possible that the hacker has total control of your system(s), meaning administrative privileges?
A: Yes. Since all the system data is encrypted, the hackers have admin/root privileges.
This is very true, and they were able to encrypt the entire disk system in minutes.
Q: If a ransomware attack is in your system(s), can the attack get to all your data?
A: Yes. Since the attackers have admin/root privileges, they can get to all your data, including any tape robots and tape drives.
A root admin has access to all of your data. The disk systems are able to be encrypted to initiate the attack in minutes. To change the data on tape the attackers need to disable every tape and trap the data on tape. But if a fresh OS and system are brought on-line and isolated recovery is started the likelihood that the attack process was able to process all the media to rewrite the data or incapacitate the tape through data destruction would be very low.
As for attacking drives and libraries FW being attacked, this is a possibility. The drive would require external code build and delivery through the system, down time to upload and a lack of system monitoring in seeing the code upload. By Henry’s own admission tape access to all the data is “slow” wouldn’t the data destruction be slow as well. (We will address slow a little farther down).
The library has no access to data on tape, and simply shutting down the corrupted library stops all access to the media if a nefarious code was to be introduced. Once again the physical mechanisms and separation of duties in the tape system protect the data.
Q: If a ransomware attack happens and your backup is offline, can the attack get to your backup?
A: No. If the data is offline, meaning there is no network connectivity, the attackers cannot get to the data.
Q: If a ransomware attack happens in the future, is it likely that if tape is used, the attackers will use their system access to attack the tape library and robot since they did not get what they want?
A: Yes. As we have seen, hackers keep upping their game and it is just a matter of time before they add attacks on tape robots and libraries.
The upping of the game is always a certain. A big part of Security Risk Assessment is determining the likelihood of attack, the time to detect such an attack and the ease of mitigation and recovery.
Imagine if a library started cycling media through drives. Normal jobs would abend, SMTP would register high mount counts (a monitoring capability) and an intervention would be as easy as opening the door of the library which stops all future moves of media. Mitigation can be controlled by anyone in the data center. An investigation can be started with the media and drives online at the time.
Imagine as the attackers get savy and attack the disk drive Firmware, explode the entire accessibility on top of the encrypted data, by the time it is discovered the data is all gone.
I would recommend to not be scared, be prepared.
Q: Is tape slower than disk storage systems?
A: Yes. Though a single LTO-9 tape drive is 900 MB/sec maximum compressed speed and 400 MB/sec native, disk systems are far faster with a single disk drive in a RAID group at about 250 MB/sec.
Wait, a single drive in a RAID disk group, doesn’t that mean 6 drives? Yes you can get smaller drives RAID them for the 18TB compare and add the RAID card. But if you are only recovering 18TB I would recommend getting Flash and eliminate any concerns.
Tape at scale are many drives working together with erasure coding or access streaming the performance is balanced for a massive recovery.
Q: Does disk offer parity protection that tape does not?
A: Yes. RAID groups offer protection even though tape has a better bit error rate than disk does. Additionally, it is much easier to use cryptographic hashes with disk, and disk has channel and device error protection (T10 DIF/DIX).
And if you are going to use RAID groups and lose the full capacity of the HDDs you should be considering dual copy of erasure coding on tape as a viable scale alternative.
Q: Can you air gap a disk backup system?
A: Yes. Of course you can air gap disk-based backup systems.
I cannot argue with this, but we all recognize that at scale (PB to exabytes) having disk “sitting on the shelf” is not economical nor safe for long periods of time. Once again, waste gate data lose on Flash is very low, why not just use flash, a little more expensive, but when you plug it in it is going to be faster than HDDs.
I am not advocating that it cannot be done, but why not follow best practices 3-2-1-1. 3 copies, 2 different mediums, at least 1 off-site preferably 1 second location.
When it comes to security, you cannot be too careful, you also can ruin your business if you are not careful. The first duty of information security is to ensure the operation of the business. This includes insuring the business by taking all the right steps for the protection of systems and data.
I will end this blog by pointing out it is funny how perspectives change depending on who is paying your bills (again all respects):