Tape vendors have been promoting themselves as a solution to the ransomware problem because of their ability to provide air-gapped data backup, but trying to recover terabytes of data from a tape drive can be a little like, well, running into red tape.
These claims are lacking in engineering rigor and are seemingly just marketing pitches, but it’s hard to find a major tape vendor that hasn’t pushed this angle. Here are some examples:
Here are seven critical questions for examining vendor claims vs. reality, all simple yes or no questions, and then we’ll get to what you really need to know to design adequate backup protection from ransomware.
Q: If a ransomware attack happens on your system(s) and all the data is encrypted, is it possible that the hacker has total control of your system(s), meaning administrative privileges?
A: Yes. Since all the system data is encrypted, the hackers have admin/root privileges.
Q: If a ransomware attack is in your system(s), can the attack get to all your data?
A: Yes. Since the attackers have admin/root privileges, they can get to all your data, including any tape robots and tape drives.
Q: If a ransomware attack happens and your backup is offline, can the attack get to your backup?
A: No. If the data is offline, meaning there is no network connectivity, the attackers cannot get to the data.
Q: If a ransomware attack happens in the future, is it likely that if tape is used, the attackers will use their system access to attack the tape library and robot since they did not get what they want?
A: Yes. As we have seen, hackers keep upping their game and it is just a matter of time before they add attacks on tape robots and libraries.
Q: Is tape slower than disk storage systems?
A: Yes. Though a single LTO-9 tape drive is 900 MB/sec maximum compressed speed and 400 MB/sec native, disk systems are far faster with a single disk drive in a RAID group at about 250 MB/sec.
Q: Does disk offer parity protection that tape does not?
A: Yes. RAID groups offer protection even though tape has a better bit error rate than disk does. Additionally, it is much easier to use cryptographic hashes with disk, and disk has channel and device error protection (T10 DIF/DIX).
Q: Can you air gap a disk backup system?
A: Yes. Of course you can air gap disk-based backup systems.
Read more: Preparing for Ransomware: Are Backups Enough?
Tape vs. Disk: The Ransomware Issues
Let’s look at these issues in greater depth, and in the process get a better sense of what adequate ransomware protection looks like.
With ransomware, do hackers control your system?
If you are the victim of a ransomware attack and all your data is encrypted, it is clear that operating system security controls have been breached. Given that, any device attached to your system can most likely be accessed.
The claim that tapes are air gapped and therefore your data is protected by the design of the technology just does not pass the engineering rigor test. As you will see, it will just take them longer to encrypt the data on tape, and hackers will have to write some new code of course, which they do all the time.
Do hackers have access to all your data?
In a breached system, the hacker generally has access to any data on any device that is connected to your system. That means disk or tape, robot or drive. A device is a device. Yes, tapes are different to some degree and so are libraries, but it is not like hackers that can write code to control your whole system will be phased by a bit of technology they have not attacked before, and it is not like the information is not available on the internet. Again, the claim does not pass the sniff test.
Is offline really offline?
If a tape and/or disk system is not visible on the system (e.g. not connected) then the data is offline. This can be done via turning off a switch or switch ports that are connected to the storage device, powering down the storage device(s), or a variety of other methods. Could hackers potentially turn on switches or ports? Yes, but that would have to be a much more specific attack against a specific target, as you would need to know the switch passwords and get into the management network. Possible, but not likely in a general broad ransomware attack.
Will ransomware in the future attack tape libraries?
I used to live in Minnesota and the answer here is yah sure, you betcha. Hackers go where the money is, and that is why we recently had multiple attacks on small business NAS devices. It is just a matter of time until hackers add tape to the ransomware attack, and I would bet good money that hackers already have plans.
Is tape slower and more costly than disk for bandwidth?
Tape drives are not striped, but disks generally are put into stripe groups. Backup is not about backing up the data, but the time it takes to restore that data to meet your business requirements.
A quick search shows the cost of an LTO-8 drive (30TB compressed, 12TB uncompressed) as of late last week to be about $3500, and the cost of an 18 TB enterprise disk drive is about $525. I will estimate the cost of LTO-9 (45TB compressed/18TB uncompressed) at about $5000.
Using LTO-8/9 performance data, here is the time it takes to read a whole tape and 1PB of tape, not including rewinding and reloading the tapes, so these numbers are well beyond best case.
LTO 8/9 Recovery Time |
||||
LTO-8 | TB | MB/sec | Time to read whole tape best case in seconds | Restore Time per PB in Days not including rewind and reload |
Uncompressed | 12 | 360 | 33,333 | 32 |
Compressed | 30 | 900 | 33,333 | 13 |
LTO-9 | TB | MB/sec | Time to read whole tape best case in seconds | Restore Time per PB in Days not including rewind and reload |
Uncompressed | 18 | 400 | 45,000 | 29 |
Compressed | 45 | 1000 | 45,000 | 12 |
When you need to restore from backup, these are often critical events. So how does tape compare with disk in terms of $/MB/sec?
Tape Recovery Costs |
|||
LTO-8 | MB/sec | Cost LTO-8 as per Google | $ Per MB/sec LTO-8 from Google |
Uncompressed | 360 | $3,500 | $9.72 |
Compressed | 900 | $3,500 | $3.89 |
LTO-9 | MB/sec | Cost LTO-8 as per Google | $ Per MB/sec LTO-8 Est. |
Uncompressed | 400 | 3500 | $8.75 |
Compressed | 1000 | 3500 | $3.50 |
Disk Recovery Costs |
||
Disk MB/sec – Enterprise 18 TB Drive | Cost per 18 TB drive | $ Per MB/sec Disk |
275 | $500 | $1.82 |
As for recovery time, even an $1100 low-end RAID card could restore data six times faster than the best LTO performance, so the advantage is overwhelmingly in disk’s favor.
Let’s assume that the data is compressed 2.5 to 1, which for some data like video is never going to happen because you get no compression. Even at 2.5 to 1 compression, tape bandwidth is 92% more than disk bandwidth on a per device basis. With RAID controllers and/or software RAID methods, you can easily get many 10s of GB/sec of bandwidth to restore data from a single set of SAS connections. Doing that with tape is very expensive and requires architectural planning. So the bottom line is you can surely backup to tape and it is cost effective – for backup, that is. If you actually need to restore that data quickly, you have my best wishes.
Is disk striped and parity protected?
Tape vendors often state that the BER (bit error rate) of tape is far better than disk, which is 100% true, but you can make up for tape’s advantage with RAID methods that check the reliability of your data and ensure that what you wrote is what you read. This has been the case with RAID since the early 1990s, with parity check on read to validate the data. With other ANSI standard techniques – which sadly are not used often enough – such as T10 PI/DIX you can achieve data integrity on a single device equal to or greater than tape. The net-net here is disk is far faster than tape, as there is native striping that has been in use at least since the 1980s with RAID methods, and disk can achieve equal data integrity to tape.
Can you air gap disk systems?
Is the pope Catholic? Air gapping requires changing your process, either by turning off switch ports from the management network, or better yet, powering off the switch connected to the storage or powering off the storage. The method to power on should be controlled on a completely different network with, of course, different passwords.
There’s a Reason They Call It Backup and Recovery
The most often overlooked part of data backup is the recovery part – the longer it takes to restore your data, the more damage it can do to your business.
Yes, tape can be air gapped but so can disk. Does tape provide better protection against ransomware? Likely, but is it so much slower than disk that you can turn off your system and turn on when you need to. Does having slower restoration make tape a better defense against a ransomware attack? As far as I can see, the marketing claims made by tape vendors do not hold up to a rigorous engineering analysis. If you want to use tape, that is your choice and there might be good reasons, but disk-based backups can be air gapped just like tape, for lower cost and with a much faster recovery time. Why tape vendors are making claims such as this, I will leave it to readers to speculate.
Further reading: Preparing for Ransomware: Are Backups Enough?
Henry Newman, CTO of Seagate Government Solutions, has worked in HPC and secure computing environments for nearly four decades, and has been a columnist for TechnologyAdvice websites for 20 years. Among his articles for eSecurity Planet was a 2017 warning about software supply chain security – a prediction that became reality with the 2020 SolarWinds attack.
The views and opinions expressed in this article are those of the author and do not necessarily reflect any policy or position of Seagate Government Solutions or Seagate Technology.