Companies Are Once Again Storing Data On Tape, Just in Case

An anonymous reader shares a report: To stay up to date in the battle against hackers, some companies are turning to a 1950s technology. Storing data on tape seems impossibly inconvenient in an age of easy-access cloud computing. But that is the big security advantage of this vintage technology, since hackers have no way to get at the information. The federal government, financial-services firms, health insurers and other regulated industries still keep tape as a backup to digital records. Now a range of other companies are returning to tape as hackers get smarter about penetrating defenses -- and do much more damage when they do get in. Rob Pritchard, founder of the Cyber Security Expert consulting firm and associate fellow at the Royal United Services Institute think tank, has noticed the steady resurgence of tape as part of best-practice backup strategies. "Companies of all sizes must be able to restore data quickly if needed," he says, "but also have a robust, slower-time, recovery mechanism should the worst happen." Mr. Pritchard, who works with a range of organizations to improve corporate cybersecurity practices, says: "A good backup strategy will have multiple layers. Cloud and online services have their place, but can be compromised."

it never went away

[banbeans]

It never went away at smart companies and those in regulated industries.

It's a reliable long-term storage medium

[blind+biker]

In terms of longevity, I classify storage this way, from short to long term:
- SSD
- 5.25" floppy disks (anachronistic, but existing)
- hard drives
- Taiyo Yuden CDs and DVDs
- EPROMs
- magnetic tape
- masked ROMs
- books

Then there's the other half

[93+Escort+Wagon]

If you're backing up your company's data to tape... have you - even once - went through the restore process to make sure you can actually recover it?

Re:Tape?

[Kjella]

Reliability, portability, and length of time the data can be stored, possibly speed. LTO-4 and lower is definitely going to be slower. LTO-5+ might be faster for writing depending on the RAID setup.

If it's any kind of high performance system you usually do mirroring to a "hot" backup then do backup to tape from there so speed is not that relevant. You can do pretty well on reliability and portability by simply making many redundant copies. I don't think I'd plan to use it as ordinary backup, not even occasionally. To me tape belongs in the disaster recovery plan, like what if hackers root our servers or a rouge sysadmin goes berserk. The "put it on a tape, stick in a vault and pray you'll never need it but if you do you'll be really happy to have it" kind of backup.

This is particularly true if it's for legal compliance or you're the one maintaining the master data, imagine if you're say the DMV and lose the database of what driver licenses or license plates you've issued. Even in most epic of epic fuck-ups that wouldn't be acceptable. But I'm thinking it's the kind of service you contract out to a third party, maybe even with your own encryption because it doesn't really pay off until you've got huge amounts of data and a perspective of years and decades. Or well you can use tape for that, but then it's the kind of "non-disaster" backup I'd use HDDs for.

Re:One good EMP from DPRK...

[aaarrrgggh]

It is pretty easy to protect cold tape from an EMP, even if it is at a close range.

The problem is that Tape really isn't any more secure than anything else-- just modifying the tape drive firmware could easily corrupt data. With a little extra work it could encrypt the data and allow DR simulations to run as long as the event horizon hasn't been reached.

Re:One good EMP from DPRK...

[lgw]

Tape lets your transform the problem from digital security to physical security, and that's something a lot of companies are pretty good at. Further, very few attackers are good at both (you're pretty much down to governments at that point).

You really can't beat tape for archiving. The cost per TB is small (and there's no ongoing cost beyond physical storage), and it's basically immune to stuff like EMP. There's actually is a chip in some tape cartridges to burn out, but losing that won't matter much.

As far as hacking the firmware - IIRC, modern tape drives still requires that you use a firmware tape during the process, so stand-alone tape drives at least would be immune to a purely online attack. Worst case, though, you just buy new tape drives (or use the new ones you have in a box at Iron Mountain next to all your boxes of tapes) to recover.

With a little extra work it could encrypt the data and allow DR simulations to run as long as the event horizon hasn't been reached.

Tape drive firmware is like coding for the Atari 2600. Lots of things are theoretically possible, but very few people could actually pull it off. For this example, only in recent years has encryption hardware been added to drives - without that, there just aren't enough resources in a tape drive to encrypt on the fly (most tape drives can't do asymmetric crypo at all as they don't have the accessible memory to even hold a cert - tape buffer memory is sort of walled off and not general purpose).

Re:"Once again"?

The cloud is just somebody else's computer. It wouldn't suprise me to find out Amazon is using tape for Glacier. But the idea that Amazon will be around longer than tape is as true about the longevity of companies like Sun, Atari, AOL, SCO and dozens of other companies that are now defunct or in their death throws.