Companies Are Once Again Storing Data On Tape, Just in Case

An anonymous reader shares a report: To stay up to date in the battle against hackers, some companies are turning to a 1950s technology. Storing data on tape seems impossibly inconvenient in an age of easy-access cloud computing. But that is the big security advantage of this vintage technology, since hackers have no way to get at the information. The federal government, financial-services firms, health insurers and other regulated industries still keep tape as a backup to digital records. Now a range of other companies are returning to tape as hackers get smarter about penetrating defenses -- and do much more damage when they do get in. Rob Pritchard, founder of the Cyber Security Expert consulting firm and associate fellow at the Royal United Services Institute think tank, has noticed the steady resurgence of tape as part of best-practice backup strategies. "Companies of all sizes must be able to restore data quickly if needed," he says, "but also have a robust, slower-time, recovery mechanism should the worst happen." Mr. Pritchard, who works with a range of organizations to improve corporate cybersecurity practices, says: "A good backup strategy will have multiple layers. Cloud and online services have their place, but can be compromised."

Tape?

[DontBeAMoran]

Apart from what I assume is a lower cost, is there any reason to use tape instead of just doing a rotation of RAID systems and disconnecting the unused ones?

Re:Tape?

[redmid17]

Reliability, portability, and length of time the data can be stored, possibly speed. LTO-4 and lower is definitely going to be slower. LTO-5+ might be faster for writing depending on the RAID setup.

Pretty much the reasons you would use tape in the first place.

Re:Tape?

[houstonbofh]

Hard drives do not like to sit powered off. In 3 to 5 years the fail rate is significant. Tape is fine for that. I have restored 40 year old tapes.

Re:Tape?

[whizzter]

But would that really apply for tapes capable of storing "modern" amounts of data?

At thousands times more data the density would need to be high enough that cosmic radiation should start affecting tape also?

Re:Tape?

[arth1]

By design, tapes are sequential append, not random write. That makes it much harder to modify data. For tape stations that can be set to not allow programmatic rewinding, but tapes have to be physically cleared for rewind, it's even more of a security benefit this way.

Much like some of us like having important system logs go to an unbuffered dot matrix printer in dumb mode - there's no way to undo what's already written like a local log, no way to DoS logging to a remote syslog server, nor kill the print job while it's buffering, like a modern page based printer.

Re:Tape?

RAID is not archival grade, and unused hard drives tend to die. SSDs do not have a long archival life because the electrons escape the gates. Once the threshold between a zero and a one is too close, the data is gone, beyond any hope of recovery.

Tape, on the other hand is archival grade. Unlike the garbage in the 1990s like 8mm, 4mm, and QIC, DLT and LTO have a long working life. In fact, at one place I worked for for five years, out of tens of thousands of tapes, I've seen two have hard write errors, and zero with hard read errors. So, out of the petabytes of LTO-3 to LTO-7 data, those are good odds.

Tape isn't that expensive for the enterprise. $5000 gets you a 24 tape LTO-7 autochanger that goes into two RUs, and hooks up via SAS. You can then hook it to your Veeam server as a way to do D2D2T, and have an air-gapped backup. Encryption? Trivial. Set a password, make sure the password is in a recoverable place, and then, if a tape falls off the back of the Iron Maiden truck, it is just a trivial loss. No encryption, and that becomes a front page headline.

I trust tape far more than the cloud. At least I know that if the Net takes a crap, my data is still restorable.

Re:Tape?

[houstonbofh]

Guess you have not looked at tape lately. https://www.engadget.com/2017/...

Re:Tape?

[Kjella]

Reliability, portability, and length of time the data can be stored, possibly speed. LTO-4 and lower is definitely going to be slower. LTO-5+ might be faster for writing depending on the RAID setup.

If it's any kind of high performance system you usually do mirroring to a "hot" backup then do backup to tape from there so speed is not that relevant. You can do pretty well on reliability and portability by simply making many redundant copies. I don't think I'd plan to use it as ordinary backup, not even occasionally. To me tape belongs in the disaster recovery plan, like what if hackers root our servers or a rouge sysadmin goes berserk. The "put it on a tape, stick in a vault and pray you'll never need it but if you do you'll be really happy to have it" kind of backup.

This is particularly true if it's for legal compliance or you're the one maintaining the master data, imagine if you're say the DMV and lose the database of what driver licenses or license plates you've issued. Even in most epic of epic fuck-ups that wouldn't be acceptable. But I'm thinking it's the kind of service you contract out to a third party, maybe even with your own encryption because it doesn't really pay off until you've got huge amounts of data and a perspective of years and decades. Or well you can use tape for that, but then it's the kind of "non-disaster" backup I'd use HDDs for.

Re:Tape?

[redmid17]

RAID is not backup. Just keep repeating that to yourself.

Re:Tape?

[Anne+Thwacks]

Here's a secret about tape; you drop it, it's as fragile as a HDD.

NO, its not. If you drop it, the puck (the bit that the loading mechanism uses to pick the end of the tape) may fall out of its retaining slots. It can be put back in place if you are moderately careful. If the plastic case is not broken, the tape is probably readable.

I have dropped a fair number of tapes from desk height over the years (have been using them since the 1970's and designed both hardware and software for tape drives). None has failed as a result. I have also dropped a few H/Ds as well - some were damaged by falls of a few inches (they are actually more robust if operating). I have restored many tapes after 30 years. You will have a hard time finding an ST506 interface that connects to a modern computer.

I also seem to have significant problems with bit-rot on both Windows and Linux. This is noticeable as jpgs which have problems after sitting idle on the disk for a year or two, and occasionally docs and odts that won't read. Less of a problem with SCSI disks AFAICT, so I suspect hardware, but I did use DOS 4.0, so, I am not sure its not software.

I have definitely had brand new server grade HDs fail to start after 3 years on the shelf. I doubt used ones are more reliable.

Re:Tape?

[RightwingNutjob]

I might want my home movies and family photos to keep for fifty or sixty or a hundred years to pass down to the kids. I might want my bank statements and property records (including any video or photography that goes along with it) to stick around for similar lengths of time in case of legal disputes.

That stuff is important enough to keep around, but I don't really want to have that sitting powered on and having to suck down watts for decades, nor do I really want to worry about what happens to it once a year or so whenever there's a snow storm or a lightning strike or other kind of power outage. Cough cough slashdot cough cough.

Re:Tape?

[mjwx]

Reliability, portability, and length of time the data can be stored, possibly speed. LTO-4 and lower is definitely going to be slower. LTO-5+ might be faster for writing depending on the RAID setup.

Pretty much the reasons you would use tape in the first place.

This,

Also ease of transportation. If I want to move my data off-site, especially to more than one location tape is the easiest way to do that. Speed and availability dont matter for off-site backups. Also cost, where can I get a 3TB HDD for £30? Some data I need to keep unadulterated records of for 7 years (some government requirements even preclude de-duplication, although this is rare).

Re:Tape?

[DontBeAMoran]

Of course he keeps repeating that to himself. That's how RAID works, doesn't it?

Re:Tape?

[lgw]

Live mirroring is a way to make a backup, but isn't a backup until you break the mirror. Most RAID systems aren't really good at moving that sort of stuff around on the fly, unless you're talking about legacy "big box" storage systems that charge 10x-100x what the drives cost.

But, yeah, there are 3 distinct scenarios:
* Backup
* Disaster recovery
* Archiving

Tape is far and away the best for archiving, and is the easiest/cheapest way to do DR. It's not all that good for simple backup - snapshotting of some sort (even if the backup is in the same rack or even device as the main storage) wins for backup, since most restore requests are for recovery from user error, not hardware failure.

It makes good sense to optimize backup for fast recovery from accidental file deletion and the like, as long as you also have a DR strategy that will help you if you lose a rack full of storage (or datacenter etc).

Archiving is usually the legal compliance angle, not the other two use cases. Plenty of big companies have fancy cross-site DR strategies, but still archive to tape for compliance with "store your records for N years" compliance. Heck, the same truck from Iron Mountain likely takes both their paper records and tapes.

it never went away

[banbeans]

It never went away at smart companies and those in regulated industries.

It's a reliable long-term storage medium

[blind+biker]

In terms of longevity, I classify storage this way, from short to long term:
- SSD
- 5.25" floppy disks (anachronistic, but existing)
- hard drives
- Taiyo Yuden CDs and DVDs
- EPROMs
- magnetic tape
- masked ROMs
- books

Re:It's a reliable long-term storage medium

[freeze128]

I recently booted up my old Apple //e computer and was amazed to see that nearly ALL of my old floppies still worked. These are disks that were formatted in the mid 80's. The disks that failed were off-brand cheaper disks that were purchased more recently. I also remember buying 100 3.5" disks from Computer City in the late 90's. ALL of them failed within 5 years. Many were DOA right out of the box, and were unable to be formatted.

So the adage that magnetic media suffers from bit rot isn't quite as bad as you think... Cheap crappy disks and tapes will fail, but good quality ones last a good long time.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Its all about Average Bandwidth

[MountainLogic]

Never underestimate the bandwidth of a station wagon full of tapes hurtling down the highway. Andrew Tanenbaum - the author of Minix

Medium longevity

[DrYak]

is there any reason to use tape instead of just doing a rotation of RAID systems and disconnecting the unused ones?

The main reason IS the one you mentioned (with tape, you basically disconnect only the medium, the magnetic tape. Not the whole read/write drive or even whole RAID cabinet. So you only need to pay for magnetic media as you expand capacity, not full blown electronics. A single tape drive and robot can last you quite some time).

But there is also some other practical consideration :

- Tape has been around for a lot of time. It has been already quite studied regarding its longevity. Its various failure modes are all well known (ghosting).
Manufacturer are now pretty much sure they can guarantee you that you can store a tape cartridge in fridge for Yyy years and it will still be 100% readable afterward.

- Hardisk are a bit more recent technology. We don't have quite the same guarantee regarding mechanical failures, bitrot, etc.
Since the whole purpose of this approach is to disconnect completely the storage, it means that the back-up disk will need to be reconnected and re-spun back to 7200RPMS at some point in the future. A small number out of all disk will fail and will not spin, due to various mechanical feature. A small number of the spinning disks will have suffered bitrot and will have corrupted.
Companies don't have the half-century long experience to make exact guarantee for Zzz years.

It's nothing horrible that can't be compensated with correct duplication and erasure coding. But it's still a bit less guaranteed.

Re:Medium longevity

[CaptainDork]

I would add a hacker who jumps a server could easily run a backup tape and reformat.

This could be a problem, given IT's propensity to suck.

I've gone to sites to do a recovery to find that, while the tapes were rotated out every day and stored off site, no one there, in the IT dept. understood CaptainDork's 6th corollary: The task is not to get the data on the tape as much as it is to get the data off the tape.

Every Wednesday, as faithfully as possible, I deleted an innocuous file on the server, pretended to have a major cow over its loss, and restored from backup (whether tape or EHD or cloud).

For one site, the admin came in every day; saw "Backup complete," swapped tapes and moved on.

What he didn't know was that the "complete," was the reformat command.

When the wheels fell off, he realized that he had never proven that shit was actually working.

Management was not amused.

Re:Medium longevity

[tlhIngan]

I've gone to sites to do a recovery to find that, while the tapes were rotated out every day and stored off site, no one there, in the IT dept. understood CaptainDork's 6th corollary: The task is not to get the data on the tape as much as it is to get the data off the tape.

I've said it this way. Any idiot can write a backup program. However, it takes a genius to write a restore program.

Writing a backup program is stupidly simple. Writing a restore program is not (because now your backup program has to work).

I've always hated demos of backup software - especially ones that require you to pay to test the restore functionality. Because of the above - demonstrating to me that you can backup is easy. What I want to know is if I can restore. So your demo needs to include restore functionality - maybe you can restore up to 1GB of data or something before requiring payment so I can see your restore program in operation.

Sad fact is, I found many backup programs have "test versions" that only allow backup. Without showing me you can restore, I'm not going to believe your demo.

Re:Medium longevity

[afidel]

Yup, that's why our backup audit log had a weekly restore as one of the lines. We also checked the tick box in our backup software that read from the tape when done and compared CRC to that stored in the database, in theory this could differ from what was on disk, but at that point any modern backup program with dedupe is already hosed. We also did semi-annual DR testing which involved removing key people from the exercise to test cross training and documentation and also included deleting a whole filesystem and doing a restore from the backup system and doing spot check on files selected at random from the source filesystem.

Then there's the other half

[93+Escort+Wagon]

If you're backing up your company's data to tape... have you - even once - went through the restore process to make sure you can actually recover it?

Paper chemistry

[DrYak]

- books

Although that varies a bit depending on the chemistry of the paper (e.g.: acid-free vs. acidic)

On the other hand, the *toner* used to laser-print on them (basically, fused plastic) will surely outlive the acidic paper.

ECC

[DrYak]

At thousands times more data the density would need to be high enough that cosmic radiation should start affecting tape also?

Nearly every modern serious data storage (even some high-range SD flash cards: see Transcend) uses some form of error correction.
Neither tape nor harddisks (nor SD cards with ECC) are that much affected by single bit flips induced by cosmic radiation.

But HDD can still be affected by mechanical failures.
While on the other hand, "mechanical failure" is hardly a risk for a medium that is just basically just a long band of magnetic tape.

Also, the bitrot of tape is better known because it has been studied for a longer time.

Not to mention that modern tapes still has a lower density than modern harddisks (with all their "super-paramagnetic" and "shingled" tricks).
An LTO-7 tape is shy of 1km of lenght for 12mm width (they have exactly 11 square meters to store their native uncompressed raw 6.0 TB)
A Seagate drive of similar capacity crams its data on 6 platters (of 9cm diameter each - that's 0.076 square meters)

Restore tests as part of the backup cycle

[DrYak]

on the tape as much as it is to get the data off the tape.

Of course, the fact that your tape is guaranteed to hold data for 50 years, isn't an excuse to actually wait 50 years before checking if you can actually read the data on it, or even find it.

Checking that you can restore the data should actually be part of the normal backup cycle.

(A very simple personal example :
- A test server that we use to develop and test new code, uses a local copy of the same data as the database used by the production server.
- We've implemented it, by having the test server rebuild its local database using the yesterday evening backup of the production server.
- If the backup couldn't be read back, the "restore" process will fail on the test server and will be immediately visible.)

Re:One good EMP from DPRK...

[aaarrrgggh]

It is pretty easy to protect cold tape from an EMP, even if it is at a close range.

The problem is that Tape really isn't any more secure than anything else-- just modifying the tape drive firmware could easily corrupt data. With a little extra work it could encrypt the data and allow DR simulations to run as long as the event horizon hasn't been reached.

Re:One good EMP from DPRK...

[lgw]

Tape lets your transform the problem from digital security to physical security, and that's something a lot of companies are pretty good at. Further, very few attackers are good at both (you're pretty much down to governments at that point).

You really can't beat tape for archiving. The cost per TB is small (and there's no ongoing cost beyond physical storage), and it's basically immune to stuff like EMP. There's actually is a chip in some tape cartridges to burn out, but losing that won't matter much.

As far as hacking the firmware - IIRC, modern tape drives still requires that you use a firmware tape during the process, so stand-alone tape drives at least would be immune to a purely online attack. Worst case, though, you just buy new tape drives (or use the new ones you have in a box at Iron Mountain next to all your boxes of tapes) to recover.

With a little extra work it could encrypt the data and allow DR simulations to run as long as the event horizon hasn't been reached.

Tape drive firmware is like coding for the Atari 2600. Lots of things are theoretically possible, but very few people could actually pull it off. For this example, only in recent years has encryption hardware been added to drives - without that, there just aren't enough resources in a tape drive to encrypt on the fly (most tape drives can't do asymmetric crypo at all as they don't have the accessible memory to even hold a cert - tape buffer memory is sort of walled off and not general purpose).

Re:"Once again"?

The cloud is just somebody else's computer. It wouldn't suprise me to find out Amazon is using tape for Glacier. But the idea that Amazon will be around longer than tape is as true about the longevity of companies like Sun, Atari, AOL, SCO and dozens of other companies that are now defunct or in their death throws.

Re:"Once again"?

[fisted]

This site caters to people that think tape is some archaic thing nobody uses, because audio tapes, VHS and the likes went away. Those are the people that produce ad impressions.

Re:One good EMP from DPRK...

[bev_tech_rob]

IIRC, modern tape drives still requires that you use a firmware tape during the process, so stand-alone tape drives at least would be immune to a purely online attack. .

Nope. HP Tape Tools https://www.hpe.com/us/en/prod... allow you to update firmware, perform maintenance, etc on most modern HP tape drives that are attached to your server. So conceivably, a hacker could access the backup server (assuming it has HP tape drives attached physically to it), and inject their own firmware (unless there is safeguards in the software to not allow random firmware packages to be uploaded).

Re:8 track

[Anne+Thwacks]

I can still recall the horrors of 200bpi 7-track 1/2" tape NRZI with the "choose your own parity" feature.

The big advantage of 200bpi was that you could sprinkle iron filings on the tape and read the bit patterns for disaster recovery. (Not that I would want to read more than a couple of 80 column card images that way).

Re:"Once again"?

[afidel]

Tape almost never goes bad, with over 15,000 tapes at my last job we had one failure to read and 2 failures to write (one of which I dropped so it really doesn't count). I read an original DLT IV tape in an SDLT 320 drive over 18 years after it was written (tax document, apparently the lawyers had a question on something and there was a 20 year lookback period for this particular property tax) and routinely read LTO tapes that were nearly a decade old. Oh, and restore from Glacier is unbelievably expensive so it's fine if you have a WORN requirement but for true use it's more expensive than doing it yourself if you have any kind of scale.

Re:One good EMP from DPRK...

[gweihir]

If that is enough. As the Tape is basically inside the write coil core when data is written, magnetic field strengths used on tape are extreme. The other problem is that tapes are non-conductive. An EMP is going to do nothing at all.

Cloud and online services have their place.

[StormReaver]

If you're not a raving moron, that place is in the trashcan of history (assuming it's not your own cloud or service).