Tape is arguably not the best choice for primary recovery, but it does provide a reliable option for recovering ransomware-sacrificed systems and data without paying a ransom.
The cloud generally has many advantages over tape as a recovery tool, but there are situations where tape needs to be seriously considered, including ransomware recovery.
When there are not enough clouds
Whether to use the cloud to recover ransomware has been a religious debate in many circles. Choosing the cloud has many positive benefits, including cost, speed, and immediate availability. All of these are great benefits in responding to ransomware attacks.
But maybe you’re working in an industry that doesn’t yet trust the cloud. Some companies, especially some government agencies, are really frowned upon giving up physical control over their data. They want to get a copy that can be managed both electronically and physically. They need to put it in a box or cage so that they can see and know that it is physically protected. They consider it unsafe because they cannot see the clouds.
Other organizations are fine with using the cloud for some applications, but do not consider it suitable for data protection.
“At risk when on disc” was the marketing slogan of a tape company many years ago. Perhaps it was in response to a disc vendor’s “suck tape, go ahead” campaign, but there was some truth to the disc and risk claims.
If the backup is located on a data center disk drive that is accessible as a file system from the backup server operating system, it can actually be attacked by the same ransomware that you are trying to protect.
If a hacker performs privilege escalation to gain root or administrator status, even a file system with embedded immutability can be overwritten. Therefore, tape vendors’ claims about discs and risks were true. If the data is on disk in the data center, it can be attacked.
Tape is the only true air gap
Many backup vendors sell their products as if there is a gap between the backup data. The truth is that any vendor that uses disks as a storage mechanism can at best say that they have an electronic or virtual air gap. Since everything is still on disk somewhere, there is a risk that something can happen to the backup copy even if it is somewhere in the cloud.
It is also true that a good separation between the primary copy and the backup disk copy can reduce that risk to virtually zero.You do this Change as much as you can Between two copies. Do not use the same OS, the same storage, the same authentication system, or the same LAN. Also, use the best available security measures to keep your backup data safe.
Tape, on the other hand, provides a true physical gap between the protected system and the backup copy. There is no need to turn it on or connect it to a backup system. In fact, what tapes are good at is putting them in a safe that isn’t near electronics. As you may have seen in the Ocean’s Eleven movie, instead of worrying about electronic security, you only have to worry about physical security. It’s much easier to manage. Many people are rethinking the tape on the vault shelves because they can’t touch the ransomware.
You may have heard that tapes are slow and unreliable, but neither is true. As long as you address the tape limitations, tape can be an effective part of your ransomware recovery strategy. It has excellent uncorrected bit error rate (UBER) and coercive force rate. UBER measures how often a magnetic device writes a “1” when it needs to write a “zero”. Coercive force is the degree to which a bit can reverse its polarity over time, that is, bit rot. As long as you address these limitations, tapes are a good place to store your data.
Tape strategy and ransomware
If you are considering tape as part of your ransomware strategy, do not send backups directly to tape. Tape drives write data at a specific speed. If the call transfer rate is slower than the writing speed of the tape drive, the drive must be stopped, relocated, and restarted (before and after, before and after). As a result, tape drives are basically incompatible with incremental backups, and most backups are incremental backups.
The workaround for this issue is to send the backup to disk first. Because the disk is a random access device, it can write, pause, and write the next data chunk on receipt without compromising performance. When you receive a large number of backups, you can quickly copy them from disk to tape to overcome backup-tape discrepancies.
Also, don’t get hooked on getting the latest and greatest tape drives. You may not be able to provide data at the advertised speed. Purchasing an old, slow tape drive will make things easier, and throughput speed will rarely be an issue during large-scale recovery, so it will not have a significant impact on the restore process.
There is Many steps you need to take to protect your backup from ransomware It doesn’t necessarily include the tape, but the bottom line is that the ransomware discussion shouldn’t let the tape come off the table. If you don’t like the other options, the tape is viable as long as it accepts the shortcomings of the tape. Be sure to back up to disk first and then copy to tape. And for good, send the tape offsite and put it in a vault managed by a professional organization that keeps it safe. Hopefully you won’t have to use it, but if you do, you know it’s there.
Copyright © 2021 IDG Communications, Inc.
Tape backup as defensive vs. ransomware
Source link Tape backup as defensive vs. ransomware