Is Tape Backup the Solution to Ransomware?By Drew Robb
More than half of all organizations experienced a ransomware attack in the past year. That amounted to more than 2 million such incidents in 2019. Cybercriminals extorted billions of dollars as a result. The situation has only worsened in recent months with so many working from home, according to Enterprise Strategy Group (ESG) research.
CIOs, therefore, are willing to pull out their checkbooks to purchase the latest ransomware protection technology. And some are turning back the clock to find salvation in an ancient technology known as tape. They aren’t abandoning flash storage, disk or cloud backup. But they are adding a tape element as an additional safeguard.
Tape offers something disk and flash do not – an air gap, according to Rich Gadomski, head of tape evangelism at FujiFilm Recording Media USA. Tapes can be stored offline either by services such as Iron Mountain or, more commonly these days, in a tape library.
"Tape can easily be physically disconnected from the corporate network and the internet," said Gadomski. "Tape cartridges stored offline are immune to infection by malware as the bad guys don’t have the ability to delete or encrypt what they can’t access."
What about those stories of infected backups – i.e., after a ransomware attack, IT attempts to restore its files from a recent backup, only to find that infected files have infiltrated the backup, rendering it useless? Gadomski said a smart 3-2-1 strategy is the solution: Three separate copies of data, stored on at least two different storage media with one copy off-site. Of note, though, is that those relying on the disk and cloud backup combination often find each data set infected by ransomware. A better approach is to have one copy on onsite disk, one on onsite tape and another tape copy stored offsite. Alternatively, combine disk and the cloud backups augmented by offline tape.
The offline element is vitally important – so much so that even the FBI now recommends offline backups be implemented to avoid becoming a victim of ransomware. Because of the possibility that most recent tape backups can be done from infected files, backup schedules should be arranged to ensure that multiple tape cartridges are used for regularly scheduled backups so that files can be cleanly restored from a malware-free copy.
For small firms, an inexpensive tape system can be implemented as an additional safeguard. But the real savings come when data volumes rise above about 200TB. Gadomski pointed out that long-term retention of high volumes of data is far less costly on tape than from the cloud or disk. With the bulk of organizational data becoming cold within a few short weeks, offloading it to tape is a good way to stay in compliance while greatly reducing the disk storage price tag.
But the clincher for purchase order approval may well be the added benefit of that extra layer of ransomware protection via the air gap.