Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Security Data Storage IT Technology

Companies Are Once Again Storing Data On Tape, Just in Case (marketwatch.com) 199

An anonymous reader shares a report: To stay up to date in the battle against hackers, some companies are turning to a 1950s technology. Storing data on tape seems impossibly inconvenient in an age of easy-access cloud computing. But that is the big security advantage of this vintage technology, since hackers have no way to get at the information. The federal government, financial-services firms, health insurers and other regulated industries still keep tape as a backup to digital records. Now a range of other companies are returning to tape as hackers get smarter about penetrating defenses -- and do much more damage when they do get in. Rob Pritchard, founder of the Cyber Security Expert consulting firm and associate fellow at the Royal United Services Institute think tank, has noticed the steady resurgence of tape as part of best-practice backup strategies. "Companies of all sizes must be able to restore data quickly if needed," he says, "but also have a robust, slower-time, recovery mechanism should the worst happen." Mr. Pritchard, who works with a range of organizations to improve corporate cybersecurity practices, says: "A good backup strategy will have multiple layers. Cloud and online services have their place, but can be compromised."
This discussion has been archived. No new comments can be posted.

Companies Are Once Again Storing Data On Tape, Just in Case

Comments Filter:
  • Tape? (Score:5, Informative)

    by DontBeAMoran ( 4843879 ) on Thursday September 28, 2017 @11:08AM (#55270015)

    Apart from what I assume is a lower cost, is there any reason to use tape instead of just doing a rotation of RAID systems and disconnecting the unused ones?

    • Re:Tape? (Score:5, Informative)

      by redmid17 ( 1217076 ) on Thursday September 28, 2017 @11:15AM (#55270075)
      Reliability, portability, and length of time the data can be stored, possibly speed. LTO-4 and lower is definitely going to be slower. LTO-5+ might be faster for writing depending on the RAID setup.

      Pretty much the reasons you would use tape in the first place.
      • Re:Tape? (Score:5, Insightful)

        by Kjella ( 173770 ) on Thursday September 28, 2017 @12:28PM (#55270601) Homepage

        Reliability, portability, and length of time the data can be stored, possibly speed. LTO-4 and lower is definitely going to be slower. LTO-5+ might be faster for writing depending on the RAID setup.

        If it's any kind of high performance system you usually do mirroring to a "hot" backup then do backup to tape from there so speed is not that relevant. You can do pretty well on reliability and portability by simply making many redundant copies. I don't think I'd plan to use it as ordinary backup, not even occasionally. To me tape belongs in the disaster recovery plan, like what if hackers root our servers or a rouge sysadmin goes berserk. The "put it on a tape, stick in a vault and pray you'll never need it but if you do you'll be really happy to have it" kind of backup.

        This is particularly true if it's for legal compliance or you're the one maintaining the master data, imagine if you're say the DMV and lose the database of what driver licenses or license plates you've issued. Even in most epic of epic fuck-ups that wouldn't be acceptable. But I'm thinking it's the kind of service you contract out to a third party, maybe even with your own encryption because it doesn't really pay off until you've got huge amounts of data and a perspective of years and decades. Or well you can use tape for that, but then it's the kind of "non-disaster" backup I'd use HDDs for.

        • RAID is not backup. Just keep repeating that to yourself.
        • Re:Tape? (Score:4, Informative)

          by lgw ( 121541 ) on Thursday September 28, 2017 @02:30PM (#55271409) Journal

          Live mirroring is a way to make a backup, but isn't a backup until you break the mirror. Most RAID systems aren't really good at moving that sort of stuff around on the fly, unless you're talking about legacy "big box" storage systems that charge 10x-100x what the drives cost.

          But, yeah, there are 3 distinct scenarios:
          * Backup
          * Disaster recovery
          * Archiving

          Tape is far and away the best for archiving, and is the easiest/cheapest way to do DR. It's not all that good for simple backup - snapshotting of some sort (even if the backup is in the same rack or even device as the main storage) wins for backup, since most restore requests are for recovery from user error, not hardware failure.

          It makes good sense to optimize backup for fast recovery from accidental file deletion and the like, as long as you also have a DR strategy that will help you if you lose a rack full of storage (or datacenter etc).

          Archiving is usually the legal compliance angle, not the other two use cases. Plenty of big companies have fancy cross-site DR strategies, but still archive to tape for compliance with "store your records for N years" compliance. Heck, the same truck from Iron Mountain likely takes both their paper records and tapes.

      • by mjwx ( 966435 )

        Reliability, portability, and length of time the data can be stored, possibly speed. LTO-4 and lower is definitely going to be slower. LTO-5+ might be faster for writing depending on the RAID setup.

        Pretty much the reasons you would use tape in the first place.

        This,

        Also ease of transportation. If I want to move my data off-site, especially to more than one location tape is the easiest way to do that. Speed and availability dont matter for off-site backups. Also cost, where can I get a 3TB HDD for £30? Some data I need to keep unadulterated records of for 7 years (some government requirements even preclude de-duplication, although this is rare).

    • Re:Tape? (Score:5, Informative)

      by houstonbofh ( 602064 ) on Thursday September 28, 2017 @11:15AM (#55270081)
      Hard drives do not like to sit powered off. In 3 to 5 years the fail rate is significant. Tape is fine for that. I have restored 40 year old tapes.
      • Re: (Score:3, Interesting)

        by whizzter ( 592586 )
        But would that really apply for tapes capable of storing "modern" amounts of data?

        At thousands times more data the density would need to be high enough that cosmic radiation should start affecting tape also?
        • Guess you have not looked at tape lately. https://www.engadget.com/2017/... [engadget.com]
        • ECC (Score:5, Informative)

          by DrYak ( 748999 ) on Thursday September 28, 2017 @11:57AM (#55270389) Homepage

          At thousands times more data the density would need to be high enough that cosmic radiation should start affecting tape also?

          Nearly every modern serious data storage (even some high-range SD flash cards: see Transcend) uses some form of error correction.
          Neither tape nor harddisks (nor SD cards with ECC) are that much affected by single bit flips induced by cosmic radiation.

          But HDD can still be affected by mechanical failures.
          While on the other hand, "mechanical failure" is hardly a risk for a medium that is just basically just a long band of magnetic tape.

          Also, the bitrot of tape is better known because it has been studied for a longer time.

          Not to mention that modern tapes still has a lower density than modern harddisks (with all their "super-paramagnetic" and "shingled" tricks).
          An LTO-7 tape is shy of 1km of lenght for 12mm width (they have exactly 11 square meters to store their native uncompressed raw 6.0 TB)
          A Seagate drive of similar capacity crams its data on 6 platters (of 9cm diameter each - that's 0.076 square meters)

          • Nearly every modern serious data storage (even some high-range SD flash cards: see Transcend) uses some form of error correction.

            You say it like its a good thing!

            Error correction works fine for one, or possibly a small number of errors, such as you might get in DRAM, but if you get a lot of errors like on a bad disk or tape, it is capable of munging the data and declaring it fixed. And there is no way to know how many errors you have got. If you have errors, you get another tape out of the cupboard. (You

            • If you have lots of errors you're not in the realm of cosmic rays or random bit flips, you're suffering from actual hardware failure.

              If you have errors, you get another tape out of the cupboard.

              Funny I did that with my last memory card and my last HDD when they started throwing errors, and at $20 for an 800GB tape the replacement HDD was about the same price.

              You do not get an algorithm to "fix" the data if its your life on the line (or your $$$).

              Defence in depth. Of course you do. Best still you get an algorithm that warns you of impending failures when they start logging at an unacceptable rate. Kind of like ECC and SMART data.

            • Error correction works fine for one, or possibly a small number of errors,

              If the level of cosmic radiation that is bathing your workplace causes more than the occasional bit flip that the above poster has suggested [slashdot.org], I think you might be having more serious problems to consider.

              Like needing to find shelter asap.

              Or enjoy your new "fantastic 4" super-powers.

              sd cards? how would you know what's going on inside?

              Now for the more serious answers :
              again ecc is used against the occasional random bitflip, as in the concerns about cosmic radiation by the above posters.

              For the rest of your concern (i.e.: the media turning bad), the micro-contr

          • "mechanical failure" is hardly a risk for a medium that is just basically just a long band of magnetic tape.

            You've never seen a kid handle a tape, have you?

            • You've never seen a kid handle a tape, have you?

              If your kid is roaming free in the middle of your company's big data center, you have an entirely different level of problems...

              • You've never seen a kid handle a tape, have you?

                If your kid is roaming free in the middle of your company's big data center, you have an entirely different level of problems...

                Tape monkey is their night job after making shoes and iPhones all day. ;)

      • by ron_ivi ( 607351 )
        What kind of data really needs to set powered off for 40 years, though?

        Because data grows so fast, I imagine all 40 year old data will be absolutely tiny in comparison, and fit in the corner of whatever live/hot storage is in use.

        I do like the premise of companies storing data locally.

        I think all the "cloud backup" advocates have it backwards. The cloud's the best place for live data; but companies (and people) should have local backups of their clouds.

        • I might want my home movies and family photos to keep for fifty or sixty or a hundred years to pass down to the kids. I might want my bank statements and property records (including any video or photography that goes along with it) to stick around for similar lengths of time in case of legal disputes.

          That stuff is important enough to keep around, but I don't really want to have that sitting powered on and having to suck down watts for decades, nor do I really want to worry about what happens to it once a y
        • What kind of data really needs to set powered off for 40 years, though?

          I guess we know where you work... https://sputniknews.com/milita... [sputniknews.com] ;)

          I do like the premise of companies storing data locally.

          I think all the "cloud backup" advocates have it backwards. The cloud's the best place for live data; but companies (and people) should have local backups of their clouds.

          Living in Houston, I am a big fan of geographically separate backups. When half of the city is under water, local backups may be as well.

    • Re:Tape? (Score:5, Informative)

      by arth1 ( 260657 ) on Thursday September 28, 2017 @11:30AM (#55270201) Homepage Journal

      By design, tapes are sequential append, not random write. That makes it much harder to modify data. For tape stations that can be set to not allow programmatic rewinding, but tapes have to be physically cleared for rewind, it's even more of a security benefit this way.

      Much like some of us like having important system logs go to an unbuffered dot matrix printer in dumb mode - there's no way to undo what's already written like a local log, no way to DoS logging to a remote syslog server, nor kill the print job while it's buffering, like a modern page based printer.

      • [...] no way to DoS logging to a remote syslog server [...]

        No, but you can DoS the printer merely by doing a lot of things that would get printed. Paper isn't infinite...

        Fun example: Way back in the mainframe days, a place where my friend was working had a keycard-type lock for the machine room. Insert your card, door unlocks, remove card and enter the now unlocked door. It was a real nuisance for him and one Saturday, when he was working, he discovered that if he just left his card in the lock, the door would unlock, wait a few seconds, lock, reread the card,

    • Medium longevity (Score:5, Informative)

      by DrYak ( 748999 ) on Thursday September 28, 2017 @11:31AM (#55270219) Homepage

      is there any reason to use tape instead of just doing a rotation of RAID systems and disconnecting the unused ones?

      The main reason IS the one you mentioned (with tape, you basically disconnect only the medium, the magnetic tape. Not the whole read/write drive or even whole RAID cabinet. So you only need to pay for magnetic media as you expand capacity, not full blown electronics. A single tape drive and robot can last you quite some time).

      But there is also some other practical consideration :

      - Tape has been around for a lot of time. It has been already quite studied regarding its longevity. Its various failure modes are all well known (ghosting).
      Manufacturer are now pretty much sure they can guarantee you that you can store a tape cartridge in fridge for Yyy years and it will still be 100% readable afterward.

      - Hardisk are a bit more recent technology. We don't have quite the same guarantee regarding mechanical failures, bitrot, etc.
      Since the whole purpose of this approach is to disconnect completely the storage, it means that the back-up disk will need to be reconnected and re-spun back to 7200RPMS at some point in the future. A small number out of all disk will fail and will not spin, due to various mechanical feature. A small number of the spinning disks will have suffered bitrot and will have corrupted.
      Companies don't have the half-century long experience to make exact guarantee for Zzz years.

      It's nothing horrible that can't be compensated with correct duplication and erasure coding. But it's still a bit less guaranteed.

      • I would add a hacker who jumps a server could easily run a backup tape and reformat.

        This could be a problem, given IT's propensity to suck.

        I've gone to sites to do a recovery to find that, while the tapes were rotated out every day and stored off site, no one there, in the IT dept. understood CaptainDork's 6th corollary: The task is not to get the data on the tape as much as it is to get the data off the tape.

        Every Wednesday, as faithfully as possible, I deleted an innocuous file on the server, pretended to

        • on the tape as much as it is to get the data off the tape.

          Of course, the fact that your tape is guaranteed to hold data for 50 years, isn't an excuse to actually wait 50 years before checking if you can actually read the data on it, or even find it.

          Checking that you can restore the data should actually be part of the normal backup cycle.

          (A very simple personal example :
          - A test server that we use to develop and test new code, uses a local copy of the same data as the database used by the production server.
          - We've implemented it, by having the test server rebuild i

        • by tlhIngan ( 30335 )

          I've gone to sites to do a recovery to find that, while the tapes were rotated out every day and stored off site, no one there, in the IT dept. understood CaptainDork's 6th corollary: The task is not to get the data on the tape as much as it is to get the data off the tape.

          I've said it this way. Any idiot can write a backup program. However, it takes a genius to write a restore program.

          Writing a backup program is stupidly simple. Writing a restore program is not (because now your backup program has to work

          • I hear ya.

            One site had an appliance and cloud backup.

            I was consulting on an unrelated matter and laid down a text file. Two days later, I deleted the file and told management what I did and to ask IT to get the file back, stat.

            IT was totally like a fish out of water.

            They started reading the web site, making phone calls ...

            I asked management, "Is this what you want when things go sideways?"

            The IT manager was pissed and asked me what the fuck I was doing. My reply was, "Your job."

            My allegiance was to the peep

        • Re:Medium longevity (Score:4, Interesting)

          by afidel ( 530433 ) on Thursday September 28, 2017 @01:09PM (#55270891)

          Yup, that's why our backup audit log had a weekly restore as one of the lines. We also checked the tick box in our backup software that read from the tape when done and compared CRC to that stored in the database, in theory this could differ from what was on disk, but at that point any modern backup program with dedupe is already hosed. We also did semi-annual DR testing which involved removing key people from the exercise to test cross training and documentation and also included deleting a whole filesystem and doing a restore from the backup system and doing spot check on files selected at random from the source filesystem.

    • Re: (Score:3, Interesting)

      by Anonymous Coward

      RAID is not archival grade, and unused hard drives tend to die. SSDs do not have a long archival life because the electrons escape the gates. Once the threshold between a zero and a one is too close, the data is gone, beyond any hope of recovery.

      Tape, on the other hand is archival grade. Unlike the garbage in the 1990s like 8mm, 4mm, and QIC, DLT and LTO have a long working life. In fact, at one place I worked for for five years, out of tens of thousands of tapes, I've seen two have hard write errors, a

    • Lower cost?

      Not in my experience.

      Depending on business' risk analysis, I backed up to tape, on many servers, rotating 7 days or 30 days.

      For the 30-day scenario, that meant 30 tapes for each server (6 at this one place). I did not reuse tapes more than a year. I would destroy those and buy new.

      At my sites, I did full tape backup every night, including weekends. Friday's tape was overwritten Saturday and Sunday night.

      I took each tape home with me for off-site storage, with written permission from management.

      I

      • The fact that management let you take the tapes home instead of having an offsite storage solution probably means you don't speak for any large enterprises.
        • The fact that you would make the management decision to trust your data to strangers (which is what IT is apparently doing today, hence this "new idea") probably means you weren't in management.

          • You seem to think I was defending the cloud solution; I think that is stupid as well. The correct way to archive tapes is either in your own datacenter, or pay an offisite storage company with a vault to do it. All tapes should be inventoried and tracked.
            • Actually, all decisions should be made by management.

              That's how my world rolls.

              They let me keep the fireproof safe that they bought.

              Look: When the freaking fire alarm went off, I was the first guy to hit the street, even if I knew somebody was burning popcorn in the microwave, and I had the backup tapes in my possession.

              When I bugged out for hurricane evac, I'm the guy who had the backup tapes and the production server in the trunk.

              Your management can do as they wish.

              That's what mine did.

              Not your call.

          • And I forgot encrypted.
    • This is for companies, not individuals. Everywhere I've worked has used tape backups, up to the present moment. Any company relying on cloud backup is a dangerous company to invest in. RAID storage is useless unless you keep those other disks at a remote location. Even the tape backups have the tapes transported to remote and safe locations (there are professional services that do this),

    • by gweihir ( 88907 )

      Tapes are offline and disconnecting drives is a) technologically difficult and b) one main failure points for disks is when you start them.

  • it never went away (Score:5, Insightful)

    by banbeans ( 122547 ) on Thursday September 28, 2017 @11:08AM (#55270017)

    It never went away at smart companies and those in regulated industries.

  • by blind biker ( 1066130 ) on Thursday September 28, 2017 @11:13AM (#55270063) Journal

    In terms of longevity, I classify storage this way, from short to long term:
    - SSD
    - 5.25" floppy disks (anachronistic, but existing)
    - hard drives
    - Taiyo Yuden CDs and DVDs
    - EPROMs
    - magnetic tape
    - masked ROMs
    - books

    • by JustOK ( 667959 )
      punch cards.
      • punch cards.

        Well, OK. The reason I didn't list punch cards, is because they were used for data entry and not data storage. The fact that they are a set of disconnected objects points in that direction, too.

    • Paper chemistry (Score:4, Interesting)

      by DrYak ( 748999 ) on Thursday September 28, 2017 @11:34AM (#55270245) Homepage

      - books

      Although that varies a bit depending on the chemistry of the paper (e.g.: acid-free vs. acidic)

      On the other hand, the *toner* used to laser-print on them (basically, fused plastic) will surely outlive the acidic paper.

      • On the other hand, the *toner* used to laser-print on them (basically, fused plastic) will surely outlive the acidic paper.

        Indeed. But long before the paper has disolved your toner will stick the pages together in ways that you'll never be able to read what was on them without applying a liberal dose of science.

    • by sinij ( 911942 )

      - masked ROMs
      - books

      You forgot to include stone tablets and cave wall graffiti.

    • by crtreece ( 59298 )
      The bandwidth might be great, but the latency is horrible.
      • Sad to say, I had a real world need to calculate the number of HDDs that will fit in a 747-400F. And yes, it does beat the a station wagon and even fiber for average bandwidth hands down (excluding reading/writing the data). And no, nobody asked how much the data weighed.
  • by 93 Escort Wagon ( 326346 ) on Thursday September 28, 2017 @11:34AM (#55270239)

    If you're backing up your company's data to tape... have you - even once - went through the restore process to make sure you can actually recover it?

    • And your point is quite correct. 50% of the time I have run restore drills, I have turned up a failure in the restore process which got fixed.

      What I do is "delete" something on a random basis, wait for the easy recovery options to time out, then ask for a restoration of something that has definitely had to go to tape.

      --PeterM

  • "It's backup day today so I'm pissed off. Being the BOFH, however, does have it's advantages. I reassign null to be the tape device - it's so much more economical on my time as I don't have to keep getting up to change tapes every 5 minutes. And it speeds up backups too, so it can't be all bad can it? Of course not."

    Simon Travaglia [bofharchive.com]

  • 3 copies of the data 2 on different media 1 not at the same place as the other 2. Current corporate entity backs up to a Separate SAN and then the SAN to tape, tapes go away and rotated on a yearly basis.
  • It's pretty hard to beat tape for longer-term backups.

  • Once footage and images are done with as a project closes, tape was and is the perfect place for them. There is flat out no need to have archival storage on spinning platters that gather dust on sleds.

  • I setup tape in my organization as well. 100% virtual infrastructure with primary backups/snapshots on site SAN storage. Replicated backups/snapshots at a 2nd physical DR site connected via owned / leased fiber. Tertiary backups to tape and shipped off to a nation storage repository.
  • That's what I tell my friends and customers. I have a 12 TB NAS for daily backups (among other things), but I also back that up monthly to a RAID enclosure which gets stored elsewhere.

    You want at least one backup offline so it doesn't get screwed up by malware. And you want it off-site so you'll still have it in case your house burns down. Tape or WORM (write once, read many) optical media is better than HDDs because you can't modify the data after it's written (at least on tape drives with a read-onl
    • You can get read-only devices for HDDs - they sit in between the drive and SATA controller. It blocks all ATA commands that would alter the contents of the drive.

      Called a write-blocker, and mostly used in digital forensics so that an investigator can safely hook up a suspect's drive and take an image without any risk of accidentally writing to it and so possibly compromising the evidence.

      • Yeah, the read/write nature of hard drives isn't really the problem with using them for long-term storage. The real problem is that they're relatively fragile.

  • They just have to get it done quickly before the dark army gets wind of their plans...

  • (Hmmm.. A nony mouse? Eh, it's been over 40 years, I guess the statute of limitations has run out.)

    Back in the days of Univac mainframes, I wanted a file that was not accessible to me. It was backed up on tape, but accessing the manually mounted by the uncooperative operator backup tape?

    However, this was also the days of disk being expensive per kilobyte. Univac's solution was "Rollout/rollback"; under certain criteria, the Univac would release all the files's storage back to the free disk pool, and mark

  • These are proven long term storage methods.
  • I was really pleased with the improvements we saw at 2 different companies when we finally let go of outdated LTO or DLT backup tape solutions.

    It may be true that tape has a better chance of being readable after sitting in storage for a long enough period of time. But my experience was, the tape drives themselves would suffer from breakdowns causing them to unspool or "eat" tapes, too. The older DLT drives I used to work with were especially prone to failure modes causing them not to sense the "leader" at t

  • Not really. Once all your company data is stashed on someone else's computers what's your DR plan if those computers go down? Having a local copy might be handy, eh? It doesn't matter if the company's got the sharpest lawyers on the planet, they aren't going to be able to perform a bare-metal restore and get the business back online---despite what it says in that iron-clad language they insisted had to be in the contract.

  • by StormReaver ( 59959 ) on Thursday September 28, 2017 @04:21PM (#55272287)

    If you're not a raving moron, that place is in the trashcan of history (assuming it's not your own cloud or service).

  • ...it's the air gap. It's the fact that there's no electronic connection between your backup tapes in storage and anything on the internet. Using hard drives in hot swapable carriers works as well, the data rate is faster, and the storage density is higher. But as soon as you start using disks, someone starts thinking it'd be way convenient to have the backup data online all the time, and you lose the security advantage. At least with tape, there's a managerial expectation that the tape would be put aw

  • I guess this isn't a very good time to bring up Blu-ray, the backup that is resistant to magnets and hackers at the same time.

"Pay no attention to the man behind the curtain." -- Karl, as he stepped behind the computer to reboot it, during a FAT

Working...