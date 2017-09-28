Companies Are Once Again Storing Data On Tape, Just in Case (marketwatch.com) 106
An anonymous reader shares a report: To stay up to date in the battle against hackers, some companies are turning to a 1950s technology. Storing data on tape seems impossibly inconvenient in an age of easy-access cloud computing. But that is the big security advantage of this vintage technology, since hackers have no way to get at the information. The federal government, financial-services firms, health insurers and other regulated industries still keep tape as a backup to digital records. Now a range of other companies are returning to tape as hackers get smarter about penetrating defenses -- and do much more damage when they do get in. Rob Pritchard, founder of the Cyber Security Expert consulting firm and associate fellow at the Royal United Services Institute think tank, has noticed the steady resurgence of tape as part of best-practice backup strategies. "Companies of all sizes must be able to restore data quickly if needed," he says, "but also have a robust, slower-time, recovery mechanism should the worst happen." Mr. Pritchard, who works with a range of organizations to improve corporate cybersecurity practices, says: "A good backup strategy will have multiple layers. Cloud and online services have their place, but can be compromised."
wait, negatronic "brain" electronics, and Slashdot would be freed from its bondage to the Soros-funded BIZX, LLC political interests that have NO BUSINESS owning a tech news site.
This isn't a tech news site, it's an ad provider.
It is pretty easy to protect cold tape from an EMP, even if it is at a close range.
The problem is that Tape really isn't any more secure than anything else-- just modifying the tape drive firmware could easily corrupt data. With a little extra work it could encrypt the data and allow DR simulations to run as long as the event horizon hasn't been reached.
Tape lets your transform the problem from digital security to physical security, and that's something a lot of companies are pretty good at. Further, very few attackers are good at both (you're pretty much down to governments at that point).
You really can't beat tape for archiving. The cost per TB is small (and there's no ongoing cost beyond physical storage), and it's basically immune to stuff like EMP. There's actually is a chip in some tape cartridges to burn out, but losing that won't matter much.
IIRC, modern tape drives still requires that you use a firmware tape during the process, so stand-alone tape drives at least would be immune to a purely online attack.
Nope. HP Tape Tools https://www.hpe.com/us/en/prod... [hpe.com] allow you to update firmware, perform maintenance, etc on most modern HP tape drives that are attached to your server. So conceivably, a hacker could access the backup server (assuming it has HP tape drives attached physically to it), and inject their own firmware (unless there is safeguards in the software to not allow random firmware packages to be uploaded).
You do know that applications were once stored on paper tape, right?
Cuneiform on clay? You youngsters with your hipster ways. I'll stick with notched sticks, thank you very much.
Apart from what I assume is a lower cost, is there any reason to use tape instead of just doing a rotation of RAID systems and disconnecting the unused ones?
Re:Tape? (Score:5, Informative)
Pretty much the reasons you would use tape in the first place.
Reliability, portability, and length of time the data can be stored, possibly speed. LTO-4 and lower is definitely going to be slower. LTO-5+ might be faster for writing depending on the RAID setup.
If it's any kind of high performance system you usually do mirroring to a "hot" backup then do backup to tape from there so speed is not that relevant. You can do pretty well on reliability and portability by simply making many redundant copies. I don't think I'd plan to use it as ordinary backup, not even occasionally. To me tape belongs in the disaster recovery plan, like what if hackers root our servers or a rouge sysadmin goes berserk. The "put it on a tape, stick in a vault and pray you'll never need i
Re:Tape? (Score:5, Informative)
At thousands times more data the density would need to be high enough that cosmic radiation should start affecting tape also?
ECC (Score:5, Informative)
At thousands times more data the density would need to be high enough that cosmic radiation should start affecting tape also?
Nearly every modern serious data storage (even some high-range SD flash cards: see Transcend) uses some form of error correction.
Neither tape nor harddisks (nor SD cards with ECC) are that much affected by single bit flips induced by cosmic radiation.
But HDD can still be affected by mechanical failures.
While on the other hand, "mechanical failure" is hardly a risk for a medium that is just basically just a long band of magnetic tape.
Also, the bitrot of tape is better known because it has been studied for a longer time.
Not to mention that modern tapes still has a lower density than modern harddisks (with all their "super-paramagnetic" and "shingled" tricks).
An LTO-7 tape is shy of 1km of lenght for 12mm width (they have exactly 11 square meters to store their native uncompressed raw 6.0 TB)
A Seagate drive of similar capacity crams its data on 6 platters (of 9cm diameter each - that's 0.076 square meters)
Because data grows so fast, I imagine all 40 year old data will be absolutely tiny in comparison, and fit in the corner of whatever live/hot storage is in use.
I do like the premise of companies storing data locally.
I think all the "cloud backup" advocates have it backwards. The cloud's the best place for live data; but companies (and people) should have local backups of their clouds.
That stuff is important enough to keep around, but I don't really want to have that sitting powered on and having to suck down watts for decades, nor do I really want to worry about what happens to it once a y
Re:Tape? (Score:5, Informative)
By design, tapes are sequential append, not random write. That makes it much harder to modify data. For tape stations that can be set to not allow programmatic rewinding, but tapes have to be physically cleared for rewind, it's even more of a security benefit this way.
Much like some of us like having important system logs go to an unbuffered dot matrix printer in dumb mode - there's no way to undo what's already written like a local log, no way to DoS logging to a remote syslog server, nor kill the print job while it's buffering, like a modern page based printer.
Medium longevity (Score:4, Informative)
is there any reason to use tape instead of just doing a rotation of RAID systems and disconnecting the unused ones?
The main reason IS the one you mentioned (with tape, you basically disconnect only the medium, the magnetic tape. Not the whole read/write drive or even whole RAID cabinet. So you only need to pay for magnetic media as you expand capacity, not full blown electronics. A single tape drive and robot can last you quite some time).
But there is also some other practical consideration :
- Tape has been around for a lot of time. It has been already quite studied regarding its longevity. Its various failure modes are all well known (ghosting).
Manufacturer are now pretty much sure they can guarantee you that you can store a tape cartridge in fridge for Yyy years and it will still be 100% readable afterward.
- Hardisk are a bit more recent technology. We don't have quite the same guarantee regarding mechanical failures, bitrot, etc.
Since the whole purpose of this approach is to disconnect completely the storage, it means that the back-up disk will need to be reconnected and re-spun back to 7200RPMS at some point in the future. A small number out of all disk will fail and will not spin, due to various mechanical feature. A small number of the spinning disks will have suffered bitrot and will have corrupted.
Companies don't have the half-century long experience to make exact guarantee for Zzz years.
It's nothing horrible that can't be compensated with correct duplication and erasure coding. But it's still a bit less guaranteed.
I would add a hacker who jumps a server could easily run a backup tape and reformat.
This could be a problem, given IT's propensity to suck.
I've gone to sites to do a recovery to find that, while the tapes were rotated out every day and stored off site, no one there, in the IT dept. understood CaptainDork's 6th corollary: The task is not to get the data on the tape as much as it is to get the data off the tape.
Every Wednesday, as faithfully as possible, I deleted an innocuous file on the server, pretended to
Restore tests as part of the backup cycle (Score:2)
on the tape as much as it is to get the data off the tape.
Of course, the fact that your tape is guaranteed to hold data for 50 years, isn't an excuse to actually wait 50 years before checking if you can actually read the data on it, or even find it.
Checking that you can restore the data should actually be part of the normal backup cycle.
(A very simple personal example
- A test server that we use to develop and test new code, uses a local copy of the same data as the database used by the production server.
- We've implemented it, by having the test server rebuild i
I've said it this way. Any idiot can write a backup program. However, it takes a genius to write a restore program.
Writing a backup program is stupidly simple. Writing a restore program is not (because now your backup program has to work
Yup, that's why our backup audit log had a weekly restore as one of the lines. We also checked the tick box in our backup software that read from the tape when done and compared CRC to that stored in the database, in theory this could differ from what was on disk, but at that point any modern backup program with dedupe is already hosed. We also did semi-annual DR testing which involved removing key people from the exercise to test cross training and documentation and also included deleting a whole filesyste
RAID is not archival grade, and unused hard drives tend to die. SSDs do not have a long archival life because the electrons escape the gates. Once the threshold between a zero and a one is too close, the data is gone, beyond any hope of recovery.
Tape, on the other hand is archival grade. Unlike the garbage in the 1990s like 8mm, 4mm, and QIC, DLT and LTO have a long working life. In fact, at one place I worked for for five years, out of tens of thousands of tapes, I've seen two have hard write errors, a
NO, its not. If you drop it, the puck (the bit that the loading mechanism uses to pick the end of the tape) may fall out of its retaining slots. It can be put back in place if you are moderately careful. If the plastic case is not broken, the tape is probably readable.
I have dropped a fair number of tapes from desk height over the years (have been using them since the 1970's and designed both hardware and software for tape drives). None h
Lower cost?
Not in my experience.
Depending on business' risk analysis, I backed up to tape, on many servers, rotating 7 days or 30 days.
For the 30-day scenario, that meant 30 tapes for each server (6 at this one place). I did not reuse tapes more than a year. I would destroy those and buy new.
At my sites, I did full tape backup every night, including weekends. Friday's tape was overwritten Saturday and Sunday night.
I took each tape home with me for off-site storage, with written permission from management.
The fact that you would make the management decision to trust your data to strangers (which is what IT is apparently doing today, hence this "new idea") probably means you weren't in management.
This is for companies, not individuals. Everywhere I've worked has used tape backups, up to the present moment. Any company relying on cloud backup is a dangerous company to invest in. RAID storage is useless unless you keep those other disks at a remote location. Even the tape backups have the tapes transported to remote and safe locations (there are professional services that do this),
it never went away (Score:5, Insightful)
It never went away at smart companies and those in regulated industries.
The tapes are 9 track, actually.
I remember when the high density tapes we mounted were 6250 bpi.
The big advantage of 200bpi was that you could sprinkle iron filings on the tape and read the bit patterns for disaster recovery. (Not that I would want to read more than a couple of 80 column card images that way).
This site caters to people that think tape is some archaic thing nobody uses, because audio tapes, VHS and the likes went away. Those are the people that produce ad impressions.
It's a reliable long-term storage medium (Score:4, Insightful)
In terms of longevity, I classify storage this way, from short to long term:
- SSD
- 5.25" floppy disks (anachronistic, but existing)
- hard drives
- Taiyo Yuden CDs and DVDs
- EPROMs
- magnetic tape
- masked ROMs
- books
punch cards.
Well, OK. The reason I didn't list punch cards, is because they were used for data entry and not data storage. The fact that they are a set of disconnected objects points in that direction, too.
Antarctic ice cores
Antarctic ice cores
Quantum entangled photons beamed towards M87 (or M-whatever). Super-encrypted, unmolested for millions of years if need be, you'll know if anyone else read it before you, and another good motivator to invent warp drive if you need to restore your array (gotta go catch your data).
Re:It's a reliable long-term storage medium (Score:5, Interesting)
So the adage that magnetic media suffers from bit rot isn't quite as bad as you think... Cheap crappy disks and tapes will fail, but good quality ones last a good long time.
Paper chemistry (Score:4, Interesting)
- books
Although that varies a bit depending on the chemistry of the paper (e.g.: acid-free vs. acidic)
On the other hand, the *toner* used to laser-print on them (basically, fused plastic) will surely outlive the acidic paper.
You can never...ever... trust SSDs.
If you have no data retention requirements, go right ahead but pal, you first. There's simply no way I'd trust SSDs to be anything other than consumables at this time.
- masked ROMs
- books
You forgot to include stone tablets and cave wall graffiti.
Its all about Average Bandwidth (Score:3)
Then there's the other half (Score:5, Insightful)
If you're backing up your company's data to tape... have you - even once - went through the restore process to make sure you can actually recover it?
We were told to use a certain cloud backup service at work, to save on costs. It was a disaster, amazingly slow, and it would suck up all your bandwidth while you were at home on your own dime. Later a co-worker lost his files and needed to recover. He could only recover one file at a time, not do a full restore. I advised everyone to instead just get a hard drive at the store (4 terabytes for under $100) and encrypt it and use Time Machine. Not IT approved though. Later they went with Box instead, anot
Yes, I have run restoration drills, regularly. (Score:2)
And your point is quite correct. 50% of the time I have run restore drills, I have turned up a failure in the restore process which got fixed.
What I do is "delete" something on a random basis, wait for the easy recovery options to time out, then ask for a restoration of something that has definitely had to go to tape.
--PeterM
I reassign null to be the tape device (Score:2)
"It's backup day today so I'm pissed off. Being the BOFH, however, does have it's advantages. I reassign null to be the tape device - it's so much more economical on my time as I don't have to keep getting up to change tapes every 5 minutes. And it speeds up backups too, so it can't be all bad can it? Of course not."
Simon Travaglia [bofharchive.com]
3-2-1 (Score:2)
Lots of companies never stopped (Score:2)
It's pretty hard to beat tape for longer-term backups.
In photo and video, tape never left (Score:2)
Once footage and images are done with as a project closes, tape was and is the perfect place for them. There is flat out no need to have archival storage on spinning platters that gather dust on sleds.
tertiary storage (Score:2)
The best backups are offline and offsite (Score:2)
You want at least one backup offline so it doesn't get screwed up by malware. And you want it off-site so you'll still have it in case your house burns down. Tape or WORM (write once, read many) optical media is better than HDDs because you can't modify the data after it's written (at least on tape drives with a read-onl
You can get read-only devices for HDDs - they sit in between the drive and SATA controller. It blocks all ATA commands that would alter the contents of the drive.
Called a write-blocker, and mostly used in digital forensics so that an investigator can safely hook up a suspect's drive and take an image without any risk of accidentally writing to it and so possibly compromising the evidence.
The technology we really need and don't have (Score:1)
I've been in shops with tape backup back in the days when it was the cheapest, densest form of storage. Like everything else it has it's pros and cons. One big con that I remember is that it is not random access. You want a file at the end of the tape you have to spool all the way to the end of the tape to get to it. Another thing I remember is that they kept coming out with new technology tape drives and sometimes the new drives weren't compatible with the formats of the old tapes. (And tape drives w