Many of you have probably not even heard of the “Air Gap” theory, which in my view is a good thing.
Once the public cloud started to eat into the market share of tape sales, or at least threaten to eat into it, tape salesmen and manufacturers started to talk poorly of the public cloud and the ease with which its security can be breached or that viruses could be planted.
In order to complete the story, the tape industry and its sales teams started to talk about the “Air Gap”. The Air Gap is essentially a term used to describe the fact that data written to a tape is no longer connected to any machine or able to be communicated with, and therefore cannot be hacked or have a virus affect its contents. The view was that this was another way to convince people that tape is safer than cloud. It is part of the reason I started Tape Ark.
Let’s be honest. We saw an announcement today that one of Australia’s largest banks lost two tapes that contained over 20 million customer financial statements. The bank is not sure where the tapes are as a third party contractor was responsible. Maybe the data went into the Air Gap? Anyone know of a case where someone misplaced their cloud?
Let’s take a quick look at this:
- When a tape is created, most companies use an offsite tape storage provider.
- Once you have handed that media over to a tape storage provider – do you know what happens to it? A courier collects the tape and drives it back to the warehouse. If he decides he wants a pie and chips for lunch he stops at his local lunch spot and has lunch. Essentially, tapes left unsecure, in the back of a car or van, easily stolen, heating up in the sun while the driver eats his lunch.
- Once back in the vault, they are placed in a room on a shelf next to thousands of other tapes that belong to other clients. Visitors come and go, in and out of that vault, and can easily walk away with one or more tapes if they wish.
- The tape storage provider themselves has unfettered access to your tapes while they hold them. Could you tell if someone had taken the data and copied it or extracted it?
- If you need the tape back, the same courier driver will bring it back to you. Will he have lunch today? Will you be his fifth tape drop-off of the day, where he leaves your tapes unattended in his van for hours while he does four other drop-offs before yours?
Let’s be honest. Would you prefer to rely on a tape moving around and the lunch habits of your courier driver or would you prefer to rely on encryption, Amazon Web Services IAM access protocols, online data transport and retrieval and a cloud system that is treated like a military installation? Air Gap does not = Data Security. Data Security = Data Security.