One of the myths you often encounter among staunch defenders of tape is that of its supposed superiority compared to other backup mediums because tape can be stored offline. Writing your backups first to tape and then storing the tape collection offsite gives you, they say, what nothing else can – the absolute security of a “physical air gap.” As we will show in the course of this post, it doesn’t quite work out this way at all. The view that storing tape backups offsite is essential comes from the tape consortium telling only part of the story, so it’s worth attending to what they leave out.
What is the air gap?
As you may know, the air gap is a security measure that involves isolating a device and preventing it from establishing an external connection. It’s a basic security measure that happens automatically when you eject a tape from a tape drive. As the tape is no longer connected to anything, ta-da, you now have an air gap. In the event that ransomware infects your primary system, your air gapped tape backups are safely out of reach. There is no ready bridge from the infected system to the tapes, so the malware can’t get to the backups.
Similarly, if a natural disaster overwhelms your facility, the remoteness of a collection stored offsite should mean that it’s safe. The rationale for storing the backups offline is hence that the tapes will not be exposed to the same set of threats as the primary system (though this doesn’t mean it’s not exposed to its own set of risks). The good news is that the tapes are out of harm’s way; the bad news is that they’re now out of reach for you too. Once you turn them over to a storage provider, what happens to those tapes is now out of your hands.
What other “gaps” are there?
The “physical air gap” is not the only air gap available today. As backup processes have evolved over time, new types of air gaps have become available. Besides the old-school, physical one, you can now create something called a ”logical air gap”, using software programs that initiate the gap. Your backups are insulated from the rest of your system without you having to sacrifice access. This achieves the same security outcomes but through a more advanced platform, and does not limit you to tapes as the storage medium.
What are the risks of the air gap?
Since the air gap feature now isn’t unique to tape backups, giving up access to your collection by storing data on tape may be too big a trade-off for such a small gain. The tape consortium’s stubborn argument is that if a device can connect to a network, it’s at risk of a cyberattack. Technically, you would have to say that they’re right. The problem is that they overstate the benefits of the air gap and understate (or rather not mention at all) the new risks you have created for yourself by storing your data in offsite vaults.
Here are some examples of what those risks are:
- Numerous tape storage facilities have burned down globally, destroying all records and tapes.
- Customer tapes have been repeatedly lost by courier drivers and vault managers globally.
- Drivers of tape transport vans that do tape collections leave customer tapes in their vans often for the entire day. This subjects the tapes to:
- Severe heat or cold that is well outside the recommended standards for tape protection.
- Easy access to theft from the vehicle by breaking a window and grabbing an entire company’s (or multiple companies’) network backups.
- The high potential of mixing up tapes from one customer with those of another.
- The risk of a vehicle accident with blunt force damage to the medium.
- Accidental disposal of tapes by the third party provider.
Would you hand your company’s server over to a person you knew nothing about knowing that the server will be with them for months and that you won’t be able to supervise what they’re doing? If the answer is no, why do companies do it every day with their tapes?
A bad actor would have more success feigning his way into a company as a fake driver than using electronic means to hack his way into the cloud. That bad actor would then have months to use the air gap against you, while they perform whatever mischief they’ve been planning while you go on believing that your tapes are quite safe.
Don’t get me wrong, tape is a great technology and has a long life ahead of it. But the air gap is really not the feature that people should be using to try to promote it.
If your company has the budget and inclination to store tape backups offsite, then we recommend using a “logical air gap” by ingesting your tapes to the cloud, and initiating the air gap services available through all the hyperscalers. If the end-goal of having backups is being able to perform successful restores in the future, going with the cloud is a much better choice.
Tape Ark offers mass-scale tape to cloud ingest on a SaaS service that is revolutionizing the way companies store their tapes. Find out more here: https://www.tapeark.com/saas-based-tape-to-cloud-ingest/