The Tape Storage Council, (TSC), released a new report “Tape to Play Critical Roles as the Zettabyte Era Takes Off,” which highlights the current trends, usages and technology innovations occurring within the tape storage industry. The zettabyte era is in full swing generating unprecedented capacity demand as many businesses move closer to Exascale storage requirements.
According to the LTO Program, 148 Exabytes (EB) of total tape capacity (compressed) shipped in 2021, marking an impressive record year. With a growth rate of 40%, this strong performance in shipments continues following the previous record-breaking 110 EB capacity shipped in 2019 and 105 EB of capacity shipped in the pandemic affected year of 2020.
The ever-increasing thirst for IT services has pushed energy usage, carbon emissions, and reducing the storage industry’s growing impact on global climate change to center stage. Plus, ransomware and cybercrime protection requirements are driving increased focus on air gap protection measures.
As a result of these trends, among others, the TSC expects tape to play an even broader role in the IT ecosystem going forward as the number of exabyte-sized environments grow. Key trends include:
Data-intensive applications and workflows fuel new tape growth.
Data accessibility. Tape performance improves access times and throughput.
Tape should be included in every green data center strategy.
Storage optimization receives a big boost from an active archive which provides dynamic optimization and fast data access for archival storage systems.
Organizations continue to invest in LTO tape technology thanks to its high capacity, reliability, low cost, low power consumption and strong data protection features, especially as threats to cybersecurity soar.
As I started to write this blog on recent ransomware observations, an email message popped up on my PC from our IT department advising of additional and more stringent security enhancements taking place almost immediately to toughen my company’s cybersecurity and increase our protection against current and emerging threats. A sign of these cybercrime times, indeed!
Ransomware Trending According to a February 2022 Alert from CISA (Cybersecurity & Infrastructure Security Agency), 2021 trends showed an increasing threat of ransomware to organizations globally with tactics and techniques continuing to evolve in technological sophistication. So-called “big game” organizations like Colonial Pipeline, Kronos, JBS, Kaseya, and SolarWinds made the ransomware headlines over the past year or so. But according to the CISA Alert, by mid-2021, many ransomware threat actors, under pressure from U.S. authorities, turned their attention toward mid-sized victims to reduce the scrutiny and disruption caused by said authorities.
In a recent Enterprise Strategy Group (ESG) study, 64% of respondents said their organization had paid a ransom to regain access to data, applications, or systems. These findings are supported by the latest Threat Landscape report from the European Union Agency for Cybersecurity. It highlighted a 150% rise in ransomware in 2021 compared to 2020. The agency expects that trend to continue, and even accelerate in 2022.
But these numbers hide the stark reality of the ransomware scourge. Gangs like DarkSide, REvil, and BlackMatter are terrorizing organizations with ransomware – and they are getting smarter and more organized. They have moved beyond the basic ploy of infecting files, locking users out of their data, and demanding a fee. They still want money. But they also endanger reputations by exposing attacks, blackmailing companies by threatening to reveal corporate or personal dirty laundry, and selling intellectual property (IP) to competitors.
As a result, cybersecurity spending has become a priority in most organizations. According to ESG, 69% of organizations plan to spend more on cybersecurity in 2022 than in the previous year, while 68% of senior IT decision-makers identify ransomware as one of their organization’s top 5 business priorities. Such is the fear factor that organizations are now treating cybersecurity ahead of other organizational imperatives such as the cloud, artificial intelligence (AI), digital transformation, and application development.
New Federal Mandate and the SEC Takes Action On March 15th, in an effort to thwart cyberattacks from foreign spies and criminal hacking groups, President Biden signed into law a requirement for many critical-infrastructure companies to report to the government when they have been hacked. This way, authorities can better understand the scope of the problem and take appropriate action.
It’s also no wonder that the Security and Exchange Commission (SEC) is taking action. On March 9th, the SEC voted 3 to 1 to propose reporting and disclosures related to cybercrime incidents and preparedness. In a nutshell, the SEC will be asking publicly traded companies:
To disclose material cybersecurity incidents
To disclose its policies and procedures to identify and manage cybersecurity risks
To disclose management’s role and expertise in managing cybersecurity risks
To disclose the board of director’s oversight role
Specifically, the SEC will want to know:
Whether a company undertakes activities to prevent, detect and minimize the effects of cybersecurity incidents
Whether it has business continuity, contingency, and recovery plans in the event of a cybersecurity incident
Whether the entire board, certain board members, or a board committee is responsible for the oversight of cybersecurity risks
Whether and how the board or board committee considers cybersecurity risks as part of its business strategy, risk management, and financial oversight
Holding publicly traded companies and their boards accountable for best practices in combating ransomware is a big step in the right direction and will no doubt free up the required budgets and resources.
Lowering the Fear Factor Cybersecurity is already a top spending priority for 2022 and with SEC regulations looming, will likely continue to be a priority for quite some time. Companies are busy beefing up the tools and resources needed to thwart ransomware. They are buying intrusion response tools and services, extended or managed detection and response suites, security information and event management platforms, antivirus, anti-malware, next-generation firewalls, and more, including cybercrime insurance policies.
What may be missing in the spending frenzy, however, are some fundamental basics that can certainly lower the fear factor. Backup tools are an essential ingredient in being able to swiftly recover from ransomware or other attacks. Similarly, thorough and timely patch management greatly lowers the risk of hackers finding a way into the enterprise via an unpatched vulnerability.
Another smart purchase is software that scans data and backups to ensure that no ransomware or malware is hidden inside. It is not uncommon for a ransomware victim to conduct a restore and find that its backup files have also been corrupted by malware. Cleansing data that is ready to be backed up has become critical. These are some of the fundamental basics that need to be in place in the fight against ransomware. Organizations that neglect them suffer far more from breaches than those that take care of them efficiently.
Adding an Air Gap Another fundamental basic is the elegantly simple air gap. When data is stored in the cloud, on disk, or in a backup appliance, it remains connected to the network. This leaves it vulnerable to unauthorized access and infection from bad actors. An air gap is essentially a physical gap between data and the network. It disconnects backed up or archived data from the Internet.
Such a gap commonly exists by partitioning in, or removing tapes from, an automated tape library and either storing them on a shelf or sending them to a secure external service provider. If that data is properly scanned prior to being backed up or archived to ensure it is free of infection, it offers certainty that a corruption-free copy of data exists. If a ransomware attack occurs, the organization can confidently fall back on a reliable copy of its data – and avoid any ransom demands.
Effectively Combatting Ransomware There is no silver security bullet that will 100% guarantee freedom from ransomware. It is truly a multi-faceted strategy. Implementation of best-of-breed security tools is certainly necessary. But they must be supported by the steadfast application of backup and patching best practices and the addition of a tape-based air gap.
CISA, the FBI, and cybersecurity insurance companies all recommend offline, offsite, air-gapped copies of data. This can be achieved cost-effectively with today’s removable, and highly portable modern tape technology. The boards of publicly traded companies will likely want to do whatever it takes to demonstrate compliance with best practices to meet the SEC requirements. This should include air-gapped tape as part of a prudent and comprehensive strategy. A best practice in these cybercrime times, indeed!
The Arrival of the Zettabyte Era The data storage market has clearly entered the “zettabyte era” where new capacity shipments have exceeded a massive one zettabyte for a couple of years now. The data storage requirements are being driven by the phenomenon of “digital transformation” and the rising value of data that needs to be stored for longer periods of time, and in some cases, indefinitely. Further accelerating the zettabyte era is the other era we are all in, that being the “pandemic era”. With this era comes the unanticipated need for an unexpected remote workforce and the ever-expanding internet with its proliferation of online apps.
Pandemic Related Supply Shortages The pandemic has brought with it related disruptions to the global supply chain including shortages of semiconductor chips. It’s been tough to get modern goods from toys to notebooks to refrigerators to automobiles. The combination of zettabyte and pandemic era has even put a strain on supply chains and the availability of SSDs and HDDs needed to support the digital transformation. This has been the cause of fluctuating prices based on quarterly supply and demand swings.
Supply Chain Challenges Persist While pandemic-related labor shortages have delayed the production and distribution of goods, other factors are making matters worse. How about global warming, climate change, and the ensuing natural disasters that have had negative impacts on the supply chain? How about international rivalries and tensions impacting the availability of key components? Or cybercriminals shutting down vital infrastructure? Bottom line: industry pundits say we can expect supply chain hassles to continue throughout 2022.
Supply Chain Contingency Planning in Data Storage Faced with supply chain risks in any industry, it’s always good to have contingency plans to mitigate risk and ensure ongoing operations. The IT industry is no exception where the availability of commodities that we may take for granted can be interrupted by any of the factors listed above from unforeseen demand to pandemic-related shortages to global warming, trade wars, and cybercrime.
A great way to avoid supply chain disruptions in the availability of primary storage devices like SSDs and HDDs is to employ intelligent data management software, typical of active archive solutions, that will automate the migration of data from these potentially supply chain affected devices to a modern, automated tape library. Since 60 to 80 percent of data quickly goes cold after a short period of time, why keep it stored on higher performing, expensive, and energy-intensive devices? Given the global supply chain uncertainty, 3 good reasons to migrate data from primary storage devices to tape storage are:
Free up capacity on expensive Tier 1 and Tier 2 storage devices like SSDs and HDDs in favor of TCO friendly tape systems
Reduce energy consumption and related CO2 emissions by leveraging the low power profile of automated tape systems
Take advantage of tape’s natural air gap security in the never-ending war against ransomware
The above actually makes sense even in the absence of supply chain concerns. Since data to be stored is growing at a CAGR of around 30% versus IT budget growth somewhere in the low single digits, the IT industry needs to find a more cost-effective storage solution. With the increasing value of data and indefinite retention periods, the long-term archival profile of tape coupled with best-in-class reliability actually makes sense.
Fighting Climate Change and Cybercrime Finally, we all have to engage in the battle against global warming and climate change if we are to preserve the planet that we inhabit. Studies show that tape systems consume 87% less energy than equivalent amounts of disk storage and produce 95% less CO2 emissions than disk over the product lifecycle. Other studies show that collectively, the global IT industry could avoid as much as 664 million metric tons of CO2 emissions by strategically moving more data to tape systems. As data cools off or goes cold, it should migrate to less expensive, less energy-intensive, and more secure tiers of storage.
Once the pandemic era finally subsides, it will be environmental calamities brought on by climate change and the relentless threat of cybercriminals that will have long-term impacts on supply chains.
By Rich Gadomski, Head of Tape Evangelism, FUJIFILM Recording Media U.S.A., Inc.
It seems like 2020 and 2021 have blended to combine into one long, tough time for all of us. Let’s hope 2022 emerges on the brighter side! In the meantime, here are 5 big predictions we see coming up in this New Year and beyond:
1. Increasing Focus on IT Energy Consumption
Severe weather was once again a hallmark of 2021, from the Texas deep freeze right up to the bitter end of 2021. As unusual tornadoes and wildfires reminded us of the negative impact of global warming and climate change.
According to a report from the United Nations released in August of 2021, irreversible damage has already been done to the environment as a result of greenhouse gas emissions. The world showed renewed interest in the COP 26 conference in Glasgow where countries from around the globe gathered to pledge their commitments to combat climate change.
Wall Street got in on the act too and will increasingly demand that companies disclose their sustainability initiatives and results. Accordingly, more and more companies will be appointing Chief Sustainability Officers who will put pressure on their organization’s energy usage including energy-intensive IT operations. The use of renewables, but also energy conservation measures will be mandated.
Curbing CO2 emissions is quickly becoming a C-suite imperative and storage will not escape the scrutiny. Research shows that 81% of CIOs would consider alternative data storage options that are more cost-effective and sustainable. This will set the stage for new tape system deployments that not only can reduce TCO by more than 70%, but can reduce CO2 emissions by 95% compared to traditional HDD storage.
2. Return to Hybrid Cloud Strategies
Prior to COVID 19, the term “cloud repatriation” appeared often in the press as it turned out that cloud was not a panacea for everything. But COVID 19 understandably created short-term storage strategies often resulting in a flight to the cloud.
However, long-term thinking will favor hybrid cloud strategies where the best of public cloud plus on-prem private cloud provides maximum flexibility and value. This will especially apply to data accessibility, regulatory requirements, data governance, and cybercrime risks including ransomware.
Today’s modern automated tape solutions will provide the advantages of cost, scalability, reliability, and data protection to support the hybrid cloud model.
3. Storage Optimization Will Be Key to Data Growth Management
With the continuing digital transformation comes the zettabyte age of storage where data to be stored globally will approach 6.0 zettabytes (ZB) in 2022, according to a leading IT industry analyst. Just one ZB would require 55 million 18.0 TB HDDs or 55 million 18.0 TB LTO-9 cartridges!
Storage optimization, that is to say, getting the right data, in the right place, at the right time, and at the right cost will be critical to maintaining competitive advantage.
Intelligent data management will be required, leveraging multiple tiers of storage, active archives, and innovative S3-compatible archive solutions for object storage. Nowhere will this be more apparent than in digital preservation and high-performance computing environments with a simple need to offload expensive object storage to cost-effective tape systems using an S3-compatible API.
4. Continuing Rise of Ransomware
It has been said that ransomware is only in “its infancy” and it’s been said many more times, an attack is not a matter of “if” but “when.” The FBI and CISA have weighed in with this advice:
“Backup your data, system images, and configurations, test your backups, and keep backups offline.”
As ransomware hackers mature in sophistication (and profits), online backups are increasingly being targeted to hamper recovery efforts, including cloud-based backups connected to a network. As a result, the value of affordable, removable, and highly-portable tape will only increase, providing true air gap protection (meaning offline, offsite backups in a secure location).
5. Video Surveillance Content Management
As we predicted last year, data tape has increasingly become a strategic option in managing the ballooning volume of video content associated with video surveillance applications.
Due to security reasons, regulatory compliance, or for future analytics, retention volumes and periods will only increase making legacy HDD solutions cost-prohibitive and unsustainable in terms of energy consumption. Look for increasing adoption of cost-effective tier 2 tape in video retention workflows in 2022.
Successfully emerging from the combined years of 2020 and 2021 will require getting back to strategic, long-term planning. Given the relentless growth of data, environmental concerns, and limited resources and budgets, today’s highly advanced tape storage will play an increasingly vital role in 2022 and beyond.
As we head into 2022, I recall a quote from an IT industry executive who said in his 2021 predictions: “Ransomware is just in its infancy”. Indeed, ransomware reigns as today’s chief malware threat with no signs of subsiding anytime soon. Businesses may lose revenue, employee talent, customers, and even shut down from a ransomware attack. Coupled with the ransomware problem, exponential data growth challenges organizations with gathering, storing, and protecting their data cost-effectively with limited budgets. Strong data governance through active archive solutions helps organizations mitigate ransomware attacks and provides a framework for strategically managing their data growth.
A New White Paper by DCIG
In a recently published white paper by the Data Center Intelligence Group (DCIG), commissioned by the Active Archive Alliance, it is stated that active archiving solutions offer permanent and long-term protection for archived data against malicious intrusion as well as accidental data loss or corruption.
The report highlights numerous ways that active archive solutions can provide ransomware mitigation including:
Protecting archive data from modification. WORM (write once, read many) and retention management features keep archived data safe from malicious encryption or overwrite.
Replicating archived data and securing offline storage. Active archive solutions may secure archived data through offline storage, providing an air gap defense that removes the data from the network where it cannot be attacked. Archived data may be replicated for additional protection.
Replicating data to a secure cloud. Data remains online in a secure cloud, protecting it with security features like Secure Socket Layers (SSL) encryption and multi-factor user authentication.
Supporting 3-2-1 data archiving. The 3-2-1 model maintains three replicated copies stored on two different storage types, such as a disk-based backup system, a secure cloud platform, and online or offline tape.
Enabling rapid recovery. The more data sets that reside in primary storage, the greater the opportunity for hackers. Active archiving minimizes attack opportunities in primary storage by identifying and moving inactive files to secure cloud and offline archives. This approach leaves fewer data sets to test and recover on primary storage and primary backup, speeding up recovery with minimal business impact.
Let’s hope 2022 does not represent the “terrible 2s” as ransomware matures from its infancy. But if it does, it’s good to have strategic solutions like an active archive that help manage both the data and the threat!
With the recent high-profile cases of ransomware hitting the news cycle like Colonial Pipeline, JBS and others, it appears ransomware is not going away anytime soon and may just be in its infancy. Ransomware is a lucrative business model for cybercriminals with ransom demands that can reach into the millions of dollars as was the case with Colonial ($4.4 M) and JBS ($11.0). Ransomware-as-a-Service (RaaS) is making the barriers of entry extremely low, so we can expect to see more bad actors entering the business and more attacks across every industry.
The sense of urgency is ratcheting up as the C-suite is clearly focused on cybersecurity. I was speaking to one customer about deploying offsite/offline backup tapes as an air gap who said “Cybersecurity is the top focus for us in the next six weeks. We need to act fast”. In addition to shoring up cybersecurity plans, or putting key components in place, the notion of acquiring cyber insurance is cropping up and no doubt is also on the C-suite agenda.
So what is Cyber Insurance?
Cyber insurance, also referred to as cyber-liability insurance, seeks to help companies recover and mitigate the damage from cyberattacks such as ransomware, data destruction or theft, extortion demands, denial of service attacks, etc. This class of insurance has been around since the early 1990s and is rapidly evolving and growing in terms of revenue for insurance companies. One report I came across pegged the market for this type of insurance at $3.15 B in 2019 and is expected to rise to over $20 B by 2025. According to another report, about a third of all large U.S. companies carry cyber insurance.
Typical corporate insurance policies for general liability and property damage most likely don’t cover cybercrime, so cyber insurance has become a stand-alone offering specifically suited for cybercrime protection. Depending on the policy, below are just a handful of items that typically may be covered:
Incident response costs related to restoring systems to pre-existing conditions
Recovery cost of data or software that has been deleted or corrupted
The cost of cyber extortion including the negotiation and execution of ransom payments
Lost profits due to IT system downtime
Financial theft or fraud arising from the cyber attack
Ransomware attacks used to be relatively simple, if unpleasant, affairs. A device would be compromised, the user locked out, and a ransom notice would appear: Pay up if you want to access those files again. On an organizational level, hackers would sometimes gain enough presence in the network to be able to lock IT and users out of their systems. Many of these attacks would go largely unnoticed, even unreported with minimal impact to anyone except the victim organization.
But the Colonial Pipeline hack added a more sinister element – shutting down the pipeline backbone that provides 45% of the gasoline consumed by most of the U.S. eastern seaboard. Gas prices spiked as supplies began to run out. Lines appeared as panic set in at the pumps. The pipeline operator acted quickly and made a ransom payment of $4.4 million dollars in bitcoin to the cybercriminals behind the breach. In return, they provided Colonial with a decryption tool to regain access to their systems. Not surprisingly, the decryption tool turned out to be less than effective, forcing Colonial to restore from existing backups anyway.
But the success of the attack and money paid over is likely to embolden hackers to go after even more lucrative infrastructure targets. That’s why the FBI strongly advises organizations not to pay a ransom. It’s not unlike the policy of refusing to negotiate with terrorists. Paying the ransom not only emboldens the criminals, it does not guarantee complete recovery or prevent repeated ransomware attacks. The more you give in to their demands, the more likely they are to try again.
But Colonial Pipeline paid after careful consideration of what was best for all those that depend on its infrastructure. Some are now wondering if the FBI will carry out its threat to fine Colonial and those who do decide to pay out a ransom. This remains to be seen. Yet, in the high-stakes game of oil and gas, any fine is likely to be no more than a minor inconvenience compared to the potential revenue and profits at risk – perhaps one of the motivations behind the company paying fairly soon after the attack.
Brazen Attacks on the Rise
Expect, then, even more brazen and perhaps costly attacks on U.S. infrastructure, government, industry, and essential services. Remember the SolarWinds saga from earlier in the year? The vulnerabilities of the U.S. Government and its software contractors exposed in this case prompted the White House executive order on “Improving the Nation’s Cybersecurity” issued on May 12th. The fall-out from the Colonial Pipeline attack will likely lead to stiffer regulations imposed on pipeline operators and other critical infrastructure players. The broader market needs to pay attention, too, as the frequency of ransomware continues to rise:
Department of Homeland Security figures show a 300% increase in ransomware in 2020 compared to the previous year.
Small business targets paid out $350 million in ransoms last year.
Attacks on schools, local government systems, and healthcare providers have risen sharply.
And the volume of ransomware victims is expected to rise sharply this year.
Most organizations are understandably far more focused on their primary mission than on instituting cybersecurity measures. This often makes them easy targets. All it takes is one slip by IT or one gullible user and the bad guys can move in and do their damage. Increasingly, that damage involves ransomware.
There is increasing pressure around the world to reduce emissions and lower mankind’s carbon footprint. It is up to the IT sector to do its part, and that means considerably lowering power usage. But that is easier said than done when you consider the statistics.
IDC predicts we will arrive at the mind-boggling figure of 175 zettabytes of data in the digital universe within 4 years. 175 ZB? Consider how long it takes most users to fill a one TB drive. Well, 175 ZB equates to approximately 175 billion TB drives.
The problem is this: how do you reduce IT’s overall power draw in the face of a massive and continual upsurge in data storage? Once 175 ZB of data exists, there is no possibility of containing electrical usage if the vast majority of storage is sitting on hard disk drives (HDDs). The only solution is to cure the industry’s addiction to disk.
Here are the numbers. Data centers alone account for close to 2% of all power consumed in the U.S., about 73 billion kilowatt hours (kWh) in 2020. That is enough to set off the alarm bells. Yet tremendous progress has been made over the past two decades in terms of data center efficiency. When power consumption in data centers soared by 90% between 2000 and 2005 period, the industry acted forcefully. The rate of growth slowed to 24% between 2005 and 2010 and then fell to less than 5% for the entire decade between 2010 and 2020. That’s miraculous when you consider that it was achieved during a period that represented the largest surge in storage growth in history. Smartphones, streaming video, texting, multi-core processors, analytics, the Internet of Things (IoT), cloud storage, big data, and other IT innovations demanded the retention of more and more data.
Big strides were made in Power Usage Effectiveness (PUE – the ratio of data center power consumption divided by the power usage). Data centers have largely done a good job in improving the efficiency of their operations. But the one area lagging badly behind is storage efficiency.
By Chris Kehoe, Head of Infrastructure Engineering, FUJIFILM Recording Media U.S.A., Inc.
Object storage has many benefits. Near infinite capacity combined with good metadata capabilities and low cost have propelled it beyond its initial use cases of archiving and backup. More recently, it is being deployed as an aid to compute processing at the edge, in analytics, machine learning, disaster recovery, and regulatory compliance. However, one recent paper perhaps got a little over-enthusiastic in claiming that disk-based object storage provided an adequate safeguard against the threat of ransomware.
The basic idea proposed is that ransomware protection is achieved by having multiple copies of object data protecting against that kind of intrusion. If the object store suffers ransomware incursion, the backup is there for recovery purposes. The flaw in this logic, however, is that any technology that is online cannot be considered to be immune to ransomware. Unless it is the work of an insider, any attempt at hacking must enter via online resources. Any digital file or asset that is online – whether it stored in a NAS filer, a SAN array, or on object storage – is open to attack.
Keeping multiple copies of object storage is certainly a wise strategy and does offer a certain level of protection. But if those objects are online on disk, a persistent connection exists that can be compromised. Even in cases where spin-down disk is deployed, there still remains an automated electronic connection. As soon as a data request is made, therefore, the data is online and potentially exposed to the nefarious actions of cybercriminals.
The changing landscape of the data protection industry has evolved from primarily backing up data in order to recover from hardware, software, network failures and human errors, to fighting a mounting wave of cybercrime. Over the years, hardware and software have significantly improved their reliability and resiliency levels but security is a people problem, and people are committing the cybercrimes.
Cybercrime has now become the biggest threat to data protection and the stakes are getting higher as anonymous individuals seek to profit from other’s valuable digital data. With a cease-fire in the cybercrime war highly unlikely, we are witnessing a rapid convergence of data protection and cybersecurity to counter rapidly growing and costly cybercrime threats, including ransomware. The growing cybercrime wave has positioned air-gapped storage solutions as a key component of digital data protection – they simply can’t be hacked.
Traditional backup and archival data can be stored locally or in cloud environments. In contrast, a cyber-resilient copy of data must meet additional more stringent requirements. This is where “air gapping” and tape technology are gaining momentum. The rise of cybercrime officially makes the offline copy of data stored on tape more valuable and takes advantage of what is referred to as the tape air gap. The tape air gap is an electronically disconnected or isolated copy of data in a robotic library or tape rack that prevents cybercriminals from attacking a backup, archive or any other data.
Tape cartridges in a robotic tape library or manually accessed tape cartridges in tape racks, are currently the only data center class air-gapped storage solution available.
Usage of Cookies