I had the opportunity to attend in person and present on the latest in tape technology at the 16th Annual Flash Memory Summit (FMS) held in Santa Clara last week. That’s right, tape technology at a flash conference. My friends from the DNA Data Storage Alliance were there presenting too. So what gives?
In this executive Q & A, Tom Nakatani, president of FUJIFILM Recording Media U.S.A., Inc. (FRMU) discusses how tape technology plays a vital role in the world of data storage now and in the future.
Q1) Tell us a bit about yourself, your career at Fujifilm and how you ended up as president of FRMU?
I don’t like to age myself, but I have been in the Recording Media Business for 25 years since I joined Fujifilm in 1997. I worked primarily in international sales and marketing, responsible for key customers and partners. I also spent about six years at the European headquarters in Germany. Most recently I was assigned as VP of Sales and Marketing in the U.S. in September of 2020 before being appointed president of FRMU as of July 1st of this year. As president, I am responsible for the sales and profitability of this division including our Bedford manufacturing facility. I’m pleased to say Bedford is a world class operation with many cutting edge technologies and sustainability initiatives in place. It’s also the world’s largest LTO manufacturing facility, producing the greenest form of storage. But our biggest asset is our team of employees across the organization, from coast to coast, dedicated to exceptional customer satisfaction.
Q2) What are some of the biggest challenges facing the data storage industry today?
I think the biggest challenge starts with the ongoing and escalating digital transformation that is generating more data than we ever could have imagined even ten years ago. We are now firmly in the zettabyte age where we have a tendency to keep everything indefinitely and we’re afraid to delete anything. And rightfully so, as the value of data has increased and in many ways it is the new currency in this digital economy.
But the question is, how can we continue to manage ever increasing volumes of data that are growing exponentially? How can the industry afford it from a TCO perspective and from an energy consumption perspective? The IT industry needs to reduce its impact on global warming and climate change. And how do we protect the data from theft or ransomware? The IT industry needs a cost-effective way to prevent unauthorized access by securing data in offline, offsite locations.
These are significant challenges but tape solutions are part of the answer. It simply requires a strategic approach to data management and getting the right data in the right place at the right time. Why keep inactive data on 24/7 spinning disk that costs a lot and consumes a lot of energy? Why not move it to modern automated tape systems to reduce cost and CO2 footprint? This will free up HDD space for new, active data! Why not make a low cost copy of the data on tape and send it offsite for cyber security reasons? These solutions are available and are being practiced by the most technologically advanced and data intensive customers in the world today including the major hyperscalers.
Q3) How is FRMU innovating to address these challenges?
Together with our global Recording Media colleagues around the world we continue to bring innovative new products and solutions to market. Our tape technology provides the world’s leading companies with high-capacity data storage solutions to help them manage the increasing volumes of valuable data that we just discussed. Our recent release of LTO-9 with 18 TB native and up to 45 TB of compressed capacity is a good example. According to recent studies by industry experts, LTO-9 is even more energy efficient than previous generations of LTO and when compared to HDD can reduce CO2e by more than 95%. In addition, our Bedford facility has come up with innovative ways to custom package our tape products according to specific customer requirements for ease of use and sustainability goals. Our engineering teams have developed diagnostic tools to maximize performance of tape systems for some of our largest customers. We are also very excited about the innovation we are bringing to the object storage market. Our S3 compatible Object Archive software enables access to low cost tape storage with high reliability and security for long term archiving and preservation of valuable but low access data sets.
Q4) What role do you think tape will play in the future?
We believe organizations and enterprises of all kinds will continue to rely on our products for long-term, reliable, secure, eco-friendly and cost-effective data protection and retention. This includes backup for cybersecurity and ransomware protection to active archive for infrequently accessed data to cold archive for so much of the data that is rarely accessed but still has value and can’t be deleted. We have the fundamental building blocks in place to continue increasing areal density and capacity of magnetic linear tape well into the future based on magnetic particle science such as Barium Ferrite, Strontium Ferrite and even Epsilon Ferrite in the more distant future. Our most recent technology demo with IBM showed the potential for 580 TB of native capacity on a single LTO sized cartridge. That’s a lot of data but it’s what will eventually be needed to store and protect data beyond the zettabyte age in an economical and energy efficient manner. I’m sure that advancements will also continue in flash and HDD or new technologies like DNA data storage will come along. But I believe all these technologies will be needed and will complement each other.
As I started to write this blog on recent ransomware observations, an email message popped up on my PC from our IT department advising of additional and more stringent security enhancements taking place almost immediately to toughen my company’s cybersecurity and increase our protection against current and emerging threats. A sign of these cybercrime times, indeed!
Ransomware Trending According to a February 2022 Alert from CISA (Cybersecurity & Infrastructure Security Agency), 2021 trends showed an increasing threat of ransomware to organizations globally with tactics and techniques continuing to evolve in technological sophistication. So-called “big game” organizations like Colonial Pipeline, Kronos, JBS, Kaseya, and SolarWinds made the ransomware headlines over the past year or so. But according to the CISA Alert, by mid-2021, many ransomware threat actors, under pressure from U.S. authorities, turned their attention toward mid-sized victims to reduce the scrutiny and disruption caused by said authorities.
In a recent Enterprise Strategy Group (ESG) study, 64% of respondents said their organization had paid a ransom to regain access to data, applications, or systems. These findings are supported by the latest Threat Landscape report from the European Union Agency for Cybersecurity. It highlighted a 150% rise in ransomware in 2021 compared to 2020. The agency expects that trend to continue, and even accelerate in 2022.
But these numbers hide the stark reality of the ransomware scourge. Gangs like DarkSide, REvil, and BlackMatter are terrorizing organizations with ransomware – and they are getting smarter and more organized. They have moved beyond the basic ploy of infecting files, locking users out of their data, and demanding a fee. They still want money. But they also endanger reputations by exposing attacks, blackmailing companies by threatening to reveal corporate or personal dirty laundry, and selling intellectual property (IP) to competitors.
As a result, cybersecurity spending has become a priority in most organizations. According to ESG, 69% of organizations plan to spend more on cybersecurity in 2022 than in the previous year, while 68% of senior IT decision-makers identify ransomware as one of their organization’s top 5 business priorities. Such is the fear factor that organizations are now treating cybersecurity ahead of other organizational imperatives such as the cloud, artificial intelligence (AI), digital transformation, and application development.
New Federal Mandate and the SEC Takes Action On March 15th, in an effort to thwart cyberattacks from foreign spies and criminal hacking groups, President Biden signed into law a requirement for many critical-infrastructure companies to report to the government when they have been hacked. This way, authorities can better understand the scope of the problem and take appropriate action.
It’s also no wonder that the Security and Exchange Commission (SEC) is taking action. On March 9th, the SEC voted 3 to 1 to propose reporting and disclosures related to cybercrime incidents and preparedness. In a nutshell, the SEC will be asking publicly traded companies:
To disclose material cybersecurity incidents
To disclose its policies and procedures to identify and manage cybersecurity risks
To disclose management’s role and expertise in managing cybersecurity risks
To disclose the board of director’s oversight role
Specifically, the SEC will want to know:
Whether a company undertakes activities to prevent, detect and minimize the effects of cybersecurity incidents
Whether it has business continuity, contingency, and recovery plans in the event of a cybersecurity incident
Whether the entire board, certain board members, or a board committee is responsible for the oversight of cybersecurity risks
Whether and how the board or board committee considers cybersecurity risks as part of its business strategy, risk management, and financial oversight
Holding publicly traded companies and their boards accountable for best practices in combating ransomware is a big step in the right direction and will no doubt free up the required budgets and resources.
Lowering the Fear Factor Cybersecurity is already a top spending priority for 2022 and with SEC regulations looming, will likely continue to be a priority for quite some time. Companies are busy beefing up the tools and resources needed to thwart ransomware. They are buying intrusion response tools and services, extended or managed detection and response suites, security information and event management platforms, antivirus, anti-malware, next-generation firewalls, and more, including cybercrime insurance policies.
What may be missing in the spending frenzy, however, are some fundamental basics that can certainly lower the fear factor. Backup tools are an essential ingredient in being able to swiftly recover from ransomware or other attacks. Similarly, thorough and timely patch management greatly lowers the risk of hackers finding a way into the enterprise via an unpatched vulnerability.
Another smart purchase is software that scans data and backups to ensure that no ransomware or malware is hidden inside. It is not uncommon for a ransomware victim to conduct a restore and find that its backup files have also been corrupted by malware. Cleansing data that is ready to be backed up has become critical. These are some of the fundamental basics that need to be in place in the fight against ransomware. Organizations that neglect them suffer far more from breaches than those that take care of them efficiently.
Adding an Air Gap Another fundamental basic is the elegantly simple air gap. When data is stored in the cloud, on disk, or in a backup appliance, it remains connected to the network. This leaves it vulnerable to unauthorized access and infection from bad actors. An air gap is essentially a physical gap between data and the network. It disconnects backed up or archived data from the Internet.
Such a gap commonly exists by partitioning in, or removing tapes from, an automated tape library and either storing them on a shelf or sending them to a secure external service provider. If that data is properly scanned prior to being backed up or archived to ensure it is free of infection, it offers certainty that a corruption-free copy of data exists. If a ransomware attack occurs, the organization can confidently fall back on a reliable copy of its data – and avoid any ransom demands.
Effectively Combatting Ransomware There is no silver security bullet that will 100% guarantee freedom from ransomware. It is truly a multi-faceted strategy. Implementation of best-of-breed security tools is certainly necessary. But they must be supported by the steadfast application of backup and patching best practices and the addition of a tape-based air gap.
CISA, the FBI, and cybersecurity insurance companies all recommend offline, offsite, air-gapped copies of data. This can be achieved cost-effectively with today’s removable, and highly portable modern tape technology. The boards of publicly traded companies will likely want to do whatever it takes to demonstrate compliance with best practices to meet the SEC requirements. This should include air-gapped tape as part of a prudent and comprehensive strategy. A best practice in these cybercrime times, indeed!
As we head into 2022, I recall a quote from an IT industry executive who said in his 2021 predictions: “Ransomware is just in its infancy”. Indeed, ransomware reigns as today’s chief malware threat with no signs of subsiding anytime soon. Businesses may lose revenue, employee talent, customers, and even shut down from a ransomware attack. Coupled with the ransomware problem, exponential data growth challenges organizations with gathering, storing, and protecting their data cost-effectively with limited budgets. Strong data governance through active archive solutions helps organizations mitigate ransomware attacks and provides a framework for strategically managing their data growth.
A New White Paper by DCIG
In a recently published white paper by the Data Center Intelligence Group (DCIG), commissioned by the Active Archive Alliance, it is stated that active archiving solutions offer permanent and long-term protection for archived data against malicious intrusion as well as accidental data loss or corruption.
The report highlights numerous ways that active archive solutions can provide ransomware mitigation including:
Protecting archive data from modification. WORM (write once, read many) and retention management features keep archived data safe from malicious encryption or overwrite.
Replicating archived data and securing offline storage. Active archive solutions may secure archived data through offline storage, providing an air gap defense that removes the data from the network where it cannot be attacked. Archived data may be replicated for additional protection.
Replicating data to a secure cloud. Data remains online in a secure cloud, protecting it with security features like Secure Socket Layers (SSL) encryption and multi-factor user authentication.
Supporting 3-2-1 data archiving. The 3-2-1 model maintains three replicated copies stored on two different storage types, such as a disk-based backup system, a secure cloud platform, and online or offline tape.
Enabling rapid recovery. The more data sets that reside in primary storage, the greater the opportunity for hackers. Active archiving minimizes attack opportunities in primary storage by identifying and moving inactive files to secure cloud and offline archives. This approach leaves fewer data sets to test and recover on primary storage and primary backup, speeding up recovery with minimal business impact.
Let’s hope 2022 does not represent the “terrible 2s” as ransomware matures from its infancy. But if it does, it’s good to have strategic solutions like an active archive that help manage both the data and the threat!
As recently announced by Fujifilm, LTO-9 has arrived and is available for immediate delivery. It certainly comes at a time when the IT industry is so challenged to manage rampant data growth, control costs, reduce carbon footprint and fight off cyber-attacks. LTO-9 is coming to market just in time to meet all of these challenges with the right features like capacity, low cost, energy efficiency, and cyber security.
What a Great Run for LTO First of all, it is remarkable to look at how far LTO Ultrium technology has come since its introduction. LTO made its market debut in 2000 with the first generation LTO-1 at 100/200 GB native/compressed capacity with 384 data tracks. Transfer rate was just 20 MB native and 40 MB compressed per second. Fast forward 21 years to the availability of LTO-9 now with 18/45 TB native/ compressed capacity on 8,960 data tracks, with transfer rate increasing to 400 MB per second, 1,000 MB per second compressed! In terms of compressed capacity, that’s a 225X increase compared to LTO-1. Since 2000, Fujifilm alone has manufactured and sold over 170 million LTO tape cartridges, a pretty good run indeed.
Capacity to Absorb Bloated Data Sets We are firmly in the zettabyte age now and it’s no secret that data is growing faster than most organizations can handle. With compound annual data growth rates of 30 to 60% for most organizations, keeping data protected for the long term is increasingly challenging. Just delete it you say? That’s not an option as the value of data is increasing rapidly thanks to the many analytics tools we now have to derive value from it. If we can derive value from that data, even older data sets, then we want to keep it indefinitely. But this data can’t economically reside on Tier 1 or Tier 2 storage. Ideally, it will move to Tier 3 tape as an archive or active archive where online access can be maintained. LTO-9 is perfect for this application thanks to its large capacity (18 TB native, 45 TB compressed) and high data transfer rate (400 MB sec native, 1,000 MB sec compressed).
Lowest TCO to Help Control Costs Understanding your true total cost of ownership is of vital importance today as exponential data growth continues unabated. The days of just throwing more disk at storage capacity issues without any concern for cost are long gone. In fact, studies show that IT budgets on average are growing at less than 2.0% annually yet data growth is in the range of 30% to 60%. That’s a major disconnect! When compared to disk or cloud options, automated tape systems have the lowest TCO profile even for relatively low volumes of data less than one petabyte. And for larger workloads, the TCO is even more compelling. Thanks to LTO-9’s higher capacity and fast transfer rate, the efficiency of automated tape systems will improve keeping the TCO advantage firmly on tape’s side.
Lowest Energy Profile to Reduce Carbon Footprint Perhaps of even greater concern these days are the environmental impacts of energy-intensive IT operations and their negative effect on global warming and climate change. You may have thought 2020 was a pretty bad year, being tied for the hottest year on record with 2016. Remember the raging forest fires out West or the frequency of hurricanes and tropical storms? Well, it turns out 2021 is just as bad if not worse with the Caldor Fire and Hurricane IDA fresh in our memory.
Tape technology has a major advantage in terms of energy consumption as tape systems require no energy unless tapes are being read or written to in a tape drive. Otherwise, tapes that are idle in a library slot or vaulted offsite consume no energy. As a result, the CO2 footprint is significantly lower than always on disk systems, constantly spinning and generating heat that needs to be cooled. Studies show that tape systems consume 87% less energy and therefore produce 87% less CO2 than equivalent amounts of disk storage in the actual usage phase. More recent studies show that when you look at the total life cycle from raw materials and manufacturing to distribution, usage, and disposal, tape actually produces 95% less CO2 than disk. When you consider that 60% to 80% of data quickly gets cold with the frequency of access dropping off after just 30, 60, or 90 days, it only makes sense to move that data from expensive, energy-intensive tiers of storage to inexpensive energy-efficient tiers like tape. The energy profile of tape only improves with higher capacity generations such as LTO-9.
A Last Line of Defense Against Cybercrime Once again, 2021 is just as bad if not worse than 2020 when it comes to cybercrime and ransomware attacks. Every webinar you attend on this subject will say something to the effect of: “it’s not a question of if; it’s a question of when you will become the next ransomware victim.” The advice from the FBI is pretty clear: “Backup your data, system images, and configurations, test your backups, and keep backups offline.”
This is where the tape air gap plays an increasingly important role. Tape cartridges have always been designed to be easily removable and portable in support of any disaster recovery scenario. Thanks to the low total cost of ownership of today’s high-capacity automated tape systems, keeping a copy of mission-critical data offline, and preferably offsite, is economically feasible – especially considering the prevalence of ransomware attacks and the associated costs of recovery, ransom payments, lost revenue, profit, and fines.
In the event of a breach, organizations can retrieve a backup copy from tape systems, verify that it is free from ransomware and effectively recover. The high capacity of LTO-9 makes this process even more efficient, with fewer pieces of media moving to and from secure offsite locations.
The Strategic Choice for a Transforming World LTO-9 is the “strategic” choice for organizations because using tape to address long-term data growth and volume is strategic, adding disk is simply a short-term tactical measure. It’s easy to just throw more disks at the problem of data growth, but if you are being strategic about it, you invest in a long-term tape solution.
The world is “transforming” amidst the COVID pandemic as everyone has to do more with less and budgets are tight, digital transformation has accelerated, and we are now firmly in the zettabyte age which means we have more data to manage efficiently, cost-effectively, and in an environmentally friendly way. The world is also transforming as new threats like cybercrime become a fact of life, not just a rare occurrence that happens to someone else. In this respect, LTO-9 indeed comes to market at the right time with the right features to meet all of these challenges.
With the recent high-profile cases of ransomware hitting the news cycle like Colonial Pipeline, JBS and others, it appears ransomware is not going away anytime soon and may just be in its infancy. Ransomware is a lucrative business model for cybercriminals with ransom demands that can reach into the millions of dollars as was the case with Colonial ($4.4 M) and JBS ($11.0). Ransomware-as-a-Service (RaaS) is making the barriers of entry extremely low, so we can expect to see more bad actors entering the business and more attacks across every industry.
The sense of urgency is ratcheting up as the C-suite is clearly focused on cybersecurity. I was speaking to one customer about deploying offsite/offline backup tapes as an air gap who said “Cybersecurity is the top focus for us in the next six weeks. We need to act fast”. In addition to shoring up cybersecurity plans, or putting key components in place, the notion of acquiring cyber insurance is cropping up and no doubt is also on the C-suite agenda.
So what is Cyber Insurance?
Cyber insurance, also referred to as cyber-liability insurance, seeks to help companies recover and mitigate the damage from cyberattacks such as ransomware, data destruction or theft, extortion demands, denial of service attacks, etc. This class of insurance has been around since the early 1990s and is rapidly evolving and growing in terms of revenue for insurance companies. One report I came across pegged the market for this type of insurance at $3.15 B in 2019 and is expected to rise to over $20 B by 2025. According to another report, about a third of all large U.S. companies carry cyber insurance.
Typical corporate insurance policies for general liability and property damage most likely don’t cover cybercrime, so cyber insurance has become a stand-alone offering specifically suited for cybercrime protection. Depending on the policy, below are just a handful of items that typically may be covered:
Incident response costs related to restoring systems to pre-existing conditions
Recovery cost of data or software that has been deleted or corrupted
The cost of cyber extortion including the negotiation and execution of ransom payments
Lost profits due to IT system downtime
Financial theft or fraud arising from the cyber attack
Ransomware continues to threaten the security of enterprise IT infrastructures. In this Fujifilm Summit video, storage analyst George Crump talks to IBM’s Chris Bontempo about how artificial intelligence and machine learning are helping improve cybersecurity by identifying and stopping potential threats.
Vice President of Marketing
FUJIFILM Recording Media U.S.A., Inc
I recently returned from a speaking opportunity at the PRISM Conference held in Miami on May 8thand 9th where I spoke on the Role of Tape in Today’s Modern Offsite Storage Center. In addition to holding and protecting valuable data tape cartridges for archive, backup, and disaster recovery applications, offsite vaults also play a crucial role in providing an “air gap” against cyber criminals and their alarming malware and ransomware variants. Because of tape’s powerful value proposition, it provides this functionality particularly well. It’s easily portable, has the lowest total cost of ownership, is the most reliable storage medium today, and has long archival life and high capacity.
The audience, which included many regional data vault service providers from the U.S. and abroad, didn’t have to take my word on the value prop of tape. I backed it up with studies from leading IT research companies and articles from reliable publications such as the Wall Street Journal. I sprinkled in some news about tape usage from folks like Microsoft Azure. Finally, I detailed the bright future tape has based on its ability to continue to increase in areal density which will ensure increasing capacity and cost competitiveness without sacrificing performance, thanks in part to Fujifilm’s Barium Ferrite and Strontium Ferrite magnetic particle technology.
At the end of my presentation, during the Q&A, I got the following response and question: “Tape sounds great, how come we don’t see more tape volume flowing into our vaults?” One reason for this would be the increasing data densities of tape which would reduce unit volumes. Understandably this is not great for the vault service providers, but this is actually a great benefit for end users; they can store more data on fewer units. Another factor to consider is the ever-increasing popularity of cloud storage over say, the past five years. We have seen a move from on-premises, do-it-yourself storage to outsourced cloud services. This is especially true among startups and SMBs and specific verticals where the cloud can provide unique functionality such as compute and file sharing.
But as the world turns ever so slowly, so do market conditions. Now that data storage pros have gotten comfortable with what the cloud can do, they are also starting to understand some of the downsides such as high TCO associated with egress fees and bandwidth. Security concerns might be mounting too in light of escalating cybersecurity breaches.
So at some point, tape will make sense again for many of the folks who tried cloud, considering TCO, budget constraints and the need for air gap. It’s just a matter of time, as long as demand for storage keeps rising based on relentless data growth. And so long as the hackers don’t quit on the highly profitable multi-trillion dollar business of cybercrime.
According to Juniper Research, cybercrime is expected to become a $2.1 trillion problem by 2019. Using tape-based, offline storage creates an “air gap” that can prevent hackers from accessing your data. In this video, Fred Moore, president of Horison Information Strategies, explains the benefits of tape storage for data security.
Usage of Cookies