The Tape Storage Council, (TSC), released a new report “Tape to Play Critical Roles as the Zettabyte Era Takes Off,” which highlights the current trends, usages and technology innovations occurring within the tape storage industry. The zettabyte era is in full swing generating unprecedented capacity demand as many businesses move closer to Exascale storage requirements.
According to the LTO Program, 148 Exabytes (EB) of total tape capacity (compressed) shipped in 2021, marking an impressive record year. With a growth rate of 40%, this strong performance in shipments continues following the previous record-breaking 110 EB capacity shipped in 2019 and 105 EB of capacity shipped in the pandemic affected year of 2020.
The ever-increasing thirst for IT services has pushed energy usage, carbon emissions, and reducing the storage industry’s growing impact on global climate change to center stage. Plus, ransomware and cybercrime protection requirements are driving increased focus on air gap protection measures.
As a result of these trends, among others, the TSC expects tape to play an even broader role in the IT ecosystem going forward as the number of exabyte-sized environments grow. Key trends include:
Data-intensive applications and workflows fuel new tape growth.
Data accessibility. Tape performance improves access times and throughput.
Tape should be included in every green data center strategy.
Storage optimization receives a big boost from an active archive which provides dynamic optimization and fast data access for archival storage systems.
Organizations continue to invest in LTO tape technology thanks to its high capacity, reliability, low cost, low power consumption and strong data protection features, especially as threats to cybersecurity soar.
As I started to write this blog on recent ransomware observations, an email message popped up on my PC from our IT department advising of additional and more stringent security enhancements taking place almost immediately to toughen my company’s cybersecurity and increase our protection against current and emerging threats. A sign of these cybercrime times, indeed!
Ransomware Trending According to a February 2022 Alert from CISA (Cybersecurity & Infrastructure Security Agency), 2021 trends showed an increasing threat of ransomware to organizations globally with tactics and techniques continuing to evolve in technological sophistication. So-called “big game” organizations like Colonial Pipeline, Kronos, JBS, Kaseya, and SolarWinds made the ransomware headlines over the past year or so. But according to the CISA Alert, by mid-2021, many ransomware threat actors, under pressure from U.S. authorities, turned their attention toward mid-sized victims to reduce the scrutiny and disruption caused by said authorities.
In a recent Enterprise Strategy Group (ESG) study, 64% of respondents said their organization had paid a ransom to regain access to data, applications, or systems. These findings are supported by the latest Threat Landscape report from the European Union Agency for Cybersecurity. It highlighted a 150% rise in ransomware in 2021 compared to 2020. The agency expects that trend to continue, and even accelerate in 2022.
But these numbers hide the stark reality of the ransomware scourge. Gangs like DarkSide, REvil, and BlackMatter are terrorizing organizations with ransomware – and they are getting smarter and more organized. They have moved beyond the basic ploy of infecting files, locking users out of their data, and demanding a fee. They still want money. But they also endanger reputations by exposing attacks, blackmailing companies by threatening to reveal corporate or personal dirty laundry, and selling intellectual property (IP) to competitors.
As a result, cybersecurity spending has become a priority in most organizations. According to ESG, 69% of organizations plan to spend more on cybersecurity in 2022 than in the previous year, while 68% of senior IT decision-makers identify ransomware as one of their organization’s top 5 business priorities. Such is the fear factor that organizations are now treating cybersecurity ahead of other organizational imperatives such as the cloud, artificial intelligence (AI), digital transformation, and application development.
New Federal Mandate and the SEC Takes Action On March 15th, in an effort to thwart cyberattacks from foreign spies and criminal hacking groups, President Biden signed into law a requirement for many critical-infrastructure companies to report to the government when they have been hacked. This way, authorities can better understand the scope of the problem and take appropriate action.
It’s also no wonder that the Security and Exchange Commission (SEC) is taking action. On March 9th, the SEC voted 3 to 1 to propose reporting and disclosures related to cybercrime incidents and preparedness. In a nutshell, the SEC will be asking publicly traded companies:
To disclose material cybersecurity incidents
To disclose its policies and procedures to identify and manage cybersecurity risks
To disclose management’s role and expertise in managing cybersecurity risks
To disclose the board of director’s oversight role
Specifically, the SEC will want to know:
Whether a company undertakes activities to prevent, detect and minimize the effects of cybersecurity incidents
Whether it has business continuity, contingency, and recovery plans in the event of a cybersecurity incident
Whether the entire board, certain board members, or a board committee is responsible for the oversight of cybersecurity risks
Whether and how the board or board committee considers cybersecurity risks as part of its business strategy, risk management, and financial oversight
Holding publicly traded companies and their boards accountable for best practices in combating ransomware is a big step in the right direction and will no doubt free up the required budgets and resources.
Lowering the Fear Factor Cybersecurity is already a top spending priority for 2022 and with SEC regulations looming, will likely continue to be a priority for quite some time. Companies are busy beefing up the tools and resources needed to thwart ransomware. They are buying intrusion response tools and services, extended or managed detection and response suites, security information and event management platforms, antivirus, anti-malware, next-generation firewalls, and more, including cybercrime insurance policies.
What may be missing in the spending frenzy, however, are some fundamental basics that can certainly lower the fear factor. Backup tools are an essential ingredient in being able to swiftly recover from ransomware or other attacks. Similarly, thorough and timely patch management greatly lowers the risk of hackers finding a way into the enterprise via an unpatched vulnerability.
Another smart purchase is software that scans data and backups to ensure that no ransomware or malware is hidden inside. It is not uncommon for a ransomware victim to conduct a restore and find that its backup files have also been corrupted by malware. Cleansing data that is ready to be backed up has become critical. These are some of the fundamental basics that need to be in place in the fight against ransomware. Organizations that neglect them suffer far more from breaches than those that take care of them efficiently.
Adding an Air Gap Another fundamental basic is the elegantly simple air gap. When data is stored in the cloud, on disk, or in a backup appliance, it remains connected to the network. This leaves it vulnerable to unauthorized access and infection from bad actors. An air gap is essentially a physical gap between data and the network. It disconnects backed up or archived data from the Internet.
Such a gap commonly exists by partitioning in, or removing tapes from, an automated tape library and either storing them on a shelf or sending them to a secure external service provider. If that data is properly scanned prior to being backed up or archived to ensure it is free of infection, it offers certainty that a corruption-free copy of data exists. If a ransomware attack occurs, the organization can confidently fall back on a reliable copy of its data – and avoid any ransom demands.
Effectively Combatting Ransomware There is no silver security bullet that will 100% guarantee freedom from ransomware. It is truly a multi-faceted strategy. Implementation of best-of-breed security tools is certainly necessary. But they must be supported by the steadfast application of backup and patching best practices and the addition of a tape-based air gap.
CISA, the FBI, and cybersecurity insurance companies all recommend offline, offsite, air-gapped copies of data. This can be achieved cost-effectively with today’s removable, and highly portable modern tape technology. The boards of publicly traded companies will likely want to do whatever it takes to demonstrate compliance with best practices to meet the SEC requirements. This should include air-gapped tape as part of a prudent and comprehensive strategy. A best practice in these cybercrime times, indeed!
It seems like 2020 and 2021 have blended to combine into one long, tough time for all of us. Let’s hope 2022 emerges on the brighter side! In the meantime, here are 5 big predictions we see coming up in this New Year and beyond:
1. Increasing Focus on IT Energy Consumption
Severe weather was once again a hallmark of 2021, from the Texas deep freeze right up to the bitter end of 2021. As unusual tornadoes and wildfires reminded us of the negative impact of global warming and climate change.
According to a report from the United Nations released in August of 2021, irreversible damage has already been done to the environment as a result of greenhouse gas emissions. The world showed renewed interest in the COP 26 conference in Glasgow where countries from around the globe gathered to pledge their commitments to combat climate change.
Wall Street got in on the act too and will increasingly demand that companies disclose their sustainability initiatives and results. Accordingly, more and more companies will be appointing Chief Sustainability Officers who will put pressure on their organization’s energy usage including energy-intensive IT operations. The use of renewables, but also energy conservation measures will be mandated.
Curbing CO2 emissions is quickly becoming a C-suite imperative and storage will not escape the scrutiny. Research shows that 81% of CIOs would consider alternative data storage options that are more cost-effective and sustainable. This will set the stage for new tape system deployments that not only can reduce TCO by more than 70%, but can reduce CO2 emissions by 95% compared to traditional HDD storage.
2. Return to Hybrid Cloud Strategies
Prior to COVID 19, the term “cloud repatriation” appeared often in the press as it turned out that cloud was not a panacea for everything. But COVID 19 understandably created short-term storage strategies often resulting in a flight to the cloud.
However, long-term thinking will favor hybrid cloud strategies where the best of public cloud plus on-prem private cloud provides maximum flexibility and value. This will especially apply to data accessibility, regulatory requirements, data governance, and cybercrime risks including ransomware.
Today’s modern automated tape solutions will provide the advantages of cost, scalability, reliability, and data protection to support the hybrid cloud model.
3. Storage Optimization Will Be Key to Data Growth Management
With the continuing digital transformation comes the zettabyte age of storage where data to be stored globally will approach 6.0 zettabytes (ZB) in 2022, according to a leading IT industry analyst. Just one ZB would require 55 million 18.0 TB HDDs or 55 million 18.0 TB LTO-9 cartridges!
Storage optimization, that is to say, getting the right data, in the right place, at the right time, and at the right cost will be critical to maintaining competitive advantage.
Intelligent data management will be required, leveraging multiple tiers of storage, active archives, and innovative S3-compatible archive solutions for object storage. Nowhere will this be more apparent than in digital preservation and high-performance computing environments with a simple need to offload expensive object storage to cost-effective tape systems using an S3-compatible API.
4. Continuing Rise of Ransomware
It has been said that ransomware is only in “its infancy” and it’s been said many more times, an attack is not a matter of “if” but “when.” The FBI and CISA have weighed in with this advice:
“Backup your data, system images, and configurations, test your backups, and keep backups offline.”
As ransomware hackers mature in sophistication (and profits), online backups are increasingly being targeted to hamper recovery efforts, including cloud-based backups connected to a network. As a result, the value of affordable, removable, and highly-portable tape will only increase, providing true air gap protection (meaning offline, offsite backups in a secure location).
5. Video Surveillance Content Management
As we predicted last year, data tape has increasingly become a strategic option in managing the ballooning volume of video content associated with video surveillance applications.
Due to security reasons, regulatory compliance, or for future analytics, retention volumes and periods will only increase making legacy HDD solutions cost-prohibitive and unsustainable in terms of energy consumption. Look for increasing adoption of cost-effective tier 2 tape in video retention workflows in 2022.
Successfully emerging from the combined years of 2020 and 2021 will require getting back to strategic, long-term planning. Given the relentless growth of data, environmental concerns, and limited resources and budgets, today’s highly advanced tape storage will play an increasingly vital role in 2022 and beyond.
As we head into 2022, I recall a quote from an IT industry executive who said in his 2021 predictions: “Ransomware is just in its infancy”. Indeed, ransomware reigns as today’s chief malware threat with no signs of subsiding anytime soon. Businesses may lose revenue, employee talent, customers, and even shut down from a ransomware attack. Coupled with the ransomware problem, exponential data growth challenges organizations with gathering, storing, and protecting their data cost-effectively with limited budgets. Strong data governance through active archive solutions helps organizations mitigate ransomware attacks and provides a framework for strategically managing their data growth.
A New White Paper by DCIG
In a recently published white paper by the Data Center Intelligence Group (DCIG), commissioned by the Active Archive Alliance, it is stated that active archiving solutions offer permanent and long-term protection for archived data against malicious intrusion as well as accidental data loss or corruption.
The report highlights numerous ways that active archive solutions can provide ransomware mitigation including:
Protecting archive data from modification. WORM (write once, read many) and retention management features keep archived data safe from malicious encryption or overwrite.
Replicating archived data and securing offline storage. Active archive solutions may secure archived data through offline storage, providing an air gap defense that removes the data from the network where it cannot be attacked. Archived data may be replicated for additional protection.
Replicating data to a secure cloud. Data remains online in a secure cloud, protecting it with security features like Secure Socket Layers (SSL) encryption and multi-factor user authentication.
Supporting 3-2-1 data archiving. The 3-2-1 model maintains three replicated copies stored on two different storage types, such as a disk-based backup system, a secure cloud platform, and online or offline tape.
Enabling rapid recovery. The more data sets that reside in primary storage, the greater the opportunity for hackers. Active archiving minimizes attack opportunities in primary storage by identifying and moving inactive files to secure cloud and offline archives. This approach leaves fewer data sets to test and recover on primary storage and primary backup, speeding up recovery with minimal business impact.
Let’s hope 2022 does not represent the “terrible 2s” as ransomware matures from its infancy. But if it does, it’s good to have strategic solutions like an active archive that help manage both the data and the threat!
With the recent high-profile cases of ransomware hitting the news cycle like Colonial Pipeline, JBS and others, it appears ransomware is not going away anytime soon and may just be in its infancy. Ransomware is a lucrative business model for cybercriminals with ransom demands that can reach into the millions of dollars as was the case with Colonial ($4.4 M) and JBS ($11.0). Ransomware-as-a-Service (RaaS) is making the barriers of entry extremely low, so we can expect to see more bad actors entering the business and more attacks across every industry.
The sense of urgency is ratcheting up as the C-suite is clearly focused on cybersecurity. I was speaking to one customer about deploying offsite/offline backup tapes as an air gap who said “Cybersecurity is the top focus for us in the next six weeks. We need to act fast”. In addition to shoring up cybersecurity plans, or putting key components in place, the notion of acquiring cyber insurance is cropping up and no doubt is also on the C-suite agenda.
So what is Cyber Insurance?
Cyber insurance, also referred to as cyber-liability insurance, seeks to help companies recover and mitigate the damage from cyberattacks such as ransomware, data destruction or theft, extortion demands, denial of service attacks, etc. This class of insurance has been around since the early 1990s and is rapidly evolving and growing in terms of revenue for insurance companies. One report I came across pegged the market for this type of insurance at $3.15 B in 2019 and is expected to rise to over $20 B by 2025. According to another report, about a third of all large U.S. companies carry cyber insurance.
Typical corporate insurance policies for general liability and property damage most likely don’t cover cybercrime, so cyber insurance has become a stand-alone offering specifically suited for cybercrime protection. Depending on the policy, below are just a handful of items that typically may be covered:
Incident response costs related to restoring systems to pre-existing conditions
Recovery cost of data or software that has been deleted or corrupted
The cost of cyber extortion including the negotiation and execution of ransom payments
Lost profits due to IT system downtime
Financial theft or fraud arising from the cyber attack
By Rich Gadomski, Fujifilm, and Paul Lupino and Tom Trela, Iron Mountain
If there was ever a time for industries and governments around the world to come together and finally take steps to mitigate climate change, now would seem to be it. The return of the United States to the Paris Climate Agreement and the recent U.S. – China talks on climate change are all positive signs when it comes to moving the needle forward on sustainability initiatives. While fighting COVID-19 took center stage in 2020 and early 2021, our future depends on what we do collectively to reduce our environmental impact now and in the immediate years ahead.
It’s Hard to Deny Global Warming and Climate Change
According to an article that appeared in the Wall Street Journal earlier this year, NASA has ranked 2020 as tied with 2016 for the warmest year since record-keeping began in 1880. In a separate assessment, NOAA (National Oceanic and Atmospheric Administration), which relies on slightly different temperature records and methods, calculated that the global average temperature last year was the second highest to date – just 0.04 degrees Fahrenheit shy of tying the record set in 2016.
On top of the record number of hurricanes and the wildfires out west, the recent Texas deep freeze, which caused widespread power outages and other weather-related tragedies and calamities, seems to be just one more example of climate change. Weather patterns are becoming more unpredictable, which can result in extreme heat, cold and increased intensity of natural disasters.
It is widely acknowledged that global temperatures have been rising especially in the north polar region where we have seen a dramatic shrinking of the polar ice cap. When Arctic air warms, it sets off an atmospheric phenomenon that weakens the polar vortex (the normal jet stream of wind that keeps frigid air to the north) and allows cold air to fall…as far as Texas.
Data Center Energy Consumption and the Advantage of Modern Tape Technology
The key to mitigating the worst impacts of climate change is a reduction in the amount of greenhouse gases produced by humans. Producing energy is extremely resource-intensive, so reducing the amount of energy we consume in all aspects of our lives is of critical importance.
Data centers are significant consumers of energy accounting for as much as 2% of global demand and rising to 8% by some estimates. Data centers can do their part to reduce energy consumption in many ways by becoming more energy-efficient, including simply migrating the vast amounts of still valuable, but rarely accessed, “cold data”.
By Chris Kehoe, Head of Infrastructure Engineering, FUJIFILM Recording Media U.S.A., Inc.
Object storage has many benefits. Near infinite capacity combined with good metadata capabilities and low cost have propelled it beyond its initial use cases of archiving and backup. More recently, it is being deployed as an aid to compute processing at the edge, in analytics, machine learning, disaster recovery, and regulatory compliance. However, one recent paper perhaps got a little over-enthusiastic in claiming that disk-based object storage provided an adequate safeguard against the threat of ransomware.
The basic idea proposed is that ransomware protection is achieved by having multiple copies of object data protecting against that kind of intrusion. If the object store suffers ransomware incursion, the backup is there for recovery purposes. The flaw in this logic, however, is that any technology that is online cannot be considered to be immune to ransomware. Unless it is the work of an insider, any attempt at hacking must enter via online resources. Any digital file or asset that is online – whether it stored in a NAS filer, a SAN array, or on object storage – is open to attack.
Keeping multiple copies of object storage is certainly a wise strategy and does offer a certain level of protection. But if those objects are online on disk, a persistent connection exists that can be compromised. Even in cases where spin-down disk is deployed, there still remains an automated electronic connection. As soon as a data request is made, therefore, the data is online and potentially exposed to the nefarious actions of cybercriminals.
In case you were not aware of it, March 31st is World Backup Day. To be sure, a quick visit to the official website confirms that this day is just a reminder for consumers to backup their PCs and cell phones. According to the website, only 25% of consumers are protecting their precious memories. Surely the helpful recommendations for routine backup doesn’t apply to the storage professionals that keep our enterprise data safe and our websites up and running. Or does it?
When Disaster Strikes a Data Center
On Wednesday, March 10th, 2021, a fire broke out at the OVHCloud data center in Strasbourg, France. The fire quickly spread out of control and completely destroyed compute, network and storage infrastructure. According to some accounts, as many as 3.6 million websites including government agencies, financial institutions and gaming sites went dark. Others complained that years’ worth of data was permanently lost.
We know that the statistics regarding cost of downtime and the number of companies that don’t ever recover from catastrophic data loss are alarming. The often-cited University of Texas study shows that 94% of companies do not survive, 43% never reopen and 51% close within two years. That’s why the cardinal sin in data protection is not being able to recover data.
OVH reminds us that, however unlikely, data center disasters like an all-consuming fire can still happen. Although these days a more sinister threat continues to loom and tends to grab the headlines and our attention, namely: ransomware.
The past decade saw the renaissance of data tape technology with dramatic improvements to capacity, reliability, performance, and TCO giving rise to new industry adoptions and functionality. This trend will only continue in 2021 as data storage and archival needs in the post-COVID digital economy demand exactly what tape has to offer. Below are 5 key contributions tape will make to the storage industry in 2021.
Containing the Growing Cost of Storage One lingering effect of the pandemic will be the need for more cost containment in already budget-strapped IT operations. We are well into the “zettabyte age,” and storing more data with tighter budgets will be more important than ever. Businesses will need to take an intelligent and data-centric approach to storage to make sure the right data is in the right place at the right time. This will mean storage optimization and tiering where high capacity, low-cost tape plays a critical role — especially in active archive environments.
A Best Practice in Fighting Ransomware One of many negative side effects of COVID-19 has been the increasing activity of ransomware attacks, not only in the healthcare industry which is most vulnerable at this time, but across many industries, everywhere. Backup and DR vendors are no doubt adding sophisticated new anti-ransomware features to their software that can help mitigate the impact and expedite recovery. But as a last line of defense, removable tape media will increasingly provide air-gap protection in 2021, just in case the bad actors are one step ahead of the good guys.
Compatibility with Object Storage Object storage is rapidly growing thanks to its S3 compatibility, scalability, relatively low cost and ease of search and access. But even object storage content eventually goes cold, so why keep that content on more expensive, energy-intensive HDD systems? This is where tape will play an increasing role in 2021, freeing up capacity on object storage systems by moving that content to a less expensive tape tier all while maintaining the native object format on tape.
Ransomware statistics can be frightening! Research studies suggest that over two million ransomware incidents occurred in 2019 with 60% of organizations surveyed experiencing a ransomware attack in the past year. To make matters worse, the cybercriminals have moved up the food chain. Two thirds of those attacked said the incident cost them $100,000 to $500,000. Another 20% said the price tag exceeded half a million. Overall, the losses are measured in billions of dollars per year. And it’s getting worse. Enterprise Strategy Group (ESG) reports that about half of all organizations have seen a rise in cyber attacks since the recent upsurge in people working from home.
Understandably, this is a big concern to the FBI. It has issued alerts about the dangers of ransomware. One of its primary recommendations to CEOs is the importance of backup with the following key questions:
“Do you backup all critical information? Are backups stored offline? Have you tested your ability to revert to backups during an incident?”
The key word in that line of questioning is “offline.” Hackers have gotten good at staging their attacks slowly over time. They infiltrate a system, quietly ensuring that backups are infected as well as operational systems. When ready, they encrypt the files and announce to the company that they are locked out of their files until the ransom is paid. Any attempt to recover data from disk or the cloud fails as the backup files are infected, too.
The answer is to make tape part of the 3-2-1 system: Three separate copies of data, stored on at least two different storage media with one copy off-site. This might mean, for example, one copy retained on onsite disk, another in the cloud, and one on tape; or one on onsite disk, one on onsite tape as well as tape copies stored offsite.
Usage of Cookies
Cookies are important to the proper functioning of a site. To improve your experience, we use cookies to remember log-in details and provide secure log-in, collect statistics to optimize site functionality and deliver content tailored to your interest. By continuing to use this site you are giving us your consent to do this. For more information you can read our Privacy Policy.
