Offline Backups: The Case for Keeping Tapes
Tape drives – do they still exist? Apparently they do. I never figured as a child I would have anything to do with tape drives. I didn’t have any exposure to them and what I knew of them was that they looked like they were just for huge mainframe computers that never existed anymore. I had no clue about data centers at that age.
Recently, I discovered a big flaw in my backup strategy that should have been fairly obvious- the lack a good offline backup system. Ransomware has been prevalent in the new recently, and it seems they don’t care if they take your backups with any other files. And why wouldn’t it? Makes it more likely for a victim to pay the ransomware. So what options are available for offline backups?
I talked to one of our vendors. I did some research. What I found was that what is considered “offline backups” by the IT industry in general currently consist of the following:
- Cloud Backups
These are honestly probably what the industry as a whole will move towards. I sort of like the idea, but only sort of. It is still via a means that is electronically connected, but more on that later. As long as you have good bandwidth and you can guarantee connectivity, you are set. I will have to admit, the odds of having a total ISP outage when, at work, we have two Internet connections seems low, but in a few arguments I make in the article seem low likelihood. - Appliance Backups
There appears to be network connected devices that aren’t a Windows share with stored backups. I have no clue what they run and there are probably multiple vendors that provide these. They have a way internally of separating the backups performed, but I was given vague information. I probably should have pursued more, but the idea of having something in my network connected all the time with my backups seems like - Hard Disks Disconnected and Rotated
There are devices that have the hard disk enclosed as media then have a dedicated drive different from a server hot swap back plane. I very briefly looked at this. This was an up and coming idea in the early 2000’s, but has been losing ground. The nature of hard disks is not really to be portable, one of the reasons against using them. - Tapes
They are slow but have massive amounts of storage for a very low cost. They are not electronically connected if you have ejected the tape to the mail-slot.
While I do see some logic in a lot of what the industry says, because well they have a ton of experience, I don’t think I can agree with this direction. An offline backup is by definition not connected to network or on. While cloud backups and appliance backups are convenient and seem unlikely to be a point of attack at the current time, they have the ability to be by being connected and on. Hackers continue to sharpen their swords, and if there is anything common that can be exploited it will be. With anything connected and on but considered offline you are always running the risk of a cyber-based attack. With tapes, your exposure to potential attacks is limited to physical security. Be that EMP, disgruntled employee, or Kevin Mitnick. You could argue that a physical security problem can cause the backups to be exposed virtually again, but the problem that needs addressed there is whatever physical security problem caused the breakdown to begin with.
Tape backups deserve a lot more than they are given credit for. No method is bullet-proof so defense-in-depth should of course be followed. Off-site backups should be part of your backup scheme. Offline backups should be part of your backup plan. Copies of previous backups should be part of your backup plans. Tapes have their place in this world of backups. In my opinion, while I hope to never use the backups, they may just be my saving grace one day. And hopefully I never have to know if connected backups would have stood up to the test.
What are your thoughts on tape backups? Have you found any alternatives that are truly offline? Let me know in the comments.