StoreEver Tape Storage

MSL2024: How to create a "Tape air gap" for LTO tape against Ransomware.

 
SaiTech2
Occasional Contributor

MSL2024: How to create a "Tape air gap" for LTO tape against Ransomware.

Hi,
I would be grateful if anyone could explain how to create a "Tape air gap" for LTO in an AK379A HPE StoreEver MSL2024?
If you remove the LTO tape from the MSL2024, and with LTO WORM Tape I think you got the "Tape air gap".

But what about using encryption to encrypt LTO tape with KMIP protocol. I think to write/and read the LTO tape you need a key to access it and this will prevent Ransomware to encrypt the LTO tape?
Most of the time you read about encryption of LTO tape it is about prevent theft of data.

Looks like Enterprise Secure Key Manager (ESKM) is the tool to administration the KMIP for LTO tape?

Is there other options to protect LTO tape from Ransomware or uther kind of virus?

/PS

3 REPLIES 3
techin
Regular Advisor

Re: MSL2024: How to create a "Tape air gap" for LTO tape against Ransomware.

I am not sure if there are any documents available  for this. I think you should consider reaching out to HPE Support and if required ask for a higher level support.

Cali
Honored Contributor

Re: MSL2024: How to create a "Tape air gap" for LTO tape against Ransomware.

"Tape air gap" means only that you remove the Tape from the Library.

So, if Ransomware hackers get access to the Backup Server, they are unable to delete the Tape(s).

Encryption will not help to protect against deleting.

We see cases, where the Attackers get access to the Backup Server and delete all B2D and Tape they can reach.

Cali


======================
I'm not an HPE employee, so I can be wrong.
SaiTech2
Occasional Contributor

Re: MSL2024: How to create a "Tape air gap" for LTO tape against Ransomware.

I actually think you get protection against ransomware using encryption type KIMP with HPE StoreEver MSL. Then maybe you do not say "Air Gap" about it. The thing is, to be able to read the LTO tapes, you need a key. Just encrypting just the data does not help.

I have received the information from a backup consultant who works with defense and banks. Also received info below from an HPE partner.

However, I wanted to read more, but a little difficult to find more information.

FROM HPE

"isaster Recovery and Security

Removable media also has the advantage that data is held 'offline' which means that archive data on tape has the additional level of protection from the threats to on-line data from viruses, hackers and cyber-attacks. LTO-8, 7, 6 and 5 Ultrium tape drives include hardware based data encryption to prevent unauthorized access to data at rest and cartridges are available with write-once-read-many (WORM) capability to prevent accidental overwriting of data archived on the tape. Both WORM and hardware data encryption features help organizations to comply with increased data security regulations."

HPE StoreEver MSL2024 KMIP Encryption E-LTU - 
TC468AAE