Getty Images

Quantum tape libraries gain remote eject capability

Quantum introduced Ransom Block to its Scalar tape libraries, allowing customers to remotely eject tape magazines and prevent cyber criminals from accessing the data within.

Data in tapes is generally safe from cyber criminals, but Quantum Corp. aims to make it even harder to access.

This week, the vendor introduced Scalar Ransom Block, a feature that will be added to Quantum Scalar i3 and i6 tape libraries. Ransom Block enables customers to eject tape magazines via software command, rendering them inaccessible to the robot in the tape library. However, it's only a partial ejection, so the device can still scan the tapes' barcodes and confirm their presence -- it just has no way to manipulate them.

Tapes are generally regarded as ransomware- and cyberthreat-proof because of their offline nature, but tape libraries are network-attached devices. The tapes aren't truly inaccessible until they are disconnected from their drives. Normally this means physically ejecting them, but Scalar Ransom Block lets Quantum tape library customers do this remotely and programmatically.

Ransom Block lets customers create a physical air gap within their Quantum tape libraries, protecting unauthorized access to their data, said Eric Bassier, senior director of products at Quantum. The tape library itself may be compromised, but Scalar Ransom Block makes the tapes inaccessible even to the device they're housed in, and the only way to regain access is if someone pushes the ejected magazine back into the device.

Ransom Block is a physical gap -- no amount of programming can overcome that.
Eric BassierSenior director of products, Quantum Corporation

"Ransom Block is a physical gap -- no amount of programming can overcome that," Bassier said.

Since customers can create this air gap without physically handling their tapes, it also lowers the risk of damaging them from improper handling, Bassier added.

Quantum also introduced Logical Tape Blocking, a software lock preventing the robots in a tape library from moving or otherwise manipulating the tapes. Customers can use it as an "interim step" between normal operation and complete disconnection of the tape via Ransom Block, Bassier said.

Logical Tape Blocking and Scalar Ransom Block will be standard on new Quantum Scalar i3 and i6 tape libraries in December. An upgrade kit to install the magazine stoppers onto current Scalar models will be made available for existing customers for $200.

Quantum tape library with Scalar Ransom Block enabled
Ransom Block partially ejects the tape magazine in a Quantum tape library, making tapes inaccessible until someone physically pushes the magazine back into place.

Handle with care

Software-enabled ejection has other benefits, said Vinny Choinski, a senior analyst at Enterprise Strategy Group, a division of TechTarget. Customers can build Scalar Ransom Block into an archive workflow and, for example, automatically eject magazines when they are full. The general best practice for full tapes is to move them offsite instead of letting them sit in the tape library, Choinski said.

With Scalar Ransom Block, a staff member with physical access to the tape library can easily identify which magazine is full because it will be partially ejected, so there's little chance they pull the wrong set of tapes out, Choinski added.

"The more automation, the less potential for human error," Choinski said.

Automatic ejection is also a good practice because every time a tape is moved, read or written to, it suffers some wear, Choinski said. Under normal use, this will rarely become a problem, but a bad actor looking to destroy tape data could program the tape library to excessively rack and re-rack tapes, potentially damaging them.

"It's good to get the tape out as part of the cycle so there's no possibility it gets extra wear and tear," Choinski said. "Once it leaves the tape drive, that's a true air gap."

Although neither Choinski nor Bassier said they have heard of incidents where an organization's tape libraries got hacked, Scalar Ransom Block was developed in close partnership with a Quantum customer who is a very large cloud provider, according to Bassier. This customer is looking for an airtight archive and wants to eliminate all cyber risk, no matter how theoretical.

"Even a conceptual risk, if we can eliminate that, we think we're adding value," Bassier said.

Johnny Yu covers enterprise data protection news for TechTarget's Storage sites SearchDataBackup and SearchDisasterRecovery. Before joining TechTarget in June 2018, he wrote for USA Today's consumer product review site Reviewed.com.

Dig Deeper on Archiving and tape backup