Quantum’s Scalar Ransom Block is a new feature of Quantum’s Scalar tape systems that prevents data from being accessed or compromised over the network. Developed to protect against ransomware and other forms of cyber attacks, this feature creates a hardware barrier between data stored on tapes and network-connected devices, including the robotic tape system.
Ransom Block can be initiated remotely, and does not require any person to handle tapes. It makes sure that data cannot be accessed over the network, even if the tape library is hacked. Users retain the ability to audit the library and determine that the data is safe.
Tape storage systems are a critical part of building cyber-resilient infrastructures, for large archives and as part of a data protection strategy. However, data stored on tapes can still be compromised if the tape library itself is hacked, which is why Quantum designed the new feature in partnership with a cloud provider.
Tape systems are a critical part of a comprehensive strategy to protect data and make sure it is quickly recoverable in the event of a ransomware attack. Tape systems are by nature more secure than hard drive (HDD) or flash (SSD) storage systems because the data stored on tape is not connected to the network. However, because the tape library itself is a network connected device, there is still some risk of a remote hack should the tape library itself be hacked. To address this risk in an automated way, Quantum designed the Scalar Ransom Block feature.
Tapes stored in libraries sit in a magazine. Quantum’s new process partially ejects the magazine so the robot cannot select the tapes until an operator physically re-inserts the magazine. In the meantime, because the magazine is only partially ejected, the scanner on the robot can still scan the tape barcodes, so that system administrators can perform periodic audits of the tape system to ensure tapes are still present.
The tapes are inaccessible until an operator, who must have physical access to the tape library, re-inserts the magazine. Tape systems can be stored in secure data centres that require badged access.
Quantum has introduced Logical Tape Blocking as well, in which administrators to use software commands to prevent tapes from being loaded into a drive while the magazine is being filled with tapes, before it is ejected. When a tape is moved into a blocked magazine, Logical Tape Blocking denies future requests to move that tape elsewhere, such as into a drive. To allow blocked tapes to be accessed again, the magazine must be ejected from the library and re-inserted, which needs the operator to be physically present. Although still software-based and not a physical blocking mechanism, this new capability further reduces the risk window until Ransom Block is initiated.
As well as the new Scalar Ransom Block and Logical Tape Blocking, which are both used to secure data stored on tape in the event of a remote hack, many of Quantum Scalar Tape Systems’ features are only found in the Scalar systems. For example, operators can use Scalar Active Vault to move tapes into a secure, isolated vault partition inside the library that has no network connectivity and is not visible to any application or network.
Quantum Scalar Security Framework
Scalar Media Security Alerts notify the administrator when media is removed – either expectedly or unexpectedly – from the library, and Multi-Factor Authentication is available to set up administrator and user logins as a means of access control.
These and other capabilities form the Quantum Scalar Security Framework, which takes a four-pronged approach to securing data – system access control, data security through encryption, system monitoring and event detection, and support for data integrity and cyber protection.
The framework’s features are organised in levels that rely on an administrator. At level 1, Active Vault is initiated, isolating tapes. At level 2, the administrator uses Logical Tape Blocking to introduce a software lock to prevent robots from moving tapes. Ransom Block forms level 3, ejecting magazines as a physical barrier.
Ransom Block and Logical Tape Blocking are expected to be available on new Scalar i6 and Scalar i3 tape libraries in December 2021. www.quantum.com
