Where should backup tapes be stored?

Backup tape storage is the process of backing up digital information onto magnetic tape cartridges for storage and archival purposes. Backup tapes have been around for decades and remain an essential part of data protection for many enterprises today. Proper storage of backup tapes is critical to ensure that the data remains retrievable and intact over time.

Backup tapes serve several key data protection functions. They provide an offline, removable copy of data that can be archived off-site for disaster recovery purposes. Tape cartridges are portable and space efficient for long-term data retention. Tape is also considered very reliable for long-term data retention compared to other media like hard disks. With capacity reaching multiple terabytes per cartridge, tape remains one of the most cost effective solutions for backup and archiving (https://corodata.com/tape-backups-still-used-today).

However, tapes must be stored properly to safeguard the integrity of the data. Environmental conditions, physical security, and tape rotation/testing procedures all play a role in proper tape storage. This guide will examine the key factors to consider for secure on-site and off-site tape storage.

On-Site Storage

Storing backup tapes on-site has some advantages but also comes with risks that need to be mitigated. Some pros of on-site storage include faster recovery time if tapes need to be accessed, lower costs compared to off-site storage, and retaining full control over the tapes. However, on-site storage also means the tapes are vulnerable to the same risks as your primary data center, like fire, flood, theft, and other disasters. If the facility is damaged, backup tapes stored there could be destroyed as well.

To help mitigate risks of on-site storage:https://www.stellarinfo.com/article/best-practices-to-maintain-backup-tape-drives.php recommends storing tapes in a secure, climate-controlled room with fire suppression, raised floors, and water sensors. Tapes should be kept in locked cabinets and access should be limited to only authorized personnel. Fireproof safes offer another layer of protection. Regular testing and tape rotation is critical to avoid data loss. Overall, on-site storage can provide fast recovery and lower costs, but proper precautions are essential.

Off-Site Storage

Off-site storage refers to storing backup tapes at a secure facility away from the primary data center. There are several advantages and disadvantages to off-site storage:

Pros of off-site storage:

  • Physical separation protects tapes in the event of a disaster like fire or flood at the primary data center (https://www.nakivo.com/blog/best-practices-offsite-tape-storage/)
  • Air-gapping from network provides an extra layer of protection against cyber attacks
  • Immutability feature of tapes prevents data tampering or ransomware encryption
  • Provides an additional backup copy for enhanced redundancy

Cons of off-site storage:

  • Retrieving tapes from off-site location increases recovery time
  • Transportation risks like theft, damage, or loss
  • Higher costs for facilities, transportation, and management
  • Managing chain of custody can be challenging

Overall, off-site storage provides strong physical protection for backup tapes against localized disasters. The costs and access latency tradeoffs may be worthwhile for organizations requiring an extra layer of data resiliency.

Cloud Storage

Cloud storage has emerged in recent years as an alternative to traditional on-site and off-site tape storage. There are several benefits to using cloud storage for backup tapes compared to physical storage methods (source):

  • Lower costs – Cloud storage can cost 50-80% less than physical tape libraries and off-site storage facilities.
  • Faster restore times – Tapes stored in the cloud can be accessed immediately, versus waiting for physical tapes to be retrieved and shipped.
  • Scalability – Cloud capacity can easily scale up or down on demand.
  • Global accessibility – Tapes in the cloud can be accessed from anywhere with an internet connection.

However, there are also some downsides to consider (source):

  • Dependence on internet connectivity – If the internet goes down, cloud backups may be inaccessible.
  • Security risks – Data is stored remotely on someone else’s hardware, which can create vulnerabilities.
  • Restoration challenges – Large scale restorations from the cloud may take time due to bandwidth constraints.
  • Compliance concerns – Some regulated industries have specific rules around physical control of backup media.

Overall, cloud storage presents a viable alternative for organizations looking to reduce tape infrastructure costs and gain agility. However, security, connectivity, and compliance factors should be evaluated when considering this approach.

Environmental Factors

Proper environmental conditions are crucial for preserving backup tapes and ensuring longevity of the stored data. The ideal conditions involve maintaining cool temperatures around 65 degrees Fahrenheit and moderate humidity around 40% (Source). Lower temperatures and humidity levels are generally recommended, as long as the environment is kept consistent. Fluctuations in temperature and humidity can cause tapes to expand and contract, leading to damage over time.

It is best to avoid storing tapes in hot, humid areas or locations with direct sunlight exposure. Heat, moisture, and ultraviolet light can all degrade tape media. Likewise, dusty environments should be avoided to limit contamination of the tape surface and internal mechanics. Storing tapes in a clean, climate-controlled space, whether on-site or off-site, is ideal for preservation.

Some data centers use dedicated tape libraries with built-in environmental monitoring and controls to maintain optimal conditions. For off-site vaults, a dry, sterile environment with stable temperature and humidity allows tapes to remain usable for many years (Source). Taking environmental factors into account helps maximize the lifespan of backup tapes.

Access Controls

Access controls are critical for securing backup tapes and media. Both physical and digital access should be restricted and monitored (TechTarget, Access).

On-site backup tapes should be stored in a restricted area with limited physical access. Entry and removal of tapes should require identity verification. Off-site storage facilities must also have robust physical security such as guarded entry, video surveillance, stringent key card access, and locked cabinets or vaults (Iron Mountain).

Digital access controls are also crucial. Strong encryption should be used to secure data on the tapes. Strict role-based access controls should govern who can retrieve, load, and read the tapes. Detailed access logs should be maintained. Tapes should never be left unsecured or accessible to unauthorized parties.

Implementing layered physical and digital access controls is essential for maintaining backup tape security and preventing data breaches.

Testing and Rotation

One of the most important aspects of backup tape management is testing and rotating the tapes on a regular basis. The frequency of testing and rotation can vary depending on specific needs, but some general best practices include:

Performing a full restore test from tape at least once a quarter. This ensures the backup process is working correctly and data can be reliably recovered when needed. Quarterly testing finds problems sooner compared to less frequent testing cycles. (source)

Following a daily tape rotation schedule, where each day a new tape is used for backup. This cycles through the available tapes, reducing wear and tear on any single tape. Daily rotation also limits potential data loss if a tape fails. (source)

Keeping a tape library with at least 14 tapes to support a daily rotation cycle. This ensures there is always a fresh tape available each day while also maintaining two weeks of backups. (source)

The more frequent the tape testing and rotation, the better protected the backup data will be. Organizations with critical data should consider daily rotation and monthly full restore testing as a best practice.

Security

Security of backup tapes is critical to protect against unauthorized access, theft, and damage. Encryption should be used to secure data on the tapes themselves. Tape drives that support encryption provide the strongest protection by encrypting data as it is written to the tape (cite source:https://www.ibm.com/docs/en/zos/2.3.0?topic=dfsmsdss-securing-your-tape-backups). This prevents accessing data if tapes are lost or stolen.

Access to the physical tapes should be restricted and logged. Surveillance cameras can monitor access to tape libraries and storage areas. Tapes should be securely transported between on-site and off-site facilities (cite source: https://stonefly.com/blog/tape-storage-versus-ransomware/).

Regular audits should be conducted to ensure proper controls are in place and being followed. Policies for tape rotation, destruction, and retention must be enforced.

Costs

The costs associated with tape backup storage can vary greatly depending on the specific solution chosen. Here is a breakdown of estimated costs for some common options:

On-site tape library and drives – The upfront costs for an automated tape library and tape drives can range from $2,000-$10,000 for an entry-level unit up to $100,000+ for an enterprise-class library. Ongoing costs include new tapes at $20-$50 per tape, maintenance fees up to 20% of the initial cost per year, IT administration time, storage space, and power/cooling.

Off-site vaulting – Using a service to store tapes offsite in a secured vault typically costs $100-$300 per month plus tape pickup/delivery fees. New tapes must still be purchased. There are also IT administration costs for managing the tapes and vaulting process. According to an analysis on The Real Cost of Tape, off-site vaulting for 20 tapes annually can cost around $1,590 (https://www.simplstor.com/index.php/platform/whitepapers/14-real-cost-of-tape).

Cloud backup services – Backing up data to a cloud service instead of tapes costs around $0.005-$0.01 per GB/month for storage and bandwidth fees. While the base costs seem attractive, storing large multi-terabyte data sets in the cloud can become very expensive. There are also egress fees for accessing/restoring data.

Overall, tapebackup requires significant upfront and ongoing investments, but can provide very low costs per GB stored compared to other options. The ideal solution depends on data volumes, retention needs, security policies, and budget.

Conclusion

When deciding where to store backup tapes, it’s important to consider a combination of on-site storage, off-site storage, and cloud storage. The best approach depends on your specific security, compliance, cost, and disaster recovery requirements.

For most organizations, utilizing both on-site and off-site storage provides an optimal balance of accessibility, security, and costs. On-site storage in a fireproof safe allows fast access to recent backups. Off-site storage protects backups from physical disasters. And adding a cloud option provides geographic redundancy.

The cloud continues to emerge as an excellent supplement or alternative to physical tapes. Cloud backup offers security, scalability, and potential cost savings. However, tape remains the most air-gapped option.

Regardless of approach, proper environmental controls, access controls, testing, and backup rotations are critical. Work with internal and external compliance teams to determine the optimal retention period, security controls, and testing cadence based on your regulatory and business continuity needs.