Henrik, Generally you need to begin with a good backup or replica, as well as suitable air-gaps to isolate contamination. You also need to be able to quickly detect unusual activity - an SIEM tool like QRadar might help. Assume that a cyber-incident will happen and plan accordingly. Use in-depth security. But you are right - you lose one of the advantages of tape - you can make duplicate copies, maybe even a WORM copy, and store it offsite.
You might at very least want to take snapshots of the storage being used by Spectrum Protect, and have separate administrators for the ESS and SP server (to reduce inside risk). If it was actually GPFS being backed up to SP, you could have a second GPFS file system that is a point-in-time synchronized copy of the original GPFS file system - with its own snapshots. It could have yet another sysadmin, and you could isolate the second copy from the network when not actively synchronizing. See https://www.redbooks.ibm.com/abstracts/redp5559.html?Open That might not make sense if GPFS is holding the SP backup data, but SP can do its own replication too - and could replicate using storage from a second GPFS file system off-site. Take snapshots of this second storage, as well as SP database, and again manage with a second sysadmin team. *Lindsay Todd, PhD* *Spectrum Scale (GPFS) Solution Architect* *IBM Advanced Technology Group – Storage* *Mobile:** 1-518-369-6108* *E-mail:* *lind...@us.ibm.com* <lind...@us.ibm.com> On Thu, May 27, 2021 at 11:10 AM Henrik Morsing <hen...@morsing.cc> wrote: > > Hi, > > It struck me that switching a Spectrum Protect solution from tapes to a > GPFS filesystem offers much less protection against ransom encryption > should the SP server be compromised. Same goes really for compromising an > ESS node itself, it is an awful lot of data that can be encrypted very > quickly. > > Is there anything that can protect the GPFS filesystem against this kind > of attack? > > Regards, > Henrik > _______________________________________________ > gpfsug-discuss mailing list > gpfsug-discuss at spectrumscale.org > http://gpfsug.org/mailman/listinfo/gpfsug-discuss >
_______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at spectrumscale.org http://gpfsug.org/mailman/listinfo/gpfsug-discuss