A hypothetical IT department wants all tape systems, including z/OS, to turn on WORM (Write Once Read Many) so that the tapes are immutable. The reason is for prevention of ransomware attaches from altering backup data.
My question is: how does this help? If an attacker has the access and authorization to update a tape, they also have the access and authorization to copy the tape data to a new tape with altered data. When we restore from a backup, we don't consult a post-it note that says "now mount volume T13439". We mount whatever volume the tape catalog system says contains the data set we need. What am I missing? ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
