<div dir="ltr">Henrik,<div><br></div><div>Generally you need to begin with a good backup or replica, as well as suitable air-gaps to isolate contamination. You also need to be able to quickly detect unusual activity - an SIEM tool like QRadar might help. Assume that a cyber-incident will happen and plan accordingly. Use in-depth security. But you are right - you lose one of the advantages of tape - you can make duplicate copies, maybe even a WORM copy, and store it offsite.</div><div><br></div><div>You might at very least want to take snapshots of the storage being used by Spectrum Protect, and have separate administrators for the ESS and SP server (to reduce inside risk). If it was actually GPFS being backed up to SP, you could have a second GPFS file system that is a point-in-time synchronized copy of the original GPFS file system - with its own snapshots. It could have yet another sysadmin, and you could isolate the second copy from the network when not actively synchronizing. See <a href="https://www.redbooks.ibm.com/abstracts/redp5559.html?Open">https://www.redbooks.ibm.com/abstracts/redp5559.html?Open</a></div><div><br></div><div>That might not make sense if GPFS is holding the SP backup data, but SP can do its own replication too - and could replicate using storage from a second GPFS file system off-site. Take snapshots of this second storage, as well as SP database, and again manage with a second sysadmin team.</div><div><br></div><div><br clear="all"><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><table border="0" cellpadding="0" cellspacing="0" style="outline:none;color:rgb(18,18,18);font-size:16px"><tbody style="outline:none"><tr valign="top" style="outline:none"><td bgcolor="#FFFFFF" colspan="4" valign="bottom" width="912" style="outline:none"><font size="4"><b style="outline:none"><font color="#808080" face="Arial" style="outline:none">Lindsay Todd, PhD</font></b><br style="outline:none"></font><b style="outline:none"><font face="Arial" size="3" style="outline:none">Spectrum Scale (GPFS) Solution Architect</font></b><br style="outline:none"><b style="outline:none"><font face="Arial" size="3" style="outline:none">IBM Advanced Technology Group – Storage</font></b></td></tr><tr valign="top" style="outline:none"><td bgcolor="#FFFFFF" colspan="4" valign="bottom" width="912" style="outline:none"><img alt="" border="0" height="1" width="1" src="https://mail.notes.na.collabserv.com/icons/ecblank.gif" style="outline:none;vertical-align:middle"></td></tr><tr valign="top" style="outline:none"><td bgcolor="#FFFFFF" width="542" style="outline:none"><b style="outline:none"><font color="#424282" face="Arial" size="2" style="outline:none">Mobile:</font></b><b style="outline:none"><font face="Arial" size="2" style="outline:none"> 1-518-369-6108</font></b><br style="outline:none"><b style="outline:none"><font color="#424282" face="Arial" size="2" style="outline:none">E-mail:</font></b><b style="outline:none"><font face="Arial" size="2" style="outline:none"> </font></b><a href="mailto:lindsay@us.ibm.com" rel="noopener" style="outline:none;color:rgb(65,120,190)" target="_blank"><b style="outline:none"><font color="#4F4F4F" face="Arial" size="2" style="outline:none">lindsay@us.ibm.com</font></b></a></td></tr></tbody></table></div></div></div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, May 27, 2021 at 11:10 AM Henrik Morsing <henrik@morsing.cc> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
Hi,<br>
<br>
It struck me that switching a Spectrum Protect solution from tapes to a GPFS filesystem offers much less protection against ransom encryption should the SP server be compromised. Same goes really for compromising an ESS node itself, it is an awful lot of data that can be encrypted very quickly.<br>
<br>
Is there anything that can protect the GPFS filesystem against this kind of attack?<br>
<br>
Regards,<br>
Henrik<br>
_______________________________________________<br>
gpfsug-discuss mailing list<br>
gpfsug-discuss at <a href="http://spectrumscale.org" rel="noreferrer" target="_blank">spectrumscale.org</a><br>
<a href="http://gpfsug.org/mailman/listinfo/gpfsug-discuss" rel="noreferrer" target="_blank">http://gpfsug.org/mailman/listinfo/gpfsug-discuss</a><br>
</blockquote></div>