By The LTO Show Editorial Staff

Most storage conversations treat “offline” as a limitation to be engineered away. For a backup of last resort, it’s the entire point. When the industry now reports that the overwhelming majority of ransomware campaigns deliberately go after backups, “always connected” stops being a convenience and becomes the attack surface.

What connected storage can’t do

A disk array or cloud bucket is reachable — which is exactly why malware that moves laterally can reach it too. Immutability flags and retention locks help, but they live inside the same system an attacker is trying to compromise. A cartridge sitting in a slot, or on a shelf, is electrically disconnected from the network. There is no remote command that encrypts it.

The air gap is physical, not policy

This is the distinction that matters: tape’s air gap isn’t a setting someone can misconfigure or an attacker can revoke. Once a cartridge is exported from the library, the separation is mechanical. That’s a different category of assurance than “we turned on object lock,” and it’s why tape keeps showing up in serious recovery plans as the copy that survives.

Where it fits

None of this makes tape your primary tier — it isn’t meant to be. It’s the bottom of a layered model: fast storage for what you use, and an offline, immutable copy for the day everything connected is compromised. The modern “3-2-1-1-0” rule exists precisely because the offline “1” is the one ransomware can’t reach.

More on this across Industry Insights.

Questions or comments? Reach The LTO Show team at info@ltoshow.com.