Innovative. Cost-Effective.
Secure. Sustainable. Check out LTO technology!


LTO technology now extends to 14 generations.
The future arrives today.


Linear Tape Open (LTO), also known as the LTO Ultrium format is a powerful, scalable, adaptable open tape format that is optimized for high capacity, maximum storage density and performance.


How tape delivers value throughout the life of your data


Expert opinions, information and comment from the LTO Program

Low cost. Security from ransomware. Flexible expansion capability. Only LTO technology.

Latest Headlines

December 02, 2022
Unstructured data not exempt from compliance requirements - TechTarget
Compliance regulations put the pressure on organizations to retain and manage data or else risk heavy fines. Unstructured data, as messy as it can be, is not exempt from such requirements.Organizations should evaluate their backup and data protection strategies with an eye toward unstructured data compliance. As a general rule, regulated organizations should use a continuous data protection tool to back up unstructured data anytime it is modified. Data retention is a huge part of unstructured data compliance. An organization must enable versioning support to make sure all previous versions of a file are retained within the organization's backups for as long as required by law. Determining which compliance regulations an organization must meet should help drive backup and data protection strategy. Meeting different compliance requirements One of the biggest challenges associated with unstructured data compliance is that not all of an organization's data is subject to the same rules. One of the biggest challenges associated with unstructured data compliance is that not all of an organization's data is subject to the same rules. The healthcare industry has numerous examples of this issue. Institutional social media content, medical notes, X-rays and recordings of patient therapy sessions are all examples of unstructured data. Structured data examples include weight and lab tests. Many healthcare providers have file servers that contain a variety of different files. If any of those files contain personally identifiable protected health information, then those files unquestionably fall under the HIPAA data retention and protection requirements. However, HIPAA does not apply to anonymized data. If a document contains medical data that has been stripped of personally identifiable information in a way that makes it impossible to trace the data back to specific patients, then the HIPAA requirements do not apply to that document. Similar examples abound in the business realm. For example, HR departments have a mix of personal unstructured and structured data governed by various compliance requirements. VIDEO Organizations deal with varying retention and protection requirements in different ways. Some simply apply the same policies to all of their data, whether doing so is required for a particular file or not. This approach ensures nothing slips through the cracks. Other organizations use a system of tagging as a way of determining the rules that apply to a given file. The idea is that when a user creates a file, they attach one or more tags to the file. Back-end software uses these tags to determine the file's lifecycle, its retention policy and how the file is to be backed up. The biggest barrier to this approach is that many file servers do not natively support the use of tagging. An organization might need to invest in third-party software or migrate its unstructured data to another platform, such as Microsoft 365, Microsoft SharePoint or Komprise Intelligent Data Management.
November 18, 2022
How to Launch a Green Computing Initiative That Really Makes a Difference
Green computing initiatives are now widely viewed as the way IT can contribute to building a cleaner and healthier global environment.Green initiatives don't usually differ significantly from other business initiatives, says Sheila Patel, vice president, sustainability and business technology, North America, at Capgemini Invent, a unit of business advisory firm Capgemini. “They must start with a vision or definition of a desired future state, which in the sustainability space takes the form of commitments to reducing the environmental impacts of doing business.”Start With BaselinesPatel suggests launching a green computing initiative with a deep analysis of the organization’s current IT infrastructure and practices. If conducted with sufficient structure and rigor -- spanning across processes, practices, and infrastructural lifetimes -- this baselining activity should uncover the hotspots disproportionately contributing to the enterprise’s computational footprint. “These hotspots become the targets for future action,” she says.The next step should be assessing and identifying the most important issues. “Recognize that issues material to your enterprise and employees may be different,” cautions Corie Pierce, vice president, external communications, and sustainability at NTT Data Services. “For example, organizations may prioritize reducing risk related to climate change, while their employees may be more concerned about safe working conditions,” she explains. “With this understanding, you can identify near- and long-term objectives for your green computing initiative and how to measure and report them to your stakeholders to gain buy-in and support.”Enterprises that have already created an environmental, social, and governance (ESG) program, may wish to review their existing goals to determine how IT can best support them with a green initiative. “If your organization does not have a program in place, you can begin by thinking about how and where IT can initiate a program to reduce greenhouse gas (GHG) emissions, reduce waste, and recycle,” says Kathy Rudy, chief data and analytics officer with global technology research and advisory firm ISG.Measuring WastePower consumption, refrigerants, and e-waste are the areas targeted most frequently by IT green initiatives. An important first step is measuring the baseline. “There are numerous software tools and templates available to define the areas to measure,” Rudy says. With a data center, for example, it's necessary to determine the amount of energy required to cool the center, as well as the type of energy that's supplying the power, such as coal, gas, nuclear, wind, solar, or a combination of several sources. “If you're working with a supplier to provide data center services, ask it for an overview of the emissions produced to support your organization,” she advises.IT leaders should also consider how they handle e-waste disposal to determine if they need to create a policy or modify an existing one. “The inventory should also extend to devices used in offices and their power consumption,” Rudy notes.Read the rest of this article on InformationWeek.Related articles:
November 18, 2022
How to Address the Ransomware Threat to SaaS Data | Transforming Data with Intelligence
How to Address the Ransomware Threat to SaaS Data Protecting SaaS data is no easy task, but these three simple steps will help you get started. By Rémy ClaretNovember 18, 2022 Modern businesses depend on digital technologies and increasingly the software and data they depend on to run even their day-to-day operations is no longer on premises but rather in software-as-a-service (SaaS) solutions. Critical SaaS applications now include everything from CRM platforms to office suites and even ERP platforms.However, despite how much even very large organizations rely on these SaaS platforms and the data they hold, there’s still a large gap in data protection vis-à-vis traditional, on-premises data. It’s shocking, but a significant number of large organizations assume—not without reason—that the SaaS provider will protect their data from cybercriminals. SaaS vendors have a vested interest in providing a secure infrastructure, and most invest heavily to ensure that their services are not compromised. Nearly all SaaS providers operate on a shared responsibility model in which the provider takes responsibility for the infrastructure, but customers are ultimately responsible for their data. With so much enterprise data moving into SaaS platforms, cybercriminals -- who are ultimately opportunists -- are now frequently targeting SaaS data. Survey: More Than Half of Ransomware Attacks Target SaaS DataOdaseva recently conducted a global survey of decision makers who work with enterprise data, and 51 percent of them said their SaaS data had been targeted in a ransomware attack within the last year. What’s more, in more than half (52 percent) of these attacks, cybercriminals succeeded in encrypting SaaS data, a higher success rate than they had for on-premises, cloud, and endpoint data. The survey results show that organizations are not protecting SaaS data as strongly as they are other categories, given that SaaS data was encrypted more often. That’s not all the results show -- there’s also a huge gap in how much data organizations were able to recover. Organizations were least likely to be able to recover all of their SaaS data following a successful ransomware attack, with just 50 percent saying they were able to do so. With traditional on-premises data, 81 percent said they were able to fully recover everything.Given that less than three in 10 (28 percent) of the data decision makers surveyed said they were “very confident” that they could recover after a successful ransomware attack on their SaaS data, these results are not surprising. In fact, just 43 percent of respondents said that their organizations backed up all their SaaS data. That leaves 57 percent of respondents with unprotected SaaS data, which is far, far too many.Defending Against Ransomware Attacks on SaaS DataProtecting SaaS data, however, is not a simple task. Unlike on-premises data, IT does not control the software or systems in which their SaaS data is housed, so they must rely on APIs to back up and restore. These APIs have different functions and capabilities; some data can only be read by one API, and can only be written by another. These APIs have hard caps on how much they can be used by a single customer over a 24-hour period to ensure that everyone has access, and, of course, they’re vital for many other functions aside from data protection. Managing their use is extremely complex, and this is just one of the many intricacies of SaaS data protection. The first step is to ensure that access to SaaS data is properly secured. It’s extremely unlikely that SaaS data will be successfully compromised by cybercriminals via an attack on the SaaS infrastructure itself. More likely, it will involve compromised credentials, API leaks, or malware. Do not rely on a simple username and password for access. Passwords can be cracked by brute force tactics or even guessed, if a user has created one that is particularly weak. They can also be compromised through malware and phishing attacks. Simply put, they are a single point of failure. Instead, organizations should use multifactor authentication for SaaS data access. Next, organizations need to audit their SaaS applications and data so they have a clear understanding of what’s mission-critical and what needs to be protected. With this understanding, organizations can find a secure service that meets their recovery time and recovery point objectives (RTOs and RPOs). There are three basic options. Free solutions do exist, but these can be time-consuming to implement, typically come with either minimal or no support, and are meant to handle low volumes and simple data structures. Developing a solution in-house is also not a good choice for most organizations if a market solution exists. Certainly, this option provides maximum flexibility and control, but very few organizations have the skills and expertise to build a solution that can protect all the data while meeting RPOs and RTOs. Even if they do possess the requisite skills, building the data protection solution will still be a complex, expensive task. It may be difficult to justify dedicating the necessary internal resources if a strong market solution is already available. A market solution from a third-party with specific expertise in the SaaS platform enables internal resources to focus on projects that increase value to both customers and employees while providing strong protection.Finally, SaaS data backups must be encrypted, both in transit and at rest. After all, the information contained within these backups is valuable or the organization wouldn’t likely bother protecting it. Encryption will protect that data in the event an unauthorized party is able to gain access to the backups. A Final Thought Ransomware is no longer just a threat to on-premises data. The more organizations depend on SaaS platforms, the more cybercriminals will target them for attack. IT must take stronger measures to protect it. About the Author Rémy Claret is a co-founder and CMO at Odaseva. Rémy has spent over 20 years in the tech industry, including product marketing and sales engineering at enterprise software companies, where he launched and took cloud-based products to market. Rémy has worked for Genesys, Atos, and Schlumberger, where he led customer experience transformation programs for major accounts. He holds a master’s degree in engineering from the French National Institute of Telecommunications and a master’s degree in marketing and sales from the Paris Sorbonne Business School. You can reach Rémy on LinkedIn.
November 18, 2022
Ransomware-as-a-Service Market Now Highly Specialized
Cybercrime as-a-service , Fraud Management & Cybercrime , Ransomware Ransomware-as-a-Service Market Now Highly Specialized Services Include Subscription Models, Bug Bounties and High-Paying Jobs Anviksha More • November 18, 2022     The criminal underground market for ransomware services is now specialized to the point where almost every step of the infection and extortion chain can be outsourced to contractors, cybersecurity firm Sophos says in its latest annual assessment of the threat landscape. See Also: Live Webinar | How To Meet Your Zero Trust Goals Through Advanced Endpoint Strategies Just as the cloud and web services industry lets corporate customers pick and choose from a plethora of paid services, ransomware criminals stand ready to offer extortionists service ranging from malware distribution to network scanning. One enterprising criminal entrepreneur even offers OPSEC-as-a-service, the Sophos report says. The seller offers - either as a one-off setup or a monthly subscription - a service designed to hide Cobalt Strike infections and minimize the risk of detection and attribution, Sophos writes. "Ransomware-as-a-Service began last year and by this year, virtually every type of cybercriminal activity is available as a service for a few hundred dollars. This is just an indication of how sophisticated and professionalized the people in the cybercrime industry have become," says Sean Gallagher, a Sophos principle threat researcher. Dark web marketplaces such as Genesis are entry points for entry-level cybercriminals. They can act as resellers for stolen credentials obtained through malware and malware deployment services, Sophos says. Aping of the corporate world doesn't just extend to outsourcing, but also to bug bounty programs. "It mirrors legitimate software companies. It even has a complicated supply chain, with many functions outsourced to people with specialities," he says (see: Ransomware-as-a-Service Gang LockBit Has Bug Bounty Program). According to earlier analysis from Sophos, the costs of these services can run cheap. The single set of credentials that led to the June 2021 EA breach, which famously allowed the attackers in June 2021 into Electronic Arts' system through the gaming giant's Slack, cost the attacker $10 on Genesis. "In one Raccoon Stealer campaign, based on the crypto and information they were able to steal, they had about a 150% return on their investments," says Gallagher. Money, of course, is the driving force for the growth of this commerce, he says. "This is a billion-dollar industry, so money is at the heart of it. Additionally, these organizations are operating in a way normal companies do, with hiring processes in place. This is a high-paying job and even a source of patriotism, because you are bringing money into the country while attacking another."
November 22, 2022
The State of Cyber Insurance 2022 [Research] - BlackBerry Blog
The State of Cyber Insurance 2022 [Research] The cyber insurance market is in flux, along with how organizations use it.Premiums are increasing, coverage can be confusing, and a sizable number of organizations are currently uninsurable because they lack basic security technology like endpoint detection and response (EDR).These factors are fueling a “cyber insurance gap” for a majority of North American companies — and those without the appropriate coverage face increasing headwinds as a growing number of sales agreements and strategic partnerships require partners and vendors to have this type of insurance. Cyber Insurance Study and White PaperTo understand the state of cyber insurance in 2022, BlackBerry and Corvus Insurance surveyed 415 IT and cybersecurity business decision makers — within both small and mid-sized businesses (SMBs) and large enterprises — and the findings reveal both significant obstacles and potential solutions related to cyber insurance.BlackBerry Director of Global Public Relations, Matt Chandler, spotted a key takeaway, right away, from the responses. “The headline is that organizations are underinsured, or uninsured, and they're looking for the government to help.”And Corvus Insurance CTO, Vincent Weafer, explains the backstory of these findings.“In general, we've come through what is known as a hard market. Ransomware has been rising over the last couple of years, which in turn has driven losses,” he says. Some insurers exited the market. Those who stayed re-evaluated their exposure. “What we are seeing are the frustrations with getting cyber insurance, understanding what you're covered for...premiums have gone up, but the limits have gone down. That's part of what has come out in the survey — and you look across and say, okay, what can be done about this?”You can explore the answer to this question and several others in the new white paper, How Cybersecurity Insurance Provides Protection. 3 Topline Findings on the State of Cyber InsuranceLet’s look at three big-picture findings from the new BlackBerry and Corvus Insurance research:Only 55% of respondents currently have cyber insuranceOf those with insurance, over one-third (37%) aren’t covered for ransomware paymentsOf those with ransomware payment coverage, only 19% of all businesses surveyed have limits greater than the median 2021 ransomware demand of $600,000. That number drops to 14% for SMBs with fewer than 1,500 employees.These factors may explain why half of SMB respondents say they are hoping the government will offer financial assistance to organizations hit by ransomware attacks.Companies standing in this “insurance gap” face a dilemma. One Chief Financial Officer (CFO) who responded to the survey explains it like this:“Do I pay high premiums and keep paying to keep my policy, or do I just set aside a self-funded account as a rainy-day fund and pray we don’t get hit?”I doubt this CFO is alone when you consider that 85% of respondents saw an increase in their cyber insurance premiums over the past 12 months and most reported double-digit rate hikes.Could going without cyber insurance make sense? We explore that in additional detail in the white paper. However, along these same lines, our research revealed something else about those who remain uninsured: Some organizations applying for coverage are being turned down because they lack certain basic controls. Organizations Denied Cyber Insurance CoverageMany cyber insurance policies are becoming more prescriptive — meaning applicants must meet certain security benchmarks, or they will not write a policy. One example of this involves successfully deploying EDR.In our research, we found that more than one-third of respondents (34%) reported being denied cyber coverage for not meeting EDR eligibility requirements. And on the flip side, nearly half (41%) of respondents adopted EDR to meet cybersecurity insurance requirements. Cyber Insurance as a Strategic PartnerIf you look at the previous results from a business risk perspective, you can see a glimmer of how organizations and cyber insurers can work together. Implementing EDR (for example) reduces risk to the organization enough that the organization becomes insurable. This means much of the remaining risk held by the organization can now be passed to the insurer. A key action — implementing a control — allows the organization to reduce its risk twice.And Weafer says this is just the start of how insurers can be a resource:“This can also help you with your investment discussions with the board in terms of ‘Hey, I really want to invest in EDR or managing the deployment. Here's why it makes sense. And here's where we can get some savings if I do this better’.”And he reminds us that insurers have the data that organizations need. “We've got the loss statements. So we can actually work together with the industry to provide those insights. If you invest in zero trust, what is it likely to mean in terms of lower costs of claims and less likelihood to see losses occurring?”Uncover more about what organizations need to be insurable and how they can use cyber insurance as a key part of risk management in our new white paper. Read: How Cybersecurity Insurance Provides Protection.
November 23, 2022
Hive ransomware has extorted more than $100m, FBI warns - Silicon Republic
The FBI and CISA warned that threat actors have ‘especially’ targeted healthcare organisations, along with other critical infrastructure sectors.US security agencies have issued a warning about the growing prevalence of Hive ransomware, which has vicitmised more than 1,300 companies worldwide.The FBI and US Cybersecurity and Infrastructure Security Agency (CISA) said threat actors have used this ransomware to target “a wide range of businesses and critical infrastructure sectors”.Targets have included government facilities, communications, critical manufacturing, IT and “especially” healthcare services.Since June 2021, the FBI and CISA claim Hive ransomware has successfully extorted roughly $100m from companies.The security organisations have released a joint cybersecurity advisory with the US Department of Health and Human Services to warn companies about the tactics and techniques of the cybercriminals.If organisations refuse to pay, the ransomware gang threatens to steal data and post it on the internet. The threat actors are also known to reinfect the networks of organisations that restore their systems without paying a ransom.The joint advisory warning contains a list of mitigations organisations should follow to protect themselves from ransomware attacks. These include keeping offline backups of data, ensuring backup data is encrypted and regularly updating anti-virus and anti-malware software.Organisations should also review the security posture of third-party vendors and other linked businesses.Raj Samani, SVP and chief scientist at cybersecurity company Rapid7, said the joint advisory shows that extortion tactics are working and said that “unsurprisingly, one of their biggest targets is the healthcare industry”.Research by Rapid7 suggests that the healthcare and pharmaceuticals industry suffered a large amount of ransomware attacks between April 2020 and February 2022. More than 70pc of data disclosures in the sector involved finance and accounting data, with 58pc including patient data.“Organisations need multiple layers of defence against ransomware attacks in order to protect themselves,” Samani said.“This includes not just technologies to detect potential intrusion, or lateral movement, but also implementing security controls, should the threat remain undetected, such as the use of file encryption.”Cybercriminals have been increasingly targeting critical infrastructure in order to cause further pressure from their attacks and have their ransom demands met.A French hospital was hit with a ransomware attack in August, forcing it to send patients to other institutions as it tried to fix its impacted systems.It came a few weeks after the UK’s National Health Service suffered disruptions from a cyberattack, which targeted systems that facilitate patient referrals, ambulance bookings, out-of-hour appointments and emergency prescriptions.Last year, the Irish health service suffered a “significant and serious” ransomeware attack that affected more than 80pc of IT infrastructure10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

LTO Social Media



Keeping Backups Safe Using LTO Tape
Malware in the form of holding data for ransom has been a threat to organizations for years. Ransomware attacks are getting more sophisticated and are targeting a new class of data – backups! Ransomware will now look to delete any type of backups it comes across, for example, any Windows backup files and shared network drives. Learn how to defend against this type of cyberattack.

Video Surveillance Storage Challenges
We review some alarming incidents caught on camera and what IT departments can do to keep up with the demands of storing video surveillance content with help from LTO technology.


Does your organization use an active archive? 

Do you know the benefits of an active archive? Do you know that LTO tape storage is used to securely archive important information and that it does it economically? Learn more in this issue of LTO BlogBytes! #tapefortomorrow #lto #bigdata

LTO Case Studies

Award-winning studio protects workflow with LTO Technology

Aardman is an independent and multi-award-winning studio. It produces feature films, series, advertising, interactive entertainment and innovative attractions for both the domestic and international market. The studio’s work includes the creation of much-loved characters such as Wallace & Gromit, Shaun the Sheep and Morph.

Business Needs

  •  Manage and efficiently store video production material at each phase of the workflow.

  • Protect video assets from any form of accidental or intentional destruction and ransomware attacks.

  • Control costs and stay within planned budget.

  • Easily access archived content for edits, conforms, final productions and future reference.




Solution – Results:

  •  Implemented LTO tape drives and automated libraries with about 100 slot capacity.

  • Production staff can straightforwardly
    retrieve video content from tape libraries for any phase of production.

  • Able to store each step of the workflow securely to LTO tape.

  • Easy to create second tape copy of video content to store offsite for disaster protection.


LTO Tape Shipment Report
Reveals Record Breaking
Tape Capacity Shipments

July 2020

Continued increase in capacity shipments point to reliance on LTO tape in modern-day storage environments.

The LTO Program Technology Provider Companies (TPCs), Hewlett Packard Enterprise, IBM Corporation and Quantum today released their annual tape media shipment report, detailing year-over-year shipments. 

The LTO Program announces Fujifilm and Sony are now both licensees of Generation 9 Technology

September 2021

LTO Seeing Continued Relevance for Archive and Offline Long-Term storage.

The LTO Program Technology Provider Companies (TPCs), Hewlett Packard Enterprise, IBM Corporation and Quantum are pleased to announce Fujifilm and Sony are now licensees of Generation 9 technology, meaning that both companies are planning to produce LTO-9 media moving forward. 

Hewlett Packard Enterprise logo
IBM Logo
Quantum Logo