But there are some caveats. For example, many organizations struggle to map their network connections faithfully. This confuses connected devices. Specifically, assets believed offline may turn out to be online when audited. Make sure you know the structure of your network through and through.

An air gapped backup is an offline copy of data fortified by an air wall. Air gapping suits virtually nothing better than backups because it makes them impenetrable and inaccessible. Conversely, operations would likely halt if one were to air gap a production environment because of the inherent transfer delays. For this reason, the air gap technique lends itself great to backups.

Air gaps shield sensitive information and critical data better than other protective measures. Still, it’s essential to take to heart the words of Gene Spafford, who said: “The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards – and even then I have my doubts.“

Some companies prefer logical air gaps instead. These follow the same security principles as physical air gaps but apply them through software. The software isolates the volume from the network, even as the volume may remain physically attached to it. The mechanisms responsible for the separation include encryption, firewalls, or access control management—for example, S3 Object Lock.

Air gapping is a method of protecting data by physically separating a storage volume from all possible access points, wired and wireless. After the isolation, the volume becomes a country within a country, even within its own infrastructure, removed from internal workloads and processes. If hackers breach the network, air-gapped data remains inaccessible – hidden behind a barrier known as an air wall. This air wall adds another layer of protection and prevents unlawful manipulation except through direct manual tampering or destruction. Because of these attributes, air gaps are considered one of the best backup practices.

American photographer Peter Krogh proposed a 3-2-1 rule. Krogh believed every backup must consist of three identical copies. Additionally, these copies should use at least two different mediums—for example, tape and HDD—with one located offsite in case of an on-site disaster.

Air gapped backups reside outside main networks, often in separate buildings, sometimes in what’s called a Faraday Cage (an enclosure that neutralizes electromagnetic waves). A standard protection strategy dictates that employers should transfer data between source and target by themselves on removable devices such as USB sticks. This air-gapping technique is the most stringent security measure and a robust defense against data loss.

By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Object First Privacy Policy.

Companies who want to set up an on-prem air gapped backup can choose from the following three options. Each adheres to rigorous security standards while balancing security and convenience differently.

Air gapped backups provide excellent security against cyber attacks, but they come at a price. To find out if they have their place in your organization’s security strategy, consider the following questions.

Perpetrators of ransomware are trying to keep up with the defenses deployed against them. Most recently, they set their crosshairs on backups, rightly convinced that if they scramble them, the victim will have no recourse but to surrender.

On the other hand, businesses of all sizes cannot hope for a better defense against ransomware and many other types of malware than a carefully deployed air gapped system augmented with immutability and role-based access control. At a time when ransomware runs amok, air gapping is the last line of defense in the event of a disaster.

Few other solutions provide better safeguards against malevolent intrusion and protection against data loss than air gapping.

One backup does not cut it when data is a matter of life and death. But how many backups are enough to prevent data loss?

Some cloud vendors offer air gapped backups. While ostensibly a contradiction in terms, cloud air gap backups provide similar security as local implementations do. They leverage logical processes to keep data safe and are only used to restore and ingest information. Disconnected in the interim, they’re effectively off-site repositories with occasional network connectivity.

Finally, logical air gaps trade off security for speed and convenience. Strictly speaking, they are always connected to the network and rely on software for sequestration. A physical air gap might be the better choice for bulletproof security.

Never wait for hot water again; The Watts Hot Water Recirculating Pump provides hot water at every faucet or shower when needed, eliminating wasted water. It is easy to install on any water system and requires no additional piping. The unique design of the pump ensures quiet, maintenance-free operation. The system includes a built-in 24 hour, a dual setting programmable timer to activate the pump only when needed.

Air gapping does for software what social distancing does for people—wards off infections. It’s a backup and recovery strategy that stops malicious agents from infiltrating, buttresses the security posture in hyper-converged infrastructure (HCI), and plays a crucial role in recovery procedures such as disaster recovery plans (DR).

An air gap insulates sensitive data and keeps bad actors at bay, strengthening a ransomware defense strategy – provided that other security measures complement it.

Physical air gaps often leave little to no paper trail. This increases the risk of someone from within the company stealing data because they can do it with relative impunity. Make sure your team is trustworthy and reliable.

Updating air gapped backups takes time and effort. Unfortunately, there’s no easy workaround. Expect a backup procedure to last a few hours instead of minutes or seconds, as it would with the cloud. When considering air gapping, decide which matters more – security or speed. Air gapped backups tip the scales toward the former.

A physical air gap involves a literal space—a buffer—between the backup and production. Consider these factors before implementing such a buffer:

Air gapping does not eliminate data transfer. Intermittent connectivity opens offsite copies to physical access and exposes them to vulnerabilities. Leverage immutability, encryption, and sophisticated role-based access to fortify them against that.

Ransomware is a malicious program that sneaks inside a network, encrypts its data, and leaves a conspicuous ransom note demanding payment in exchange for decryption.

Some organizations, however, can’t or won’t use air gaps this way. Maintaining an extra facility for physical devices, walking from one place to another, and investing in a Faraday Cage might be too cumbersome and inefficient. But that’s not the only air gap strategy out there.

The scheme was later amended to address cybersecurity challenges like ransomware better. The corrected version adds two digits to the codename and reads 3-2-1-1-0. “0” refers to the fact that all copies must be free of errors. “1” means that one of the three copies must be immutable or air-gapped.