What is an air gap?

Air gaps are typically used by organizations to prevent malicious actors, such as hackers, viruses or natural disasters from causing irreparable harm to digital assets. Many air gap backups help protect highly classified information, including military secrets, financial data and systems that control critical pieces of infrastructure like water storage, nuclear power and aviation.

Air gap backups are a data storage tactic that’s typically used in disaster recovery (DR) to help organizations prevent data loss and business disruption during a catastrophic event. In an air gap backup, critical information is copied and stored on a system or air gapped network not easily accessible over the internet, but where an organization can access it once the threat has passed.

Air gapping refers to the physical separation of computers and networks, while air-gapped networks are networks that have been isolated from all external networks, including cloud and wifi. Air-gapped networks are disconnected from the internet and provide a strong layer of protection from a broad range of cybersecurity threats.

Air gapping helps protect organizations from financially crippling ransomware attacks, where data is held hostage by someone with unauthorized access until an organization agrees to pay. This year, Verizon reported that ransomware attacks remained a top threat across 92% of industries.¹ And they're expensive: According to the Cost of a Data Breach Report, the global average cost of a data breach in 2024 was USD 4.8 million, a 10% increase over last year and the highest total ever.

Ransomware attacks occur when hackers breach a system with malware, copying sensitive information and restricting physical access to authorized users. Some hackers have demanded double and even triple extortion fees to restore access to sensitive information. In some cases, when stolen data is sensitive, hackers have threatened to leak it to increase the victims’ incentive to pay.

While air gapping can’t stop all ransomware attacks and data breaches, it can help lessen their impact, especially when combined with other network security measures and disaster recovery tactics designed to prevent the stealing of sensitive data.

Air gapping plays a critical role in many disaster recovery (DR) plans, helping organizations create reliable, offsite backups to help them recover from a disruptive event. Like cloud storage, air gap backups provide redundancy, the duplication of critical systems and data that can’t be altered or deleted without permission.  

When used as part of a comprehensive DR approach, air gapping is a strong data protection tool, helping keep organizations safe from cyberattacks, efforts to steal, expose, alter, disable or destroy data or digital devices. Air-gapped systems provide a vital layer of defense in addition to firewalls, safeguarding data from human error and the vulnerabilities of untrusted networks.

Air gapping a computer or network involves three fundamental steps: isolation, restriction and data flow. Here’s a closer look at each one.

To control access to a computer or network, the first step is to physically isolate it from others. Critical data and systems need to be physically separate to be secure, but they don’t necessarily need to be in another location. Some organizations keep air-gapped backups in secure locations in the same building as non-air-gapped computers. Others prefer to keep them offsite, in another location, such as a different company office or data center.

Air gapping a computer or network means severely limiting or cutting off altogether its connectivity to other computers and networks. Air-gapped networks, for example, typically have a limited number of access points that are kept restricted to a few authorized users. By reducing the number of access points, organizations can make it less likely that a bad actor will gain access.

Controlling data flow is critical to air gapping computers and networks. In a secure network, data is only allowed to flow in one direction, a concept known as unidirectional data flow. Unidirectional data flow on an air-gapped system means that data is only ever added to the air-gapped system, never copied or removed. This is key to maintaining the integrity of air-gapped backups and ensuring data transfer remains safe.

There are 3 types of air gapping that are widely practiced: physical, logical and cloud air gapping. 

Physical air gaps provide the highest level of security because they physically disconnect a system or network from all threats. However, they require a significant amount of effort to update and restore because they are so isolated. Logical and cloud-based air gaps are more practical in terms of keeping software and hardware up to date but offer less robust security. Here’s a closer look at the strengths and weaknesses of each type of air gapping. 

A physical air gap places a physical barrier between a device and any other system or network. To accomplish this, storage volumes that are physically air-gapped are completely removed from any systems they're associated with, and their network connections are severed. Physical air gapping is used across a wide range of removable media, including hard disks, tapes, drives and other backup devices.

Logical air gaps are software partitions and network segmentation used to create a type of virtual storage. While logical air gapping is less secure because it is still done on systems and networks that remain interconnected, it is far more practical to a physical air-gapped backup and can still provide many of the same benefits.

Like logical air gapping, cloud air gapping involves sending backup data to a virtual location in the cloud, usually through a backup service provider. This is a common practice, and many tech companies like Apple, Microsoft and Google offer cloud backup services to their users. Cloud backups offer offsite storage; however, customers are required to align with the service rules offered by the provider.

Air gapping and air gap backups provide several valuable benefits to organizations. Here are some of the most important:

• Network isolation: Air gapping lets organizations isolate their sensitive data from vulnerable networks with air-gapped backups. Even private networks with enhanced security controls are vulnerable to cyberthreats and human error if they have an internet connection. Air gapping data helps keep it safe from many cyberthreats.
• Ransomware protection: Air-gapped storage protects sensitive data by keeping copies of critical data that cybercriminals might try to exploit through a ransomware attack. This copied data is impossible for bad actors to access because it’s air-gapped from any network. Ransomware attackers who infiltrate a network to steal data cannot successfully ransom it if it’s been safely backed up on air-gapped storage.
• Data loss security: Air gap backups provide secure, offsite data storage and are often thought of as the last line of defense in a cyberattack. Ransomware and malware attacks are common, but they aren’t the only threats to organizations’ data. Malware threats, including viruses, worms, user error and natural disasters, can all cause widespread and damaging data loss. Even highly secure data centers have network connections that can be a potential vulnerability to hackers. 
• Enhanced tools and services: Air gap backup providers offer organizations many advanced tools and services to help improve their data security. They also offer automation solutions that create frequent, reliable backups of sensitive information. Also, these tools provide advanced access controls that help users manage data access and even adjust the functionality of an authorized user profile.
• Encryption: Encryption—changing text into an unreadable form to hide sensitive information—is a key component of air gapping and a critical tool in the fight against cybercrimes. Many air gapping solutions rely on encryption to prevent cybercriminals from accessing critical information. Encrypted air-gapped backups have an added layer of data security: If unauthorized users are somehow able to access them, they still can’t understand the data they’ve stolen.  

Despite its many strengths, air gapping has vulnerabilities that organizations need to be aware of when they’re considering it as a security measure. Here are some of the most common: 

• Manual updating: Air-gapped computers can’t connect to the internet for security reasons. Therefore, they need to be updated manually. System administrators must take the time to manually download and install any necessary software or hardware updates. If manual updates aren’t applied, air-gapped computers will quickly become out of date and potentially vulnerable to new threat actors.
• Human error: Moving data to systems separated by air gaps requires the use of portable storage devices like USB drives because of the principle of unidirectional data flow. This means exposing air-gapped systems to viruses and other cyberthreats potentially hidden on the storage devices in question. Infected storage devices can also be used to leak data from an air-gapped system into a bad actor’s hands if appropriate security measures aren’t taken.
• Supply chain vulnerabilities: A supply chain attack targets air-gapped systems through software that’s already running on them. The Stuxnet virus, a zero-day exploit that damaged the Iranian nuclear program in 2010, is an example of a supply chain attack that was spread through Microsoft Windows. Stuxnet designers attacked computers that were air-gapped from the internet by using infected USB flash drives.²

Many organizations that keep confidential information rely on air gapping, among a range of other security measures, to provide backups to their most valuable data. Here are a few of the most widely known. 

Many government agencies use air gapping as a way to maintain the confidentiality of a wide range of information. From the real identities of confidential sources to state secrets and sensitive information about defense systems, air gapping provides a highly secure method of keeping information safe and controlling who has access to it.  

Financial institutions guard the transaction histories, passwords and personally identifiable information (PIN) of millions of customers and organizations. Retail and investment banks, stock exchanges, hedge funds and other kinds of financial institutions deploy air gapping to keep customer and business records safe from unauthorized access, data breaches and fraudulent activities.

Hospitals, insurers and other organizations in the healthcare field rely on air gapping to secure their patients’ confidential records, protect research data and keep medical facilities safe. Also, air gapping in the healthcare field helps ensure compliance with complex regulations like the Health Insurance Portability and Accountability Act (HIPAA) and others by protecting records from someone trying to gain unauthorized access.

Critical infrastructure, such as power plants, bridges, air traffic control, water sources and others, relies on air gapping to keep their industrial control systems and confidential data safe. By keeping their most sensitive data on air-gapped networks, organizations operating critical infrastructure prevent unauthorized access that might cause disruptions to vital services like transportation, power, emergency response and more.

Organizations conducting critical research into areas as far-ranging as aerospace, pharmaceutical and scientific advancement use air gapping to protect the data they rely on most. Depending on the industry, these air-gapped systems provide a critical line of defense against the stealing of industrial secrets and the compromising of valuable innovations.