21 August 2024
An air gap backup is a method of data storage used in cybersecurity and disaster recovery wherein critical data is copied and stored on media or machines that are “offline” and not practically accessible over the internet.
Air gapping is considered to be a crucial layer of protection defending against data loss, ransomware attacks and other cyberthreats or cyberattacks.
The “air gap” refers to the separation of the backup data from any publicly accessible networks, creating an “air wall” between the data and any access points that might be vulnerable to hackers. An air gap backup might be created in various ways:
- A physical air gap is created by disconnecting hard disk drives or other storage media and storing sensitive data on or offsite.
- A logical air gap can be enabled by software on an air-gapped partition.
- A backup solutions service provider can provide cloud backup that uses their own logical air gap.
The following are some of the main benefits of air gapping:
- Protecting against ransomware attacks
- Preventing data loss and ensuring business continuity
- Maintaining compliance and preventing potential liability
Air gapping as a practice may also extend to other types of air-gapped systems and computers that are isolated from any public or vulnerable digital access points as part of a broad data protection strategy. Implementing an air gap backup as part of an organization’s broader cybersecurity measures adds an additional layer of security. While all cybersecurity strategies have their vulnerabilities, incorporating an air gap backup can ensure business continuity by preventing costly outages.
The latest AI News + Insights
Discover expertly curated insights and news on AI, cloud and more in the weekly Think Newsletter.
According to the Verizon 2024 Data Breach Investigation Report1, ransomware attacks remain a top threat across 92% of industries, with record-breaking ransom payments exceeding USD 1 billion in 20232.
IBM's Cost of a Data Breach Report shows that the average cost of a ransomware breach is USD 5.13 million, not including ransom payments.
Unfortunately, extremely damaging ransomware attacks are on the rise. During a ransomware attack, hackers infect target systems with malware that copies sensitive information for data exfiltration and encrypts it, blocking access for the rightful owners and preventing access to even authorized users.
While air gapping is not enough to prevent data breaches, it should be incorporated as a backup strategy as part of the broader security measures for any individual or organization dealing with sensitive data.
Lost data is a potentially crippling development for a business or organization. When sensitive information falls into the wrong hands, the consequences can grow exponentially. In addition to standard ransomware attacks in which hackers demand a ransom to return access to a company’s own data, so-called double- and triple-extortion ransomware attacks pose an even greater risk. In these types of attacks, hackers will demand a ransom to return data access to the victim organization and then demand more payments, threatening to leak the stolen sensitive information publicly or attack an organization’s clients or partners if their demands aren’t met.
As threatening as ransomware attacks might be, air gapping is an immensely effective method of data protection for any disaster recovery strategy invested in absolute data retention. Air-gapped systems play a vital part in safeguarding against cyberattacks, providing added defense beyond traditional firewalls against both human error and bad actors with unauthorized access.
If they remain secure, air-gapped copies of data can provide an offline backup for complete data recovery in the event of unwanted data deletion or malicious data breaches.
Creating an air gap can be accomplished in 3 ways:
- Physically
- Logically
- Through the cloud
Each type of air gap has its strengths and weaknesses. Physical air gaps offer the most defense in terms of isolation; however, they also require the most effort to access and restore. Logical and cloud-based air gaps, while more convenient, present more vulnerabilities compared to physically separated backups. What type of air gapping, if any, that an individual or organization needs will depend on their unique requirements and resources.
Physical air gaps
Physical air gaps are achieved by disconnecting the storage media from any device with a network connection. To physically air gap a backup, the storage volume must be removed from the system, and all wired and wireless connections must be severed.
Multiple air-gapped storage volumes might be connected to each other through either a wired or wireless connection. But if any of these devices can be accessed by an outside actor, none can be considered air-gapped.
Physical air gapping can include storage volumes (for example, external hard disks, diskettes, tapes) or specialized backup devices designed with added network isolation functionality. Devices like these typically offer more automation to facilitate easy backups.
Logical air gaps
Logically air-gapped storage volumes can be created using software partitions and network segmentation as a type of storage virtualization. While potentially less secure than physically air-gapped backups, logical air gaps are much more convenient and can provide similar benefits if the storage volume is separated from the network.
Cloud air gaps
Cloud air gaps are air-gapped environments operated by backup service providers. Organizations can send backup data to the cloud, and the providers will move the data to immutable storage stored on logically air-gapped volumes.
Cloud air gaps add the extra benefit of offsite storage. However, users are obligated to the specific practices of the provider. While many reputable service providers offer a range of options and packages, their specific offerings might not be suitable to a given organization's requirements.
An air gap backup offers many key benefits, including network isolation, ransomware protection, data loss prevention, enhanced security controls and encryption and hashing.
The main and most obvious benefit of air gapping is isolating sensitive data backups from vulnerable networks. Even private networks with the most up-to-date security measures might still be vulnerable to unknown or unaccounted cyberthreats, insider threats and human error. By isolating an air-gapped backup, cybercriminals are unable to remotely access the offline data.
Air-gapped storage systems provide protection from ransomware by maintaining a backup of critical data that is impossible for a hacker to delete, seize or steal. Air gapping itself might not prevent a ransomware attacker from infiltrating any network and seizing whatever data might be there. However, should such an incident occur, having an air-gapped backup would nullify an attacker's use when demanding a ransom.
Organizations known to practice consistent air gapping would logically be poor targets for ransomware attacks, and in that sense, air gapping can reduce the likelihood of such an attack at all.
Incidents of ransomware attacks are unfortunately common, widespread and growing, but ransomware is not the only threat to maintaining data security. Persistent malware threats from viruses to worms, user error and even natural disasters all pose significant risks for safely storing and accessing critical data.
On-premises data storage is vulnerable to any number of localized crises. While cloud backups might mitigate the risk of a site-specific incident, a data center’s network connection will still be a potential vulnerability in the case of a cyberattack. An air gap backup, preferably stored offsite, can provide data security and can be thought of as a last line of defense in the face of a catastrophe.
Most air gap backup providers also offer extra tools and services to improve data security. Many providers offer automation software for creating regular backups, as well as role-based access controls for managing data access and the specific functionality of a user-authorized profile.
Depending on the provider, data storage experts will also perform regular tests on an organization’s air-gapped backups to help ensure that the backup remains viable should it be required as part of a disaster recovery operation. Providers might also copy previous air-gapped backups to new types of storage media as technology improves and older hardware reaches the end of its lifecycle.
While an air gap backup might be either encrypted or unencrypted, air gapping services offer data encryption as an added layer of security. Although the offline nature of an air gap backup offers significant security against bad actors, encrypted air gap data ensures that even in the unlikely event that a hacker acquires the air-gapped backup, the data will remain inaccessible.
Hashing algorithms used during the encryption process ensure that any data transferred during the backup process remains intact, and they can be used to verify the continued integrity of an air-gapped backup without providing access to the data itself to a provider’s technician.
In the context of disaster recovery, air gap backups serve a similar purpose as cloud storage or immutable backups. An air gap backup simply provides another redundancy by maintaining another immutable backup that cannot be altered or deleted.
What sets the air gap apart from other types of data backups is the physical or logical separation from network access. By keeping an air gap backup offline in a secure location, the threat of an attack or accidental corruption over the network is removed completely.
Air gap backup versus immutable storage
Immutable storage is a way to store data so that once saved, the data might not be changed or deleted—either indefinitely or for a set period of time. Based on the concept of write-once-read-many (WORM) data security, immutable storage is often used for creating data backups. These types of files might be viewed but never edited, altered or otherwise changed.
The difference between immutable storage and air gap backup is not a matter of the file storage itself, but the process of where and how that storage is kept. Indeed, the data stored in an air gap backup is likely to be immutable data. However, immutable storage by itself is not necessarily air-gapped and can be stored on a device that has network access. Also, air-gapped immutable backups must be either logically or physically separated from the network.
Resources
Related solutions
IBM Storage DS8000 is the fastest, most reliable and secure storage system for IBM zSystems and IBM Power servers.
IBM Storage is a family of data storage hardware, software defined storage, and storage management software.
IBM provides proactive support for web servers and data center infrastructure to reduce downtime and improve IT availability.
Footnotes
All links reside outside ibm.com
1 Verizon Data Breach Investigations Report, Summary of Findings, 2024.
2 Ransomware Payments Exceed USD 1 Billion in 2023, Hitting Record High After 2022 Decline, Chainalysis, 7 February, 2024
