Air-Gapped Backup: What Is an Air Gap in Data Protection?
In 2023, NCC Group reported 84% more ransomware attacks with 4,677 incidents versus 2,531 in 2022. This was the biggest number they had ever recorded. With cyberthreats becoming more sophisticated, more frequent, and stealthier, it is clear that cyber protection methods have to keep up.
Organizations looking for ways to maintain data reliability and regulatory compliance in the face of emerging cyberthreats have several measures that they can implement. These measures can include air gapping to bolster their data protection strategies. Read this blog to learn what an air-gapped backup is and how you can use it to add another layer of protection for your data.
What Does Air-Gapped Mean?
Air-gapped is a security measure that involves isolating a computer, storage device or network to prevent it from establishing external connections. The main idea behind air gapping is restriction of access. In order to work with data in an air-gapped system, you need to gain physical access to the device running that system.
Types of Air-Gapped Systems
The implementation of air gaps may vary depending on the needs and objectives of your infrastructure. Some organizations transfer data to and from air-gapped environments via detachable drives. Others switch on secure connections that were established specifically for operations with air-gapped data. The concept remains the same in all cases – air gapping helps set strict access limitations for particular devices and networks.
There are three main types of air gaps:
Physical Air Gap
Physical air gapping means disconnecting a device from other nodes or networks. Without cable or wireless connections, an air-gapped machine becomes unreachable from other environments. Moreover, a “true” physical air gap involves moving hardware to a different location away from production sites.
A physically air-gapped server, for example, has no WAN or LAN connection interfaces. In such a case, establishing a remote connection with that server by accident or deliberately with malicious intent is impossible. Additionally, this standalone air-gapped environment can stay secure and stable if an emergency occurs at the main site or data center.
Isolation
Isolation is another air gapping approach that involves detaching a system from other systems and the internet yet without moving your hardware away. This helps you avoid unauthorized access to isolated environments from outside an organization’s office. Still, disasters such as fire, flood, or power outage can damage both your production and air-gapped environments.
Logical Air Gap
Creating a logical air gap means separating nodes and networks with specialized software, such as firewalls, traffic management systems, RBAC (role-based access control), and encryption algorithms. In logically air-gapped environments, a physical connection is still present to provide more opportunities for data operation.
You can consider logical air gapping as a trade-off between security and convenience. Logically air-gapped nodes can be located at a different site, like with the physical air gap approach, to achieve added resilience against insider threats and emergencies. Additionally, a logical air gap can work as a network segmentation approach, providing extra security for sensitive data.
Air-Gapped System: Consideration Points
Air gapping can be an effective data protection measure, but it is not perfect by default. Although there are undisputed advantages in air-gapped data, a closer look also reveals some disadvantages.
Benefits of an air gap environment
Implementing an air gap in your environment can provide the following benefits:
- Threat mitigation. Modern malware mostly spreads out via the global network. An air-gapped storage, server, network, or other node is unreachable by the majority of cyberthreats. Phishing emails, traffic interception tools, ransomware, and remote security breaches, among other threats, are less dangerous to an offline system.
- Data protection. Air-gapped data is strongly protected from unwanted alteration, encryption, or deletion. Additional authentication layers, such as server room access keys and administrator passwords, allow you to ensure that only authorized employees work inside an air-gapped perimeter.
- Resilience and recoverability. Offsite storage and hardware add resilience to an organization’s infrastructure even without air gaps applied. An air-gapped site provides extra reliability and can be used to restore production and critical data when the main environment suffers major data loss.
Disadvantages of air gapping
In addition to the benefits, air gaps also bring issues that require consideration and preparation:
- Complexity and inconvenience. Air gapping adds complexity to an IT infrastructure, posing challenges to both malicious actors and team members. The physical distance, additional security barriers such as passcode locks for the server room door, and the absence of regular network connections create constraints. Regular operations, like data transfers and modifications, require multiple actions and thus become complicated and time-consuming workflows in an air gap environment.
- Security update challenges. Systems that are connected and online get updates on release, which strengthens security due to patched vulnerabilities. Updating air-gapped devices requires additional equipment (for example, high-capacity USB drives or disks with updated software), time, effort, and skills from IT experts. Due to such delays, systems can be less protected if updated malware manages to sneak into air-gapped environments.
- Human factor. In an air-gapped environment, employees generally need to keep up with strict security rules before they can access and operate air-gapped data. A team member who, for example, forgets to check a USB drive before using it can unintentionally infect an air-gapped device with malware. Lower your guard once, and you can negate the significant time and resources spent on building and maintaining an air-gapped infrastructure.
Air Gap Backup: Boost Data Protection Efficiency
Cybercriminals target backups along with production infrastructures when planning their attacks to improve the chances of the victim paying the ransom. Losing recovery copies due to ransomware encryption, for example, can leave an organization with no means to independently restore systems and availability. Alternatively, the deletion of backups along with production data can, in some cases, lead to irreparable damage.
The majority of cyberthreats, from regular phishing emails to the most advanced malware, spread out through the internet. An air-gapped backup stays in the safe zone with the main infection channel disabled. Such secret backup storage is a reliable resource that can be your last line of defense during major data loss incidents.
3-2-1 Rule with air-gapped backups
The universally-accepted 3-2-1 rule says that to reliably protect your data, you should:
- Have no less than three (3) copies of data.
- Keep those copies on two (2) or more different storage media.
- Send at least one (1) copy offsite.
Cloud backups have increasingly become the answer to the third point of the rule in recent years. However, hackers have come up with ransomware such as LockBit and other malware to specifically target cloud-based environments. The 3-2-1 rule evolved in response to the growing vulnerability of offsite backups, becoming the 3-2-1-1 rule.
In this iteration of the backup rule, one backup copy should be made immutable or air-gapped. Consider keeping an air-gapped backup offsite on a dedicated NAS device, detachable disks, or tape. You may need to put additional effort and time into creating and updating such backups, but they can provide enhanced recoverability in a worst-case scenario.
Air Gap Backup with NAKIVO
NAKIVO Backup & Replication is a versatile solution that provides onsite, offsite, cloud, NAS, and tape backup, along with advanced data protection functionality. You can use the solution for virtual environments like VMware vSphere, Microsoft Hyper-V, Nutanix AHV, Proxmox VE, as well as for Windows and Linux physical environments.
For example, you can make NAS backups immutable to protect data from alteration, encryption, or deletion. Or you can disconnect that NAS device with backup data from your main environment to create an air gap. You can also send backup copies to tape and disconnect the tape media from the backup system.
The NAKIVO solution for air-gapped backups enables you to run custom backup workflows by schedule or on demand to shorten backup windows. Lastly, you can set flexible recovery sequences and then, when a data loss occurs, initiate them in a few clicks to ensure minimal RTOs.
