There are many types of strategies for protecting and recovering sensitive data in information systems in the cybersecurity environment. One of those strategies that can be utilized is the air gap technique.
An air gapped network is a protected network. If you have or have ever had an air gapped computer, then you already have an idea of how this strategy helps keep data safe from hackers. If you’ve never heard of an air gap, this is the perfect time to learn what it is and what it can do for your information systems.
When a network is devastated by major events like cyber-attacks, system failures, or even natural disasters, people and businesses are then faced with the daunting task of initiating disaster recovery procedures to regain what has been lost. When you use an air gap backup, you’ve already built a fortified layer of network protection by ensuring it always exists. Getting more in-depth about air gap backups means understanding the ‘what’ and the ‘how’ of the strategy.
Air gapping involves keeping an offline copy of important information to prevent any chances of data being compromised. The “air” in the technique’s title literally describes the concept of keeping a barrier between data and online access to it. Also known as an air wall, air gapping utilizes isolation of the system’s network, keeping it separate from other connected devices and preventing online access to the air gapped computer.
Air gaps work by routinely supplying data to the isolated system through storage systems such as USBs, firewires, or other types of removable media devices that transfer data without online access. That way, there is zero possibility of the computer being accessed, which, in theory, serves as an uncompromised and safe method for protecting your data.
While the concept of air gapping is the same, there are a couple of different ways to apply the technique.
The literal separation of air-gapped computers from other networks or devices. These physical items are the safe hosts to system information that is inaccessible to the rest of the system unless that information is provided to the other devices.
Instead of using physical devices to protect data, a logical air gap employs software programs to initiate the gap. Implementing protective measures with things like encryption, access control, cloud security, firewalls, and other security solutions (like Veritas NetBackup) are examples of a logical air gap.
Companies that host and provide cloud storage sometimes utilize air gaps to protect data. These fall into the logical air gap family because the security measures are digital. Air gaps are built into cloud storage by using access controls (like additional log-in credentials, PINs, etc.) or even basing the storage in a location that is difficult for hackers to access.
What Is The 3-2-1 Air Gap Backup Rule?
The 3-2-1 rule is a well-known strategy for protecting data systems in the cybersecurity industry. The basic concept breaks down like this:
Clone at least three different copies of your most critical and important data.
Utilize at least two different types of media to store data (such as cloud storage or on a disk).
Keep at least one of those copies in a different physical space, somewhere that is offsite from where the main network lives.
The 3-2-1 rule is a primary strategy should you need to implement a disaster recovery plan. It’s something anyone with important and sensitive data should always think about doing. Adding an air gap to this essential backup rule is another layer of protection on top of that.
Essentially, that air-gapped system is the super-strength backup that gives your network a Teflon blanket should any other method fail. Air gapping is crucial as a standalone strategy, but it’s also very smart to apply it to the 3-2-1 protection rule.
Reading up to this point, you have probably deduced that air gapping can be extremely beneficial for protecting your data. There are other positives to utilizing an air gap strategy, including the following:
Helps protect networks from cyber attacks and other intrusive strikes from hackers, malware, and other ruinous software.
Helps prevent data from being completely destroyed and eradicated. Once data has been compromised to the point of a total loss, it can be very difficult (and sometimes impossible) to recover without a strong recovery technique like air gapping.
Protection and prevention are both vital functions that using air gaps can provide for your data. The fact that air gapping pulls double duty in providing both is another positive aspect of using the technique. Oftentimes, networks are subject to attacks that result in compromised data and/or loss. Air gaps help defend against both at the same time.
It’s always good practice to examine both sides of a strategy in order to make a decision about whether or not it’s right for you. While it’s easy to sing the praises of air gapping, there are some valid critiques of the technique.
One of the largest complaints about air gapping involves the extra energy and amount of time it takes to tend to an air gapped system. When a company is scrambling to recover important data, time is everything. Every second spent trying to restore information can be critical to disaster recovery efforts. While air gapped systems are one of the most secure ways to recover data, it does take more time to utilize them. This mainly applies to physical air gap systems.
Another possible issue to consider when using an air gapped system is choosing which kind to utilize. If you are thinking about a logical air gap system, there is a basic truth that can’t be ignored — online access. While security controls can be excellent measures for protecting data, the potential for network connectivity exists. That may require additional security measures and access controls to fortify the logical air gap.
Another possible downside to using an air gapped strategy is the actual physical structure of the system that stores the data. As information is stored in a specific location, and on removable devices, it creates an opportunity for others to corrupt or steal data. Some companies will assign designated people special clearance or responsibility for access to the air gapped system to lower the chances of it being compromised.
When you’re trying to decide whether or not using an air gap is right for your business, you have to consider various factors. Can it work? Sure, it can. However, will it work for your needs? Some of the questions you may want to ask yourself include:
How sensitive is your company’s data? If company data includes sensitive information that poses issues with privacy, government information, or anything else that needs optimal security and protection, you want as much security as you can possibly have for your network.
How confident are you about your employees and work team? If you’ve curated a workforce that you feel is reliable and trustworthy, you may not need to be as concerned about the air-gapped system being compromised.
Are you a large or small business? The decision to use air gapped systems could go either way. Larger companies often have more resources for securing their networks. If additional security measures are needed to protect data, larger companies may have the capital and IT staff to create a strong air gap strategy. They may also feel the costs outweigh the negative effects if they were to be in violation of Regulatory Compliance laws (GDPR, CCPA, CPRA, PCI, and many others) Smaller companies may not have the financial backing or expansive staff that larger companies do, but having fewer employees can be easier to manage. It could be easier to oversee an air gap system and, therefore, keep it secured.
These are only a few questions you might want to consider. Every company is different, as are its needs. Air gaps can work well for any system that needs ultimate protection, whether you’re a company or an individual. Take a hard look at what you want and need to do in order to determine if it’s an effective system for you to use.
Air gaps have been around for a while, but recent upticks in cyberattacks have made these strategies more important than ever.
Insecure and vulnerable networks can ruin people, businesses, organizations, and even government systems. Each of these entities has and still uses air gaps to protect data. Is it always a perfect system? No system or security measure is completely flawless. However, air gaps can be very hefty techniques that provide ample security when it’s applied correctly.
Give your company’s data needs a realistic assessment. If an air gapped system will be beneficial (and the odds are high that it will be), what type of system would be best for you to use? Keeping data secure is imperative for all sorts of reasons, including compliance. You just need to decide how you want to make sure that happens.
Veritas customers include 95% of the Fortune 100, and NetBackup™ is the #1 choice for enterprises looking to back up large amounts of data.
Learn how Veritas keeps your data fully protected across virtual, physical, cloud and legacy workloads with Data Protection Services for Enterprise Businesses.
Contact us today to receive a call from one of our representatives.