Airgap backup refers to a data protection method where backups are physically or logically isolated from the network, making remote access or compromise by cyberattacks impossible.
This approach creates a “void” (hence the term air gap) between the data and potential threats, by storing backup copies on disconnected media or in isolated systems.
The concept of airgapping is particularly useful for securing data against ransomware and other malware by ensuring that a clean copy is always available for restoration.
Some examples of airgap backup techniques include:
- Magnetic Tape Backup: Using magnetic tapes to store data, which are then physically stored in a secure location away from the corporate network.
- Disconnected External Hard Drives: Backing up data on external hard drives that, once the backup is complete, are disconnected from the system and kept in a safe place.
- Isolated Dedicated Storage Systems: Setting up specific storage systems that are physically separated from the main LAN network and accessible only in a controlled manner for backup updates.
- Object Storage with Virtual Airgap: Although cloud object storage is generally continuously connected, it’s possible to create a form of virtual airgap using strict security policies, such as single-use, time-limited access tokens or strong authentication mechanisms. Data can be backed up to the cloud and made inaccessible over the network except during predefined backup or restoration windows, thus adding a layer of logical separation between the data and potential threats. This approach requires rigorous management of access and permissions to ensure that the “gap” is effectively maintained.