What is an air gap backup? Strategy, benefits and use cases

Types of air gap backup and deployment models

Besides physical and logical approaches to air-gapped backups, a hybrid method combines aspects of both. Each has a unique set of tradeoffs and deployment considerations.

Physical air gaps

A physical air gap effectively disconnects the backup storage target from the associated network. Physical air gaps are most appropriate for removable media -- traditional tape, optical media or external storage devices, such as network-attached storage (NAS) or USB-based devices. Once the storage target is disconnected from the network, such as detaching a NAS drive from a USB port, the storage device is securable -- on-site or off -- depending on organizational needs.

Physical air gaps provide the highest level of network security; data cannot be accessed while the storage target is physically disconnected from the network. However, manual intervention is repeatedly required. Someone must monitor the disconnected storage target and be able to access and reconnect the storage target when subsequent backups, or restorations, are needed. Also, a detached storage device or media may become lost or stolen.

Logical air gaps

A logical air gap is a misnomer. There is no actual "gap" between the backup storage target and the network. Software and strong security controls, including role-based access control, firewalls and careful network segmentation, isolate the logical air gap. Properly designed, these combined technologies prevent unauthorized access. Moreover, any administrative activity associated with the backup is logged and reviewable.

Logical air gaps are suited to more modern enterprise-scale backup platforms, such as storage servers, which cannot be practically disconnected. By keeping the backup storage target connected, access and recovery are typically faster than physical air gap approaches due to automation. Logical air-gapped backups also routinely incorporate immutable data techniques, such as blockchain, which cannot be altered or deleted once written.

Cloud-based backup storage is typically seen as a logical air gap. Cloud providers design their cloud infrastructure with extensive reliability and strong access controls, while users engage those capabilities and services through application programming interfaces. When properly used, clouds offer the same features as logical air gaps in local deployments.

Still, logical air gaps are vulnerable to malicious insiders and highly sophisticated attacks that circumvent software controls and other security measures. Security monitoring and logging are critical for logical air-gapped systems.

Hybrid air gaps

Hybrid air gaps integrate a layered mix of physical and logical air gap principles. This often means isolating the backup storage target from the associated network but permitting the backup system to communicate with other well-secured and monitored enterprise systems.

Hybrid air gaps pose problems. There is no single architecture for design or deployment, and the appealing balance of security and access is sometimes negated by unforeseen vulnerabilities or an unexpectedly weak isolation or interface. Hybrid air-gapped backup systems require significant expertise to design, introduce, configure and oversee.

Benefits of air-gapped backups

Air-gapped backups offer several important benefits for enterprise users, including the following:

• Security. Air gapping is among the strongest possible protections against many types of malicious attacks. By effectively removing a successful backup from the IT environment, the organization's overall attack surface is reduced, and the backup's valuable business data remains immune to malware infection, from keyloggers to ransomware.
• Integrity. Air gapping ensures backup data is complete, intact, unaltered and, if needed, ready for recovery. BCDR efforts, along with regulatory compliance, require high confidence in backup data integrity. It's especially important for industries such as healthcare with strict compliance standards.
• Faster recovery. Despite potential delays inherent in physical air gapping, air gap backups provide quick recovery from data loss events without major concerns about the data's security or integrity. The result is less business disruption and shorter downtime during recovery.
• Cost. Although the design and introduction of effective air-gapped backups has a cost, it's far lower than the consequences of a data loss event, such as a data breach, and resulting regulatory violations and litigation.

Limitations of air-gapped backups

Despite compelling benefits, air-gapped backups have numerous disadvantages that business leaders must consider before embracing this approach. Common limitations include the following:

• Human error. Physical and hybrid air-gapped backups depend on time-consuming, error-prone manual processes to connect and use the backup storage target. Mistakes expose vulnerabilities, from lost or stolen backup media to simply forgetting the air gap and leaving a backup storage target attached. Clearly defined practices and workflows are essential when using air-gapped backups.
• Wasted time. It takes time to locate, access and reconnect an air-gapped storage device. This wastes time since recovery cannot take place without a reattached, functioning backup storage device. Even logical air gaps slow recovery time due to the strong security mechanisms used on the backup storage target.
• Omitted maintenance. Air-gapped systems left disconnected from the network sometimes miss regular software updates to fix bugs and address security issues. This leaves the air-gapped systems vulnerable until updates are downloaded and installed manually, costing more time.
• Insider threats. While air gaps protect backups from many types of external attacks, they remain vulnerable to careless or malicious acts of insiders, such as theft of a disconnected drive. Similarly, weak access controls enable unauthorized use, further jeopardizing backup data's security and integrity.

Traditional backup vs. air gap backup vs. immutable backup

Business leaders must look closely at the differences between backup technologies to determine the strongest investments for their organizations.

Traditional backup

A traditional backup uses a backup storage target, such as a backup server, that's connected to the organization's principal network. The backup storage target is almost always connected, its media is rarely -- if ever -- air-gapped, and it may or may not employ common security measures, from strong authentication to encryption. It simply creates a copy of selected data as a backup.

Traditional backups are employed across industries and use cases, but their common deployment criteria leave them vulnerable to corruption, alteration, deletion, unauthorized access and cyberattacks, such as ransomware infiltration.

From this perspective, traditional backups that remain on the network present a vulnerable attack surface. However, such backup deployments present only modest operational complexity and are often easily automated.

Air gap backup

As described earlier, air gap backups provide a physical or logical separation between the production environment and the backup storage target. Ideally, such separation prevents communication between the backup storage target and the network. Physical air gaps literally disconnect the backup from the environment; logical air gaps create a virtual disconnection.

Air gaps foster stronger security to protect the backup from corruption, alteration, theft, deletion or malicious attacks. In fact, air gaps eliminate most attack surface and shield backups from malware. Air-gapped backups also frequently couple with other security technologies, including encryption and immutability techniques, such as blockchain or write once, read many (WORM) media.

However, air-gapped backups bring logistical challenges. Isolated media often requires retrieval and transport to a suitable drive before recovery. These unwelcome delays to the restoration process complicate BCDR.

Immutable backup

Immutable backups are designed to ensure backup data is complete and accurate. Once written, the backup data is physically or logically unchangeable, preventing any alteration, deletion or destruction. Immutable backups also protect backups from malware and accidental changes. However, immutable backups generally use full-time connections with the principal network and sometimes skip additional security techniques, such as encryption. This creates vulnerability to data breaches and demands a thorough security assessment.

Immutability is supportable physically or logically. WORM media, such as optical discs, provide physical immutability. Distributed ledger technologies, such as blockchain, deliver logical immutability.

Immutable backups often join with air-gapped backup technologies to produce a mix of benefits. These blended technologies reduce the network exposure and attack surface of air gapping, while adding the security of immutability. However, blended backups also result in longer recovery times and, on occasion, lost media.

Enterprise use cases for air gap backups

Air-gapped backups serve a wide range of organizations. Common industry examples of air gap backups include the following:

• Financial. Air-gapped backups protect sensitive financial data, prevent data breaches and ensure the operational integrity of banks, for example.
• Healthcare. Air-gapped backups safeguard sensitive medical data, including patient records and test results, and ensure compliance with regulations such as the Health Insurance Portability and Accountability Act.
• Manufacturing. All types of manufacturing employ air-gapped backups to protect the data collected and analyzed through the production process. This ensures manufacturing and quality standards are maintained following data loss.
• Military. Air-gapped backups secure classified information and protect military operational data.
• Municipal infrastructure. Air-gapped backups secure the operational data and workloads that control important infrastructure, including water purification and distribution, electricity generation and waste management. Similarly, air-gapped backups protect the vast volumes of data generated through internet of things fleets.
• Research. Air-gapped backups protect vital industry or educational research data, such as analyses or test results, ensuring years of work are never lost, stolen or destroyed.