When you think about network security, an air gap may not be the first thing that comes to mind. After all, it isn’t the most popular form of data protection, and it certainly isn’t the most convenient.
But if you find out someday that your backups are corrupted, ransomed or lost, then you may realize that an air gap would have been a good idea.
What is an air gap?
An air gap is the lack of connection between a device and the rest of the network. If you take a device, disable its wireless connections (like Wi-Fi, cellular and Bluetooth) and unplug its wired connections (like Ethernet and Powerline), then you’ve air-gapped it.
The device has no physical network connection and is not accessible over the network. It is completely separated, and as far as the network is concerned, the device does not exist.
Advantages and disadvantages of air gaps
Why would you want an air gap between a device and your network? The main reason is security. Almost all attack vectors depend on a network connection to spread and infect devices like PCs and servers. They can’t jump an air gap, so they can’t cause trouble.
The problem is that there aren’t many things you can do with an air-gapped device. You can work offline if you have applications for word processing, spreadsheets and productivity installed on it. But almost every good use of a computer — the web, email, conference calls, collaboration, software as a service — requires a network connection.
It’s a trade-off between security and usefulness. You wouldn’t air-gap your human resources system or manufacturing applications; you need them to be constantly online. That’s why almost anytime you hear about an air gap, it’s in the context of protecting your backup data.
What is an air gap backup?
The air gap backup is a way of putting your backup onto media that is physically disconnected from your network.
The concept of the air gap has been around ever since administrators started worrying about viruses infecting their data, causing havoc like downtime, loss of data and loss of revenue. It has taken on new urgency in an era when they’re worrying more about ransomware, which causes so much more havoc.
Ransomware is usually executable, running as a process on an endpoint, like a computer, server, network switch, router, IoT device or smartphone. It scans the network looking for more endpoints that its payload can exploit. It figures out what’s running on them and delivers a payload that will encrypt every file and display a ransom notice.
For example, it could find a server running Windows 10 without a certain security update; it would exploit that vulnerability. Or it could find a network switch and propagate itself by infecting devices connected to the switch. To cause as much havoc as possible, ransomware propagates quickly, and if your backup data is on the network being crawled, then it’s in danger.
Naturally, if you’re hit with ransomware, you’ll try to restore from your most recent, clean backup instead of paying the ransom. Unfortunately, the bad actors know that which is why the ransomware first scans the network looking for where you store your backups. Then, once it wipes out or otherwise infects the backups, it continues infecting all of your other endpoints.
That brings us back to the air gap backup. Placing an air gap between your network and your backup device would be a good way to protect your data from ransomware, but how could you back up to a device that’s off the network? You’d have to keep connecting and disconnecting it every time you wanted to back up — which could be several times a day — and that would be a headache.
Types of air-gapped backup
That’s why most companies stop short of air-gapped backup; instead, they get as close as they can, balancing security with convenience. They have a few options based on factors like budget, risk tolerance and degree of automation.
Tape backup
Tape is the only truly air-gapped approach to backup. It has been around longer than computers have, and it has no end in sight. It’s the original air gap, and when a business needs offsite storage, the conversation always turns to tape.
You back up your data to tape. Then, you eject the tape from the library — instant air gap! You store it offsite, or you contract with an information management company that picks it up and puts it into a fireproof, disaster-proof vault so that it’s air-gapped and secure. Your data is protected against natural disasters, and ransomware will never find it because it’s offline.
Specifications for a full tape backup solution include the tape library hardware itself, the number of tapes to buy, a tape rotation schedule and a data retention policy. The manual aspect of tape backup doesn’t quite fit the model of digital transformation, but it can be relatively inexpensive insurance against outages from ransomware.
Cloud services
Cloud service providers (CSP) offer long-term archiving that air-gaps your data in the sense that cloud storage is not on your network; therefore, ransomware cannot reach your data.
The CSPs have designed services specifically around ransomware. Besides standard cloud storage, they offer tiers for long-term, archival storage, which has two advantages: lower cost and slower retrieval (measured in hours). By making your data not instantly accessible, they provide the de facto air gap of long-term storage that is disconnected from your network.
The delay for recovery is on par with that of tape, so you can consider it a kind of air gap.
Immutable storage
While technically not air-gapped, immutable storage also offers strong data protection.
Recall that the ransomware executable has to first find and then modify your files to encrypt them. And, if you don’t pay, it has to be able to delete them. With immutable backup storage, your vendor (or whoever is ingesting your data and providing a target for it) ensures that, once the data is stored, it can’t be modified or deleted. Your backup data is fixed and cannot be changed.
Immutability gives you the security of an air-gapped solution yet retains the online connection to your backups.
Why is air-gapping important?
The ransomware actors have made it a priority to destroy your backups or make them otherwise useless. They want to deprive you of your last line of defense.
You’ve put plenty of other defenses in place on your network before backups to avoid having a single point of failure. For instance, your servers have dual network cards, power supplies and disk arrays so your data remains safe and moving in case hardware goes down. And, you replicate among data centers for disaster recovery and business continuity.
Patch, secure, and manage every endpoint
Protect all your systems, applications and data.
But those defenses do you little good in a ransomware attack. Most responsible businesses calculate how much a catastrophic outage costs them; it can range from thousands to hundreds of thousands of dollars per minute. When those minutes start adding up to days and weeks, the damage adds up very fast and can put you out of business altogether.
Note also that regulations play a role in this. Sectors like banking, healthcare and government impose certification criteria or legal requirements that data be stored where it’s not network accessible. That’s often the starting point for a discussion about air-gapped data storage. Even if there is no regulatory requirement, if your business demands that level of protection, then air-gapping is important.
Conclusion
Creating and maintaining an air gap always involves some inconvenience, so it’s an anomaly in a discipline like IT, where the focus is on unrelenting automation and digital transformation.
Air-gapping your backups may not be the easiest technique for IT administrators to implement or maintain. But it is a simple way to preserve them from the ravages of ransomware.
