Overview

The interest in air gapped storage comes from use in protecting from cyber attacks by having a known good copy of data for recovery. Attacks have included alteration (such as encryption) or deleting copies of data (usually backup copies) to inhibit recovery, yielding a greater probability of paying a ransom or for cyber warfare purposes.

The idea of air gapped copies is to insure there is a copy that cannot be accessed by any exploitable means. Exploitable includes access from a system through an application or system-level software that was introduced to cause malicious activity and from administrative access through compromised credentials that can delete or alter data. The general rule is if a device can be reached, it can have data affected. The mitigation for this is air gapped copies.

There are two basic types of air gapped storage defined with a number of variations in implementation. The easiest to understand is a physical air gap where the data is physically disconnected, either by removal (such as with tape or removable devices) or by a storage system where the network connection is removed (disconnected). The other type is a logical air gap, also called an operational air gap, where the access by normal means is removed and only through explicit, controlled methods can the air gapped copy of data be accessed.

Regardless of the type, air gapped copies of data must ensure a good copy of data is maintained. One that is fundamental is that the copies of data stored for an air gap must be ‘clean’ (without alteration or with a latent malware infection of some type). There are other issues that need to be considered.

Download this free Technical Insight report to continue reading!