Free Document

Technical Insight: What to Look for in a Logical Air Gap


Air gapping, or isolating a storage environment from external connections, is a practice that has long been implemented by IT Operations as a best practice for establishing a “3-2-1” backup strategy. Air gapping has become more important than ever due to the prevalence of cyber-attacks; in an effort to force payment, attackers are very commonly targeting backup environments, rendering it necessary to have an isolated environment to store backup copies and to stage recovery operations. Put simply, even if a miscreant accesses the backup environment, they cannot access the air gapped copies. This limits the attack surface, providing data that can be used for recovery.

Traditionally, IT Operations has achieved an air gapped environment by shipping tapes offsite. While still a viable solution, many customers are looking for easier accessibility and faster recovery using their air gapped data. As a result, a host of “operational” as opposed to “physical” options have emerged, including offsite object stores, public cloud stores (e.g., AWS S3 Object Lock), and immutable and isolated file systems (e.g., Cohesity, Dell EMC PowerProtect Cyber Recovery, Infinidat).

What Constitutes an Operational Air Gap?

As the definition of an air gap extends beyond physical isolation, Evaluator Group has developed the following checklist of key capabilities for IT Operations to vet operationally air gapped systems:

  • Control over user access, in order to prevent bad actors from accessing data.
    • Multi-factor authentication (MFA)
    • Role-based access control (RBAC)
  • Control over network connections, in order to disconnect the air gapped “vault” from other portions of the IT environment and network other than when data is being transferred.

Download this free Technical Insight report to continue reading.

Related to this document:
Backup-as-a-Service (BUaaS) – Comparison Matrix, Data Protection Systems – Evaluation Guide, Technical Insight: 3-2-1 In the Age of Ransomware

Related Research



Document Type:


November 10, 2022

Log-in or Register to ACCESS

This free document is available for registered users. Please log-in or create an account.

User Registration

Register for the site

This field is for validation purposes and should be left unchanged.