Introduction
Air gapping, or isolating a storage environment from external connections, is a practice that has long been implemented by IT Operations as a best practice for establishing a “3-2-1” backup strategy. Air gapping has become more important than ever due to the prevalence of cyber-attacks; in an effort to force payment, attackers are very commonly targeting backup environments, rendering it necessary to have an isolated environment to store backup copies and to stage recovery operations. Put simply, even if a miscreant accesses the backup environment, they cannot access the air gapped copies. This limits the attack surface, providing data that can be used for recovery.
Traditionally, IT Operations has achieved an air gapped environment by shipping tapes offsite. While still a viable solution, many customers are looking for easier accessibility and faster recovery using their air gapped data. As a result, a host of “operational” as opposed to “physical” options have emerged, including offsite object stores, public cloud stores (e.g., AWS S3 Object Lock), and immutable and isolated file systems (e.g., Cohesity, Dell EMC PowerProtect Cyber Recovery, Infinidat).
What Constitutes an Operational Air Gap?
As the definition of an air gap extends beyond physical isolation, Evaluator Group has developed the following checklist of key capabilities for IT Operations to vet operationally air gapped systems:
- Control over user access, in order to prevent bad actors from accessing data.
- Multi-factor authentication (MFA)
- Role-based access control (RBAC)
- Control over network connections, in order to disconnect the air gapped “vault” from other portions of the IT environment and network other than when data is being transferred.
Download this free Technical Insight report to continue reading.