Adding an Air Gap to the 3-2-1 Backup Rule

It’s not a matter of IF your business will succumb to hackers, a natural disaster, insider threat, or other mismanagement of data. It’s a matter of WHEN. Naturally, it’s become common practice to keep safe backups of anything business essential, but how companies keep those backups varies considerably. Disasters are inevitable, and a disaster recovery plan is essential to business continuity. What is missing from many of those recovery plans, however, is a fundamental understanding of air gap backups. They provide a final means of defense that can make a significant difference when recovering from a data disaster.

What Is an Air Gap?

An air gap, also called an “air wall” or “air gapping,” is a security measure that protects data from intrusion. The concept is simple: any device that isn’t connected to a network cannot be attacked remotely. The very name is derived from the principle. If the circuit is broken — or air exists between items in a network — then only a physical attack can threaten the data. In terms of disaster recovery, the idea is to place backups behind air gaps. This protects them from malicious software, direct cyberattacks and other corrupting threats. Typically speaking, air gaps are thought of as a final layer of protection for data integrity. More accessible backups are used more often, but if everything else fails, the air-gapped backups should provide a preserved copy and be capable of restoring the whole networks system. 

What is the 3 2 1 rule?

Updating the 3-2-1 Backup Rule

You’ve probably heard of the 3-2-1 backup rule. It goes like this: replicate to at least 3 copies of your data, local hardware, cloud, backup cloud. Some companies store these copies on 2 different media (tape/disk/Cloud), and place at least 1 copy off-site/off-premise. This is a great start to a DR plan, but what if ransomware compromises administrative passwords or domain info that allows that backup copy to be corrupted? Adding the “1” step insulates the data from further damage. The backup rule is now 3-2-1-1. That extra “1” accounts for an air-gapped copy of your data.

Are Cyber Attacks Really a Risk?

Yes. Cyber attacks are a reality. Large companies will suffer a data breach of some type, and small companies are certainly not immune to a hacker’s interests. Every year new names are added to the long list of compromised data sheets. Any collection of employee, customer or user data is potentially worth attacking, and the frequency of attacks is on a meteoric rise.

According to a poll by CSO, the rate and variety of attacks is growing every year, and it is already the largest financial threat to most businesses. Estimates suggest that by 2021, the total cost of cyberattacks will hit $6 trillion. Clearly hacking has become big business. That additional air-gap “1” is critical in preserving a clean set of data from their meddlesome ways.

Find out more about protecting your data with the 3-2-1 rule:


Challenges of Air Gapping

While air gapping can provide an ultimate line of defense, it comes with it’s own challenges. At the top of those costs is labor. When devices are completely disconnected from a network, they have to be physically accessed. This limits automation and requires man hours to do. Automated solutions do exist, but any device that is automatically connected to and disconnected from a network could potentially become compromised. There really is no way around this trade-off.

The other great challenge of air gapping is ensuring security. The walled devices are safe when they are disconnected, but at some point they have to communicate with other devices in order to update the backup. Hidden malicious software can be transferred during those updates.  Global Data Vault minimizes this risk by providing enterprise-level security measures that detect any unusual data movement within the network.

By utilizing BitLyft on your networked account, we are able to monitor, detect and neutralize threats in real-time. BitLyft also provides automated incident responses to detect and neutralize future threats based on information gained from previous attacks, further offering a higher level of data protection. Ultimately, air gapping is part of a holistic approach to network security. IT professionals have been following the golden rule of triplicate backups for decades, and air gapping remains a key component to maintaining a fresh data set.


Submit a Comment

Your email address will not be published. Required fields are marked *