The Air Gap Controversy

In a previous blog post, we talked about the 3-2-1-1 data protection concept as well as “air gaps.” We’ve also discovered that viruses can corrupt files that are written to air-gapped technologies, such as tape, rendering them useless, and the same can happen to other offline types of media and data. In fact, scientists discovered years ago that computers can be air-gapped and still communicate!

In 2013, researchers were able to use microphones, speakers, and the air as the medium to communicate between computer devices.

In 2014, researchers discovered the ability for a computer to talk to a nearby cellular device, and named it AirHopper.

There are additional “covert” attacks that disrupt theories around air gaps as well, and most attackers wouldn’t even try to use such methods, but they exist. The thought is that “air-gapped” computers or systems/networks provide the ultimate in security was disproved years ago, should someone be willing enough and able. Backup files are usually stored in some form of remote storage and have been comprised in recent years. What do you do when you need access to the data?

The majority of restore activities occur from the most recent backup, which is why malware targets those files. Insiders with malicious intent may have access to your offsite backups as well, so it is important to have another copy of this data that is inaccessible to both the network and users. For cloud service providers such as Global Data Vault, the primary backup file repository must be available to tenants to write backups as needed, so how do we get the next layer of protection…the gap? Solutions to this could become expensive, both on the technology and labor levels, and those expenses get passed to end users.

Enhanced Data Protection, a proprietary GDV technology, allows files to be copied “offline” at regular intervals. EDP enables the updating of backup files across the “gap” without presenting the EDP repository to the network. In order for an attack to be successful, someone or something would have to infiltrate your network and the (completely different and external) network of Global Data Vault simultaneously, which is extremely unlikely. This would also trigger the BitLyft real-time threat protection and shut it down. We also keep the entire backup chain for each day specified in the retention policies, not just files that changed that day.

How do you, the customer, access that data should you need it? It couldn’t be easier—simply contact Global Data Vault. “It’s always our problem!”