Air Gapping: Without It, Your Data Protection Strategy Is At Risk

Posted 06/25/2018 by Kalyani Kallakuri

Mitigating the risk of loss in your data protection strategy involves comprehensive planning and the application of multiple techniques. One method, in particular, has come up recently in a few discussions with Commvault clients and prospects – air gapping. Although it’s certainly not a new topic or technique, it seems that it’s still an interesting area of conversation.

What is air gapping?

An air gap backup and recovery strategy means ensuring that, at any given time, one copy of your organization’s data is offline (disconnected) and cannot be accessed. If a file or system of files has no connection to the Internet or a LAN, it can’t be remotely hacked or corrupted. This enables storage of a secondary copy that is immutable. Cloud solutions are becoming a virtual, modern equivalent of air-gapped tape backup, but only if they are truly disconnected.

To get reliable backup and recovery, Commvault recommends a 3-2-1 backup plan, which I covered in a previous blog. For this discussion, the “1” is a copy of your data that is stored offsite in a cloud and can be made offline if required, which creates the air gap, making it disconnected and protected from external hacks. Of course, actual tape storage can also be used for this stored copy, although not very accessible or convenient. It is still a cheap way to prevent data loss!

Air Gap: Effective or Not

As discussed, an air gap or offline strategy ensures that a copy of your data is physically separate from the primary. Unfortunately, there is no guarantee that the air-gapped copy cannot get corrupted during the copy process. As an illustration, let’s say every evening a backup of your data is taken. The next morning, you were hit by ransomware and the data on your device got encrypted. If this ransomware corruption is not caught before the next backup cycle, the encrypted files will simply be replicated and become part of the backup set.

Assuming your backup strategy included an air-gapped copy to an offsite or cloud destination, the timing of such replication becomes important. If the ransomware corruption was still undetected at the time when the air-gapped copy was created, the backup set is rendered useless for recovery purposes. Alternatively, if the ransomware attack was detected prior to the creation of the next scheduled air-gapped copy, you would be able to temporarily halt further replication. You could then clean out the ransomware and restore data to a known-good state from backups, then resume creation of a clean air-gapped copy.

Backing up data to tape is definitely still an acceptable alternative for data recovery, and can be an important part of a good risk mitigation strategy. But slow restore times may result in missed recovery time objectives. So even though many of us think of tape as antiquated, it’s still a viable approach to recovery. On the other hand, storing data in the cloud is a modern, cost effective solution, making it an attractive alternative. However, since cloud providers typically charge for reads rather than writes, retrieving cloud data runs the risk of quickly become costly.


There is no doubt that in order to reduce risk to your data, air gapping should be an integral part of any backup and recovery plan. To achieve this, you need it to be part of an integrated methodology, where all possible threat routes are accounted and planned against. Air gapping will remain an interesting topic for the foreseeable future, make sure your data backup and recovery strategy includes it.

Learn how Commvault backup and recovery solutions help organizations address and solve common data management challenges through a holistic data management platform.

Kalyani Kallakuri is a Senior Product Manager for Commvault.