When you think about network security, an air gap may not be the first thing that comes to mind. After all, it isn’t the most popular form of data protection, and it certainly isn’t the most convenient. But if you find out someday that your backups are corrupted, ransomed or lost, then you may realize that an air gap would have been a good idea.
1. What is an air gap?
An air gap is the lack of connection between a device and the rest of the network. If you take a device, disable its wireless connections (like Wi-Fi, cellular and Bluetooth) and unplug its wired connections (like Ethernet and Powerline), then you’ve air-gapped it. The device has no physical network connection and is not accessible over the network. It is completely separated, and as far as the network is concerned, the device does not exist.
2. Advantages and disadvantages of air gaps
Why would you want an air gap between a device and your network? The main reason is security. Almost all attack vectors depend on a network connection to spread and infect devices like PCs and servers. They can’t jump an air gap, so they can’t cause trouble. The problem is that there aren’t many things you can do with an air-gapped device. You can work offline if you have applications for word processing, spreadsheets and productivity installed on it. But almost every good use of a computer – the web, email, conference calls, collaboration, and software as a service — requires a network connection.
It’s a trade-off between security and usefulness. You wouldn’t air-gap your human resources system or manufacturing applications; you need them to be constantly online. That’s why almost anytime you hear about an air gap, it’s in the context of protecting your backup data.
3. What is an air gap backup?
The air gap backup is a way of putting your backup onto media that is physically disconnected from your network. The concept of the air gap has been around ever since administrators started worrying about viruses infecting their data, causing havoc like downtime, loss of data and loss of revenue. It has taken on new urgency in an era when they’re worrying more about ransomware, which causes so much more havoc.
Ransomware is usually executable, running as a process on an endpoint, like a computer, server, network switch, router, IoT device or smartphone. It scans the network looking for more endpoints that its payload can exploit. It figures out what’s running on them and delivers a payload that will encrypt every file and display a ransom notice.
Naturally, if you’re hit with ransomware, you’ll try to restore from your most recent, clean backup instead of paying the ransom. Unfortunately, the bad actors know that which is why the ransomware first scans the network looking for where you store your backups. Then, once it wipes out or otherwise infects the backups, it continues infecting all of your other endpoints. That brings us back to the air gap backup. Placing an air gap between your network and your backup device would be a good way to protect your data from ransomware, but how could you back up to a device that’s off the network? You’d have to keep connecting and disconnecting it every time you wanted to back up — which could be several times a day — and that would be a headache.
4. Types of air-gapped backup
That’s why most companies stop short of air-gapped backup; instead, they get as close as they can, balancing security with convenience. They have a few options based on factors like budget, risk tolerance and degree of automation.
5. Why is air gapping important?
The ransomware actors have made it a priority to destroy your backups or make them otherwise useless. They want to deprive you of your last line of defence. You’ve put plenty of other defences in place on your network before backups to avoid having a single point of failure. For instance, your servers have dual network cards, power supplies and disk arrays so your data remains safe and moving in case hardware goes down. And, you replicate among data centers for disaster recovery and business continuity.
But those defences do you little good in a ransomware attack. Most responsible businesses calculate how much a catastrophic outage costs them; it can range from thousands to hundreds of thousands of dollars per minute. When those minutes start adding up to days and weeks, the damage adds up very fast and can put you out of business altogether. Note also that regulations play a role in this. Sectors like banking, healthcare and government impose certification criteria or legal requirements that data be stored where it’s not network accessible. That’s often the starting point for a discussion about air-gapped data storage. Even if there is no regulatory requirement, if your business demands that level of protection, then air-gapping is important. https://growntechnology.com/how-low-code-can-help-businesses-automate-iot-networks/
Creating and maintaining an air gap always involves some inconvenience, so it’s an anomaly in a discipline like IT, where the focus is on unrelenting automation and digital transformation. Air-gapping your backups may not be the easiest technique for IT administrators to implement or maintain. But it is a simple way to preserve them from the ravages of ransomware. https://theconversation.com/with-the-increase-in-remote-work-businesses-need-to-protect-themselves-against-cyberattacks-138255