Air gap backup has become one of the most misused terms in our industry, right up there with “immutable” and “secure.” Everyone’s throwing around this phrase, but when you dig into what they actually mean, you’ll find that most so-called air gap solutions aren’t really air gapped at all.
This blog post summarizes the main points of my latest podcast episode. If you’d like, you can listen to it or watch it at https://www.backupwrapup.com/
Let me take you back to when air gap actually meant something specific and concrete. Picture this: you’re running backups on tape, and when that backup job finishes, someone physically removes that tape from the drive and either puts it in their trunk to take home, or better yet, calls Iron Mountain to come pick it up and store it in an offsite vault. That tape is now truly air gapped – there’s literally a gap of air between your production systems and that backup copy, with zero electronic connectivity.
The Original Air Gap Backup Standard
Back in the tape era, air gap was straightforward. You had physical separation – no network cables, no wireless connections, nothing. If you wanted to restore from that backup, you needed to call someone, provide proper identification, follow established protocols, and have that tape physically delivered back to your facility. This provided protection against fires, floods, natural disasters, and even social engineering attacks.
The beauty of this system was its simplicity and effectiveness. Even if hackers compromised every system in your organization, they couldn’t touch those tapes sitting in an offsite vault. The only way to access them was through multiple layers of physical security and authentication processes that would make any cybercriminal give up and look for easier targets.
But here’s the thing – we moved away from tape for very good reasons. Tape was slow, backup windows were painful, and the whole process was operationally intensive. We got these amazing new technologies: deduplication, incremental forever, cloud replication, and the ability to have both onsite and offsite copies without touching a single tape.
Modern Air Gap Backup: Virtual Solutions
Today’s backup systems are predominantly online and connected, which creates a fundamental problem from a cybersecurity perspective. When everything’s connected, everything’s potentially vulnerable to ransomware and other cyber attacks. So vendors started adapting the air gap concept to work in our connected world.
What they came up with falls into several categories. First, you have immutable storage – systems that use WORM (Write Once, Read Many) technology where data simply cannot be deleted or modified once written. Even if attackers gain administrative access, they can’t alter or remove your backup data. The storage system itself prevents it at a hardware level.
The second approach uses Identity and Access Management (IAM) controls to create what I call a virtual air gap. You set up your backup copy in a completely separate cloud account or region, use different authentication systems, implement multi-factor authentication, and basically make it as difficult as possible for anyone to access that data, even if they compromise your primary systems.
Simulated Air Gap Backup Approaches
Some vendors have gotten creative with what I call simulated air gaps. These systems actually disconnect network connectivity when not actively replicating data. They might maintain separate management domains between source and destination, and only establish connections during scheduled backup windows. The rest of the time, that backup copy is essentially unreachable from your production network.
There are also approaches using different cloud providers entirely. If your production environment runs on AWS, you might replicate to Azure or Google Cloud using completely separate credentials and access controls. This cross-cloud strategy adds another layer of separation that makes it much harder for attackers to reach your backup data.
Evaluating Air Gap Backup Claims
Here’s my advice when vendors tell you their solution is air gapped: ask questions. How exactly is it air gapped? Can you electronically access that backup copy? Is there any network connectivity at all? What would it take for someone with administrative privileges to delete or modify the backup data?
Don’t just accept the term at face value. The marketing folks love to use “air gap” because it sounds secure and reassuring, but the technical reality might be quite different. Understanding what type of protection you’re actually getting is critical for making informed decisions about your backup strategy.
The goal remains the same as it was in the tape days: when disaster strikes, you need to be absolutely certain you have at least one copy of your data that attackers cannot reach or modify. Whether that’s achieved through true physical air gap, immutable storage, IAM controls, or simulated disconnection depends on your specific needs, budget, and risk tolerance.
Remember, nothing is 100% immutable or 100% secure. Even those tapes in the vault could be destroyed by fire or other physical disasters. The key is understanding what level of protection you’re getting and making sure it aligns with your organization’s requirements and threat model.
Written by W. Curtis Preston (@wcpreston), four-time O'Reilly author, and host of The Backup Wrap-up podcast. I am now the Technology Evangelist at S2|DATA, which helps companies manage their legacy data
