Continue your mission
Backup isolation strategy using physical or logical separation from all network connectivity to ensure recovery capability survives complete network compromise.
An air-gapped backup strategy physically or logically isolates backup copies from all network connectivity, ensuring that no digital pathway exists for attackers to reach, modify, or destroy the backup data. Air-gapping represents the most extreme form of backup protection, creating a recovery capability that survives even complete network compromise.
Physical air gaps use removable media (tape, removable disk) that is transported to secure offsite storage with no network connection. Modern tape libraries (LTO-9 provides 18TB native capacity per cartridge) remain the dominant physical air-gap technology due to cost efficiency and decades-long shelf life. Logical air gaps use network-isolated storage that is only connected during backup windows through automated, time-limited connectivity -- the storage is unreachable from the network outside these windows. Cloud-based air gaps leverage immutable object storage in separate accounts with distinct credentials, multi-factor authentication, and network policies that block all access except from authorized backup servers during scheduled windows. Rotating air-gap schedules maintain multiple generations of backups with staggered isolation, ensuring at least one copy is always disconnected. Verification procedures include periodic test restores from air-gapped media to confirm data integrity and media readability.
Sophisticated ransomware groups maintain persistence in networks for weeks before deploying encryption, specifically to identify and compromise all accessible backup infrastructure. Air-gapped backups are immune to this tactic because they are physically unreachable during the attacker's dwell time. The Colonial Pipeline attack and numerous healthcare ransomware incidents demonstrated that organizations without air-gapped backups faced complete operational paralysis. CISA specifically recommends air-gapped backups in its ransomware guidance, and critical infrastructure frameworks mandate offline backup copies.
CDA covers air-gapped backup strategy within the Data Protection and Sovereignty domain as a C-HARDEN deliverable. Our missions design air-gap architectures balancing security with operational practicality, establish rotation and verification schedules, and test end-to-end recovery from air-gapped media to validate restoration timelines.
CDA Theater missions that address topics covered in this article.
Evidence collection and chain of custody ensure digital evidence maintains integrity and legal admissibility through forensically sound gathering techniques, cryptographic verification, and documented handling records.
Incident response plan development creates a structured, documented approach for handling cybersecurity incidents, defining roles, procedures, and communication protocols to enable rapid, coordinated response.
Written by CDA Editorial
Found an issue? Help improve this article.