Your privacy preferences for Zerto's websites has been saved. We will serve only essential cookies moving forward on this browser

As already mentioned, air-gapping is the mechanism used to create the actual isolation, or segregation between environments—production vs recovery. And the air gap can be physical or logical.

From the definition of ransomware, description of how a ransomware attack unfolds, right down to cyber resilience and ransomware recovery, we cover everything in this ultimate Ransomware Recovery guide.

The only way to transfer data in and out of a physically air-gapped system is through manual methods, such as carrying data on a USB flash drive or other removable media. This method is considered highly secure because it significantly reduces the attack surface for cyber threats.

Cloud air gap leverages the cloud as infrastructure as a service (IaaS) and uses digital technologies and advanced technics for access control as a way to implement the air gap between your environment and the cloud where your data might be stored.

A physical air gap refers to the complete physical isolation of a computer or network from other networks, including the internet. This means there is no physical connection (such as Ethernet cables, fiber optics, or wireless connections) that links the air-gapped system or network to any external devices or networks.

The Zerto Cyber Resilience Vault is a truly isolated, offline environment that uses physical and logical air gaps to guarantee true isolation.

The Snow Melting Control 654 is designed to operate electric or hydronic equipment to melt snow or ice from any surface including driveways, walkways, patios, business entrances, parking ramps, loading docks, hospital entrances, helipads or car wash bays. The surface temperature for snow melting is controlled automatically to reduce operating energy costs. The 654 has an automatic start and stop function when used with the Snow/Ice Sensor 090 or 094. Automatic start with a timed stop is available when used with the Snow Sensor 095. The 654 can operate a dedicated hydronic boiler or a mixing device. Isolation relays are required to operate line voltage pumps. Electric systems require a separate GFCI and electrical relay contactor.

An isolated recovery environment, is a secure, controlled space that's segregated from the main network. It's used for safely analyzing and recovering from cyberattacks without risking further contamination of the network or compromising the recovery process.

Image

Air gapping is security by isolation. An air gap is a security measure that physically and/or logically isolates a system from unsecured networks. The primary purpose is to create a barrier that prevents unauthorized access to sensitive data.

A logical air gap, on the other hand, refers to the use of software and configuration strategies to create a separation or isolation between systems or networks. This does not remove the physical connectivity but uses technologies like firewalls, virtual LANs (VLANs), and other network segmentation techniques to control and limit access between isolated systems and the wider network or internet.

When used together over an air-gapped network, an immutable data vault and an isolated recovery environment offer a powerful combination for cyber resilience.

However, backup immutability is about securely storing data that cannot be modified or deleted for a set period. Once past that retention period, the backup can be replaced.

Air gapping is one way to strengthen the 3-2-1 rule, along with immutable backups. This adds the requirement to have one copy of the data offline, or air-gapped, and forms the 3-2-1-1 rule. For a logical air gap, that means enhanced security (hardware, access management with additional credentials) and maybe using different accounts in the case of cloud air gap.

Leveraging zero-trust principles, the Zerto Cyber Resilience Vault enables rapid air-gapped recovery in the event of a serious cyberattack. If all else fails, Zerto's disconnected clean room, combined with a secure immutable data vault, allows organizations to get back up and running within a matter of hours.

Air-gapped systems are commonly utilized in environments where data security is of utmost importance such as, government agencies, military, and critical infrastructure sectors.

The term “air gap” refers to a security measure that involves physically isolating a computer or network from other networks, including the internet, to protect against unauthorized access, cyberattacks such as ransomware, and data breaches.

Image

Learn about data protection principles and technologies, and understand why it is important to prevent data loss and mitigate downtime .

This characteristic provides the ability to manage the backup infrastructure, in terms of storage volume and cost, while ensuring the integrity of the data, making it an effective defense against ransomware and malicious tampering, as attackers can't alter the backups to compromise data recovery processes.

This synergy enhances an organization's ability to recover from cyber incidents swiftly and securely, leveraging the strengths of both approaches to provide a robust defense against a wide range of cyber threats.

Logical air gaps are designed to reduce the risk of unauthorized access or data leakage between the segregated parts of the network, but since the systems remain physically connected, the security is not as robust as a physical air gap.

The convenience of a logical air gap comes at the cost of increased vulnerability to sophisticated cyber-attacks that can potentially bypass logical controls.

Image

While still a foundational rule for an effective backup strategy, the 3-2-1 rule has evolved to adapt to new threats such as cyberattacks—among them, ransomware attacks. In this scenario, a bad actor may gain access to the whole network, and therefore all the copies of the data, including potentially copies stored in the cloud, if not managed and secured in a different fashion.

Many vault solutions claim complete isolation or air-gapped systems. However, most vaults have numerous connections to outside networks for management, providing only partial network isolation.