After a friend’s website got hacked and the air gap backups we created on our dime because we were worried about just such a disaster helped with recovery, I sat down to write this comprehensive Air Gap Backup Guide. Find more about the air gap backups we used to help recover in my summary.
Hackers are intelligent and have one job - attacking your critical data, websites, cloud storage, apps, and storage media. Their malware, ransomware attacks, and genius will test your data security, recovery strategies, and team like nothing else.
I started WTE twenty years ago when our data management and systems were different (what an understatement!). Then, we used tape backups and rudimentary backup software, usually backing up late at night because backups required CPU horsepower we didn't want to lose for critical systems during the day. And we had to cross our fingers because data recovery from a tape library is like walking across a desert with no water - hard, hot, and just about impossible.
Offline backups were the rule rather than the exception back then, so we had many air-gapped networks. Everything wasn't connected then. In "everything old is new again" truths, attacks capable of tunneling into common cloud backup strategies create a new need for air gap backups.
Today's air gap solutions differ from ensuring a tape is offsite. Automation, cloud storage, and cloud-to-cloud backups with Amazon web service (AWS) mean our admins accomplish and protect more data with less work and costs. Discover how air gap backups can save your job, company, and livelihood by clicking on these links.
Air gap backups physically isolate a computer or network from the internet and other networks. This physical isolation creates an "air gap," preventing attacks through online channels. Air gap security is not a new concept, but it has become increasingly relevant due to the rise of ransomware attacks. Ransomware is malware that infects a computer or network and encrypts the files so they are inaccessible to the user. The hacker behind the attack demands payment in exchange for the decryption key, with no guarantee of a key even after payment.
Air gap security prevents malware from reaching the backups. No system is foolproof. However, air-gapped backups are susceptible to corruption via physical means, such as introducing an infected USB drive or other external media into an air-gapped system. The social engineering required to activate these attacks is more complicated and time-consuming, so air gap security deters all but the most determined attacks.
Air-gapped security may be more expensive than other forms of backups, but what's your data worth? Most companies must protect crucial internal data and information about customers, website visitors, and app users. It is easy to imagine a multi-million dollar lawsuit if such sensitive information got breached, so spending a few dollars to protect everything you've worked so hard to create is insurance money well spent.
Air gap security is an essential tool in the fight against ransomware and other cyberattacks. By creating a physical barrier between your backups and potential attackers, air gap security creates an additional layer of protection to keep sensitive information safe. As the threat and severity of cyberattacks grow, we're betting more organizations will turn to air gap security as a crucial part of their cybersecurity strategy, so use the links below to learn about how secure your products, brands, websites, and data are.
Cybersecurity protects computer systems, networks, and digital information from unauthorized access, theft, or damage. WTE's cybersecurity involves various techniques, strategies, and security partners, such as Imperva, designed to prevent or mitigate cyber attacks from malware, phishing, hacking, and other attacks.
In rare cases, cyber attacks can hurt and may carry ongoing severe consequences, including financial losses, reputational damage, and physical harm. As a result, there are different aspects of cybersecurity:
Cybersecurity is a complex and constantly evolving field because cybercriminals continue to develop new and more sophisticated attacks. Human error is a factor too. One infected USB drive, forgetting to upload the latest security patch, or letting legacy systems fall too far behind make mission-critical systems vulnerable.
Several common backup strategies insulate data from loss or corruption, including:
A full backup is a complete copy of all data on a computer or network. Full backups provide the most comprehensive protection but can be time-consuming and resource-intensive, especially for big, frequently changing datasets.
An incremental backup adds data that has changed since the last backup. This approach can be more efficient than a full backup, as it only requires backing up a small amount of new or revised data. Data recovery and restoration may take longer, as it may need restoring several incremental backups to recover all data fully.
A differential backup only backs up data changed since the last full backup. This approach can be more efficient than a full backup but requires more storage space.
A mirror backup creates an exact copy of a system or data, including all files and folders. Mirror backups are easy to restore since it provides a complete copy of the system or data.
Cloud backups store data in remote data centers, usually managed by a provider such as Amazon Web Services (AWS). Cloud backups are one off-site data backup approach.
A hybrid backup strategy combines backup methods. We like and have implemented many hybrid backup strategies.
Factors such as the amount of data needing backup, the frequency of backups, and the speed of recovery are factors to consider when designing a backup and recovery plan. By carefully considering these factors and selecting the appropriate backup strategy, individuals and organizations can protect their data and ensure business continuity in the event of data loss or corruption.
Role-based access control (RBAC) restricts resources based on a user's role within an organization. As a result, RBAC ensures users access the resources they need to perform their job. Each user is assigned one or more parts, with those roles defining access to tasks and resources based on the job function, department, or other business rules. In addition, roles have defined permissions for specific actions a user can perform. For example, an accountant might have permission to view financial data but not modify it.
RBAC has several benefits:
RBAC helps prevent unauthorized access to resources while reducing risks associated with data breaches.
RBAC ensures users access the resources they need to do their job, increasing efficiency and productivity.
RBAC allows administrators to manage access to resources based on roles and permissions rather than individual users.
RBAC is a practical approach to access control that can help improve security, increase efficiency, and simplify administration. In addition, RBAC provides a flexible and scalable approach to access control that can be adapted to meet the organization's changing needs.
Air gap security prevents malware from reaching the backups. The malware cannot access the files by physically isolating the computer or network. No system is foolproof. Air-gapped backups are susceptible to corruption via physical means, such as introducing an infected USB drive or other external media into an air-gapped system. The social engineering required to activate these attacks is generally more difficult and time-consuming than online channels, so air gap security effectively deterrents all but the most determined attacks.
Air-gapped security may be more expensive than other forms of backups, but what's your data worth? Most companies must protect crucial internal data and information about customers, website visitors, and app users. It is easy to imagine a multi-million dollar lawsuit if such sensitive information got breached, so spending a dollar or two to protect everything you've worked so hard to create is money well spent.
Air gap security is an essential tool in the fight against ransomware and other cyberattacks. By creating a physical barrier between the system and potential attackers, air gap security creates an additional layer of protection to keep sensitive information safe and secure. As the threat and severity of cyberattacks grow, we will see more organizations turn to air gap security as a crucial part of their cybersecurity strategy, so let's learn about the different types of air gap backups.
In cybersecurity, an air gap is a physical separation between computer systems or networks to prevent unauthorized access or data transfer. Different types of air gaps can be implemented, depending on the level of security required. Here are some common types of air gaps:
Hard Air Gap
The strictest kind of air gap with absolutely no network connection between systems or the Internet. Systems are physically isolated and cannot exchange data, making it impossible for an attacker to tunnel in through the introduction of an infected USB drive requires additional security measures.
Soft air gap
Soft air gaps allow limited communication between two systems, but only through specific channels and strict controls. For example, a computer network might be isolated from the Internet but still allow data transfer through a designated and tightly-controlled gateway.
A diode allows data to flow in one direction only. A data diode might enable data to flow from your network to an unclassified network (such as the Internet), but not the other way around.
Virtual or Logical air gap
Virtual air gaps use software techniques to create separation between systems, even when physically connected.
Systems remain connected in a logical or virtual air gap, but it is difficult for attackers to breach it. For example, two systems might be on different networks with strict access controls or use encryption and other security to protect data transfer between them.
Some systems cannot be physically isolated. When physical separation is impossible logical or virtual air gap backup may be the only option. For example, a financial institution might use a logical air gap to protect its trading systems from the rest of its network; a hospital may use an air gap to protect patient data.
Ransomware is malware designed to encrypt files on a computer or network, making those encrypted files inaccessible to their owners and creators. Attackers demand payment, typically in cryptocurrency, for the decryption key to unlock the files.
Ransomware attacks begin by downloading a malicious file or clicking on a link. Once the malware gets installed, it encrypts files displaying a message demanding payment in exchange for a decryption key. Next, attackers may threaten to publish the stolen data or delete the encrypted files.
There are two main types of ransomware: encrypting and locker ransomware. Encrypting ransomware encrypts files on the victim's computer or network. Locker ransomware locks the victim out of their computer or network, holding it hostage.
Ransomware attacks can be devastating. In addition, victims may face legal and regulatory matters if they fail to protect their data or if human error contributes to data vulnerability.
When your worst nightmare happens, your disaster recovery plan should kick in. Creating a disaster recovery plan involves several steps:
Risk Assessment - Identify threats and their impact on systems and data.
Continuity Planning - Develop a detailed plan so a company can operate when a disaster happens.
Recovery Testing - Testing your recovery plan once a quarter (at least) is a good idea, so you know how your recovery systems work before everyone is frantic to respond.
Incident Response - Implementing dashboard monitoring and alert systems to rapidly respond to a potential disaster because the best disaster plan is to avert and avoid them.
Training - Training employees on how to keep crucial systems secure and respond in the event of a disaster is money well spent.
Disaster recovery is a critical component of business continuity planning. Rapid recovery from natural or manufactured disasters helps minimize the impact on a business.
Cybersecurity will only increase in importance because the number and severity of attacks only go in one direction - more. As you've read, backing up your mission-critical data, applications, and websites is crucial, but backups aren't enough these days. Another option is needed when attackers know how to tunnel into standard backup systems. We air gap our backups and regularly pass strict security audits since some of our customers are state governments, and we worry about the details because hacking happens, as does recovery.
We dramatically demonstrated the value and importance of creating air gap backups when ransomware malware tunneled into a friend's legacy system. Within hours their site was down, and their files were encrypted and inaccessible. We'd created air gap backups as a favor and on our dime because we were worried about their legacy system vulnerabilities.
We create air-gap backups using an external Network Attached Storage (NAS) device for disaster recovery. These NAS drives aren't in our Raleigh, North Carolina, datacenters. We selected an alternate location with segregated connections, internet, admin accounts, encryption, and layers of redundant security. Creating this gap between core files with cloud backups happening frequently and full backups occurring less frequently but with more security is an essential part of any disaster recovery plan.