Data Management Glossary
An air gap, in the context of computer security, refers to a physical or logical separation between a computer or network and any external or untrusted networks or systems. It is a security measure used to protect sensitive or critical information from unauthorized access or cyber threats.
The concept behind an air gap is to create a physical or logical barrier that prevents direct communication or data transfer between the protected system and external networks. This isolation helps reduce the risk of malicious actors or malware infiltrating the system and compromising its security.
Physical and Logical Air Gap
- Physical air gap: The isolated system is physically disconnected from any external networks, typically by physically unplugging network cables or using dedicated networks that are not connected to the internet or other networks. This is commonly seen in high-security environments or critical infrastructure systems where data protection is of utmost importance.
- Logical air gap (or virtual air gap): Using network configurations, firewalls, or security controls to create a virtual separation between the protected system and external networks. While the system may still be physically connected to a network, it is isolated in such a way that communication with external systems is restricted or highly regulated.
Air gaps are commonly employed in situations where highly sensitive or classified data is involved, such as government or military networks, financial systems, or critical infrastructure control systems. However, it is important to note that air gaps are not foolproof and additional security measures should be implemented to address potential risks like insider threats or physical access breaches.
In the blog post How to Protect File Data from Ransomware at 80 percent Lower Cost, there an overview of how to create affordable cloud ransomware recovery copy that is logically air-gapped.
If you want to use Komprise for both hot and cold data, Komprise can create an affordable logically isolated recovery copy of all data in an object-locked destination such as Amazon S3 IA, so data is protected even if the backups and primary storage are attacked.