What is air-gapping you cry? Put simply, it is physically isolating IT systems from network access, either internet, local network or both.
Critical government & military environments already employ air-gapping to prevent unauthorised access or worse. Of course in this world of online access, it is clearly impractical to isolate systems in this way, so we do the next best thing and lock down remote access and patch our environments to prevent nasties like WannaCry happening – hopefully…
Should the unthinkable happen, provided you have a sensible backup regime in place then all is good, just roll back to the last backup. But what if your disk-based backups have also been compromised? There are Trojans specifically written to seek out backup files by file name ie .bak, .bkf etc., encrypting these as well as the live data itself.
This is where air-gapped backups come in – put a copy of backups to tape or even on a removable drive and they can’t be compromised. Backup best practice has always advocated the 3-2-1 policy: 3 copies of critical data across at least 2 different medias with 1 copy off-site. There is now a suggestion that 1 copy offline is also worth considering.
Cloud backup also provides some distance between live and backup data: depending on the solution employed the backup data may only be visible through the application itself with its own in-built security and user authentication. Our Veeam Cloud service is an example of this, as the backup files are not visible from the customers environment and only recoverable through Veeam itself.
Also more and more backup software providers are building in tools to scan and identify potential ransomware / encryption activity before it takes hold: both our Datto and Veeam solutions now offer this capability.
Written by Ian Burleton