Managing Air-Gapped Backups
By James Speed | Perpetual Storage, Inc. Sales Manager
Air-gapped technologies often rank among the most affordable and effective backup solutions available to organizations. Using air-gapped storage solutions can introduce some challenges and organizations need to identify and use backup solutions that secure user logins and can manage different air-gapped technologies.
5 Challenges of Managing Air-Gapped Backups
- No support for physically air-gapped storage: Many organizations rely on cloud storage or hard drives. They may not have equipment or removable media solutions such as tape.
- No support for bucket or object lock: Many cloud storage providers offer bucket or object lock features. This feature causes the backup data to be immune from data deletions or changes. Effectively utilizing these features requires the backup solution to be able to recognize and manage it. Not all solutions support this functionality.
- Recovery Performance: Storing data on some air-gapped solutions may result in lengthy backup or restore time. (PSI’s Isolated Data Tier is unaffected by these short comings).
- Increasing Costs: Storing backup data utilizing air-gapped storage solutions may create a scenario where air-gapped storage costs grow. Offsite storage costs and transportation costs of the data bay also impact the final cost. It’s best practice to keep an eye on how much data is being stored in an offline medium. (PSI provides monthly reporting on exactly how much data is being stored so clients know what to expect in terms of cost)
- Creating and Managing Data Policies: Storing data offline in an air-gapped storage solution requires detailed policies that organizations must develop to dictate how the data is managed and retained. These policies must align with the business and regulatory requirements. Policies need to manage data that expires or requires deletion at the end of its useful life.
Effective Air-Gap Management Strategies
- Authenticate User Access: The backup process consists of the backup data, jobs, and users. Backup software’s must secure these components as part of the management process. Hackers may attempt to uncover user logins and passwords and attempt to access and compromise the backup software using the information. Hackers may attempt to negate air gap measures that have been implemented if they have access to the backup software. Multi-Factor Authentication (MFA) should be utilized by any reputable backup software. Additional role-based access control that requires a second individual needed to approve certain tasks such as updating existing backup policies, changing or deleting data can also greatly improve security.
- Software’s Ability to Manage Multiple Air-Gap Technologies: When utilizing backup software solutions, make sure it supports multiple air-gap technologies. This will provide more options to organizations to secure their data. Advanced backup software solutions will support cloud storage and physical media. Having the ability to store data on removable media and utilize tape libraries allows organizations to move the data out of the cloud and completely isolate it from the network to create an immutable copy.
- Manage Immutable Storage: Backup data residing on media secure from ransomware and insider threats should be kept off-site in a secure location. Only certain people with described levels of access should be able to recall or request the data be restored or transported.
- Monitor and Scan Backup Data for Ransomware: Organizations can’t assume that its’ production cybersecurity defenses are complete immune to ransomware. Organizations need to utilize software to scan their backup data to check if it contains ransomware. This could be problematic if the backup was infected and reintroduced a ransomware hack back into production during a restore. Having multiple instances of archived copies of data can also help reduce the risk of introducing ransomware during a restore.
- Transmit Data through Encrypted Methods. Data that is transmitted to the cloud and then to removable media should be encrypted on the organizations side, in transit, and at rest at the final destination where the data will reside.
How can PSI help?
While there are some challenges with managing air-gapped backups, the benefits far outweigh the challenges. PSI makes managing air-gap solutions easy and affordable. PSI excels at being able to provide expedient data restoration of large data sets by being able to upload the data to a mobile server and physically bringing it to our client’s destination of choice. Additionally, PSI helps keep the total cost of ownership of data sets lower by providing a monthly report on the exact amount of data being stored. If you’re interested in learning more about how physical air-gap solutions could work for your business, or you need help creating a policy that helps manage your data, feel free to reach out to us. We are happy to help or refer a partner who can assist you to determine the best data protection solutions that meet your organizations’ needs.
[1] DCIG. (2022). DCIG Technology Report: Leverage Air-Gap Technologies to Stop Ransomware Attacks and Meet Operational Object