The Definition of Air Gapping

April 21, 2023

The topic of cybersecurity in this day and age is at its most important, and there are two main reasons for that. Reason number one is the overall importance of data for any modern company. It is safe to say that information can be considered one of the most valuable resources in the world, and losing even a part of a company’s data can be a sign of its immediate downfall. As such, it is easy to see why companies put so many resources into securing their own data in many different ways. 

Reason number two is interconnected with the first one – it is the ever-rising number of cyberattacks being performed on a regular basis. With the current pace of year-to-year ransomware attack growth rates, it is predicted that a single ransomware attack will be performed every two seconds by the year 2031. The annual ransomware cost also keeps rising at an alarming pace, and it is already over a billion dollars, showing no signs of stopping whatsoever. 

Both the attack count and their complexity is growing on a regular basis, trying to keep up with the development of new and improved data security measures, from the traditional “perimeter” of a data security system to a more modern approach in the form of data-centric security system that dynamically changes the security of every data piece depending on circumstances it was opened in.

Neither of these approaches can be dubbed the perfect data security system. The traditional approach to data protection is a lot cheaper but has plenty of issues when it needs to keep up with all the modern variations of ransomware and cyberattacks. Alternatively, a data-centric security approach is far more complex and nuanced than its older counterpart, making it far more difficult for basic ransomware to overcome, but it is also a massive resource investment, and it can also be incredibly difficult to manage on a regular basis.

The topic of data security as a whole is vast and varied, and its complexity is difficult to underestimate. As such, it would be far more logical for this article to focus on one very specific data security tactic called air gapping. First of all, it is necessary to talk about the logic behind the majority of cyberattacks and how they work. The very basic principle of any cyberattack is an attempt to connect to one or several devices within a network in order to infect or modify other devices within that same network.

Connection is a keyword in this logic. Interconnected devices create a web of different systems and storage appliances that can be infected in many different ways. As such, there is at least some logic in suggesting that severing such a connection should make the device in question that much more secure from ransomware and other types of cyber threats.

Air gapping is the name of this concept. It is a rather unconventional security measure that relies on the isolation of a specific device from the rest of the system to prevent tampering with its contents. Air gapping is, by nature, not the most user-friendly data security measure, which is why it is not particularly widespread – and it is also not exactly perfect in its defensive capabilities.

However, there are also plenty of benefits to having an air-gapped system as a part of your corporate environment. Of course, there is the biggest benefit of using an air-gapped device or system – it makes the majority of existing ransomware and malware useless since this device lacks the connection to the rest of the system, and most of its interactions with the outside world are performed in a controlled environment. 

There are also many companies that use air gapping as one of the main data security tactics to create the “last resort” of sorts – a copy of their data that would not be affected by most traditional malware types so that it can always be used to restore the entire system in case anything happens, be it a data breach, a natural disaster, etc. As such, air gapping is a highly recommended tactic in the context of a “3-2-1” backup approach.

This particular approach is an age-old tactic that most companies use in some way or another. It relies on a company having at least three copies of its data at any moment, with these copies stored using two or more different storage mediums, and at least one copy from that list should be physically kept away from the rest, in a remote location of sorts so that it would not be affected by some sort of natural disaster or a physical robbery. It is a rather basic security tactic that is actually useful and easy to remember.

Going back to air gapping, it can also be an advantage to have a copy of your data in this particular state because of how more advanced and modern ransomware types work. There is an entirely new “branch” of ransomware that has been getting more traction recently, and this particular ransomware variation is looking for backups and additional copies of your data to delete or encrypt them before performing the same action with the original data source. As such, having at least one copy of your data that cannot be affected by this tactic is always a good idea.

In this context, the concept of data immutability is something that is often paired with air gapping to achieve the highest possible security level – not only removing any connection this specific data storage may have with other devices but also making it so that the data in question cannot be modified whatsoever once it was written.

Of course, air gapping has its own issues to deal with, just as any other data security method. Two of the biggest issues for air gapping are the human factor and the difficulty of adding new data to an air-gapped device or extracting data that is already stored there. However, both of these issues are mostly subjective and can be circumvented around or mitigated to some extent. More information about air gapping can be found in our article that goes over the nature of the air gapped system, as well as different types of air gapping, security vulnerabilities of this method, and more.


Tags


You may also like

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}