Skip to content Skip to footer

The value of an air-gapped cloud

air gap

Most businesses adopt insurance policies to mitigate the risk posed by accidents, disasters, or tragedies. But despite the enthusiasm of many businesses to hedge against such risks through taking out building insurance or public liability cover, they don’t hedge against one of the most immediate risks to business operations in the modern world: the loss of their data.

Today, ubiquitous access to data is essential for virtually every business in every sector. Whether it be your project files, customer records, the assets for your website, the continuity of your business is likely dependent on your team having instantaneous access to your data stores.

It’s far from unusual for today’s businesses to face temporary downtime from a data breach – which IBM estimated cost the average company $1.52m in lost business alone – or the permanent loss of years worth of data and business output. Either way, you need to insure yourself against this risk.

How do you insure yourself against the numerous causes of data disruption or loss, whether power outages, fires, floods, misconfigurations, ransomware, or sabotage? The answer lies in diversifying your cloud backups and introducing something called an “air-gap” into your backup plan.

Introducing 3-2-1

The best way to mitigate data disruption or destruction is through creating redundancy in your data storage approach: you should maintain copies of your data that are disconnected from your live workflows. In the event of disruption or data loss, you can then use your backups to restore business continuity.

As part of this, an air gap is crucial as it serves to alleviate a wide variety of risks that otherwise hang over a business. Natural disasters, accidental misconfigurations, ransomware, or internal sabotage; any data that’s stored with just one provider has a vulnerability to such threats simply owing to its proximity to risk.

Whether you’re storing all your data on-premise or working with an external cloud storage vendor to store your data, a good rule to follow when it comes to creating data redundancy is the “3-2-1” rule. This refers to the idea of keeping three copies of your data, with two on different media formats, and one copy kept off-site.

In particular, the final clause of 3-2-1 is vital: keeping a copy of your data off-site – or, in the case of cloud solutions, with a different vendor – represents an “air-gap” between the removed backup and the rest of your backups (along with your business operations).

Creating an air-gap on the public cloud

To air-gap a backup, you should look at your storage arrangements – in general, it makes sense to store an air-gapped backup with a public cloud storage provider. If your other backups are kept on-site or on a private cloud, then public cloud storage quickly takes care of the issue of physical removal.

And even if you already have other backups with one cloud storage provider, the cloud still makes sense for additional backups – it should just be saved with another provider in another data centre.

The main reason why the cloud is such a strong place for air-gapped backups comes down to economies of scale: public cloud data centres benefit from scale in terms of security arrangements, hardware costs, and human capital. Whereas an on-premises storage solution will require you to procure and arrange all three of the above, a data centre’s scale allows these large expenses to be converted into a small operational expense – and better yet, scaling your storage needs if you need to back up more data is also as seamless as raising your monthly fee, rather than embarking on a large procurement and infrastructure project on-site.

Using immutability alongside air-gapping

Alongside air-gapping, there are other measures you can take to secure your backups against any remaining risk of unintentional or intentional downtime or destruction. In particular, the public cloud offers you a very useful option to help safeguard your data – immutability.

When a cloud provider offers data immutability, data designated as “immutable” cannot be deleted or altered by anyone during a specified retention lifetime. Nobody – not you, a hacker, or a well-meaning coworker – can edit or destroy your backup when immutability is enabled, which removes a major component of remaining risk in your backup regimen.

Along with helping to prevent deletion, misconfigurations or ransomware from destroying your backups, immutability also presents many other benefits. For example, a data immutability option can help you comply with regulatory requirements like GDPR, which require organisations to ensure that data regarding external stakeholders is carefully handled and disposed of.

Ultimately, though, the principle of redundancy remains one of the most effective things to remember in determining your backup regime. Through remembering to air-gap a backup, taking advantage of the scale provided by the cloud, you can significantly reduce risks to your business operations from data downtime or loss.

Picture of David Friend
David Friend
CEO and Co-founder of Wasabi Cloud Storage

You may also like

Stay In The Know

Get the Data Centre Review Newsletter direct to your inbox.