Air gap Backup – Are they the answer to ransomware?

air gap backup
COVID-19 is not the only pandemic that the world is facing today. As businesses continue to work remotely, there is a surge in ransomware cases as cybercriminals are leveraging emerging gaps in enterprise security. This has led the enterprises to explore innovative concepts like air-gapped backups to safeguard their data assets.

Surge of Ransomware Attacks

A research study mentions that in the third quarter of 2020, there has been an increase of 50% in the daily average of attacks as compared to the first half of 2020. Thousands of small and large organizations worldwide are being targeted by attackers who see this as an opportunity to lock user systems and extort money in return for users’ data and access to their systems. The attacks have become so successful, that they are claiming a new victim every 10 seconds, making ransomware the most lucrative attack method for cybercriminals.

Backups are the new targets

Backups have widely been touted as the antidote to ransomware attacks.  And cybercriminals now are going a step further to identify and delete backup copies on endpoint systems, servers, and even NAS storage targets.  Several new ransomware variants now have this additional built-in feature.

Air gapping: What is an air gap Backup?

Have you ever heard of an air gap backup? To prevent this newly opened threat vector, enterprises have started to explore offline backups. Essentially, offline backups, or what is commonly known as air-gapped storage today. These storages are electronically disconnected or isolated copies of your data that cannot be accessed via any network or electronic connection. This makes even the most sophisticated ransomware attack incapable of wiping off all the critical data.

Think of air-gapped storage as an island that communicates with the mainland only when required. To put it simply, in air-gapped storage, you prevent hackers from accessing your backup data by creating a secondary backup in an offline location cut off from the organization’s principal or primary network.

The air gap has been recommended by the Cybersecurity and Infrastructure Security Agency of the US Department of Homeland Security.

Even so, air-gapped storage is not without challenges. The last few years have witnessed a massive increase in data volume generated by firms. Effectively managing air-gap backups with vast amounts of data is almost impossible. It is also expensive, tough to scale, and can have unacceptably slow recovery times in case of a disaster.

An increasingly popular alternative is a cloud backup.  A cloud backup has the advantage that it is automatically offsite and it offers a highly secure defense against most ransomware attacks.  Could a ransomware attack also compromise your data in the cloud?  The answer is YES, if your backup merely consists of syncing data to the cloud using solutions like Dropbox or OneDrive for Business.  Solutions like Parablu’s BluVault can give you the best of both worlds – where you can use a commercial grade backup solution with all its attendant benefits, while still being able to leverage cloud storage space you may already own – such as OneDrive for Business or Google Drive.

Good cloud backup software is designed to to use modern authentication techniques for each data transfer request and will only keep the network connection live for the period of the backup job itself.  After that the connection is severed, and the authentication keys are discarded. This way, it’s virtually impossible for ransomware to gain control over the software and use the backup channel to upload itself into the cloud target.  Even if ransomware infected files make it into the backup repository, a good backup solution will offer the solution to ‘dial back’ time – and allow a point-in-time restore to bring your data back, as it looked prior to the attack.

For this reason, cloud storage is infinitely safer against ransomware than backing up files to a local drive, SAN, or NAS storage.  Or worse, simply relying on a ‘sync’ solution.  And the level of redundancy and safeguards it offers for your data cannot be overstated.

Cloud backup vs Air Gap backup

So, does that mean a Cloud backup is superior to an Air-Gapped backup?  Frankly, it depends on each customer’s scenario.  While Air Gapping can seem technically superior on paper, as a matter of practicality, Cloud backups may make much more sense for most organizations.

At the end of the day, organizations worldwide are grappling to keep their backups secure to ensure that in case they fall victim to a ransomware attack, they don’t have to give in to the attacker, and instead just reset their systems back using their backed up data.

The threat of ransomware is far from over, and the only effective way to keep your organization safe from such attacks could be through cloud backups (or air-gapped backups). Backups, when made hard for cybercriminals to target, act as an essential insurance policy for your data, and help you defend your business from ransomware threats.

Our experts can help you develop a comprehensive security strategy to protect your sensitive data. Get in touch with us to learn more!