What is an Air Gap? | IBM
Security
Storage
What is an air gap?
Authors
Mesh Flinders
Staff Writer
IBM Think
Ian Smalley
Staff Editor
IBM Think
What is an air gap?
Air gapping, or creating an air gap, refers to the physical isolation of computer systems or networks so they can’t physically connect to other computer systems or networks.
Air gaps are typically used by organizations to prevent malicious actors, such as hackers, viruses or natural disasters from causing irreparable harm to digital assets. Many air gap backups help protect highly classified information, including military secrets, financial data and systems that control critical pieces of infrastructure like water storage, nuclear power and aviation.
What is an air gap backup?
Air gap backups are a data storage tactic that’s typically used in disaster recovery (DR) to help organizations prevent data loss and business disruption during a catastrophic event. In an air gap backup, critical information is copied and stored on a system or air gapped network not easily accessible over the internet, but where an organization can access it once the threat has passed.
Air gapping versus air-gapped networks
Air gapping refers to the physical separation of computers and networks, while air-gapped networks are networks that have been isolated from all external networks, including cloud and wifi. Air-gapped networks are disconnected from the internet and provide a strong layer of protection from a broad range of cybersecurity threats.
Would your team catch the next zero-day in time?
Join security leaders who rely on the Think Newsletter for curated news on AI, cybersecurity, data and automation. Learn fast from expert tutorials and explainers—delivered directly to your inbox twice weekly. See the IBM Privacy Statement.
Thank you!
You are subscribed.
Why is air gapping important?
Air gapping helps protect organizations from financially crippling ransomware attacks, where data is held hostage by someone with unauthorized access until an organization agrees to pay. This year, Verizon reported that ransomware attacks remained a top threat across 92% of industries.1 And they're expensive: According to the Cost of a Data Breach Report, the global average cost of a data breach in 2024 was USD 4.8 million, a 10% increase over last year and the highest total ever.
Ransomware attacks occur when hackers breach a system with malware, copying sensitive information and restricting physical access to authorized users. Some hackers have demanded double and even triple extortion fees to restore access to sensitive information. In some cases, when stolen data is sensitive, hackers have threatened to leak it to increase the victims’ incentive to pay.
While air gapping can’t stop all ransomware attacks and data breaches, it can help lessen their impact, especially when combined with other network security measures and disaster recovery tactics designed to prevent the stealing of sensitive data.
Disaster recovery and air gapping
Air gapping plays a critical role in many disaster recovery (DR) plans, helping organizations create reliable, offsite backups to help them recover from a disruptive event. Like cloud storage, air gap backups provide redundancy, the duplication of critical systems and data that can’t be altered or deleted without permission.
When used as part of a comprehensive DR approach, air gapping is a strong data protection tool, helping keep organizations safe from cyberattacks, efforts to steal, expose, alter, disable or destroy data or digital devices. Air-gapped systems provide a vital layer of defense in addition to firewalls, safeguarding data from human error and the vulnerabilities of untrusted networks.
Security Intelligence | 20 May, episode 34
Your weekly news podcast for cybersecurity pros
Whether you're a builder, defender, business leader or simply want to stay secure in a connected world, you'll find timely updates and timeless principles in a lively, accessible format. New episodes on Wednesdays at 6am EST.
Watch the latest podcast episode
How does air gapping work?
Air gapping a computer or network involves three fundamental steps: isolation, restriction and data flow. Here’s a closer look at each one.
Isolation
To control access to a computer or network, the first step is to physically isolate it from others. Critical data and systems need to be physically separate to be secure, but they don’t necessarily need to be in another location. Some organizations keep air-gapped backups in secure locations in the same building as non-air-gapped computers. Others prefer to keep them offsite, in another location, such as a different company office or data center.
Connectivity
Air gapping a computer or network means severely limiting or cutting off altogether its connectivity to other computers and networks. Air-gapped networks, for example, typically have a limited number of access points that are kept restricted to a...