Air-gapped backups protect your data when cybercriminals target your backup infrastructure first. The most sophisticated attacks identify and infect backup repositories before triggering a full attack. If your backups are network-connected, they are reachable. If they are reachable, they are at risk.
An air-gapped solution is the full architecture, processes, and tooling that enable an organization to create and recover from air-gapped backups at operational scale. The term encompasses more than storage media; it includes the policies, automation, testing, and recovery workflows that make isolation a practical, sustainable posture rather than a theoretical one.
With backups specifically, air-gapped means that the backup copy is stored in a location that has no live connection to your production network, your internet-connected infrastructure, or any system that a remote attacker could reach.
The traditional on-premises model involves writing backups to tape or removable disk, automating the ejection and vaulting process, and storing media offsite in a physically secure facility. This model offers isolation but introduces operational complexity: media management, rotation schedules, vault logistics, and the latency of physical retrieval during a recovery event.
Modern air-gapped solutions have evolved beyond physical tape. Cloud-delivered air-gap architectures use logical isolation, such as strict network segmentation, tenant isolation, immutable storage policies, and automated data vaulting, in environments with no persistent connection to the production tenant.
This is the model that underpins purpose-built Cyber Recovery as a Service platforms. Rather than physical disconnection, data is replicated into an isolated cloud vault that is operationally air-gapped: no production credentials, no network path, and no administrative account can reach it directly. The vault is only accessible through a tightly controlled recovery workflow.
Most enterprise organizations operate a hybrid model: cloud-delivered air-gap vaults for operational data and rapid recovery, combined with physical media or offline cold storage for archival and long-retention compliance copies. This approach balances the recovery speed advantages of cloud delivery with the absolute isolation assurance of physical disconnection for the most sensitive data tiers.
The critical design principle in any air-gapped solution is that the protected copy must be unreachable by the same credentials, network paths, and administrative accounts that govern the production environment.
These two terms are frequently conflated, but they describe distinct protection mechanisms that address specific threat scenarios. Understanding the distinction is critical for designing a backup posture that actually holds up under attack.
Air-gapped and immutable backups are both essential components of a layered cyber resilience strategy, but neither alone is sufficient for the full threat landscape. Here is how they compare:
| Feature | Air-Gapped Backup | Immutable Backup |
|---|---|---|
| Physical Isolation | Yes, completely disconnected | No, remains network-connected |
| Write-Protection | By disconnection | By policy/WORM lock |
| Ransomware Defense | Very high, unreachable | High, unwritable |
| Recovery Speed | Moderate (manual reconnect) | Fast (always online) |
| Compliance Fit | Highest-assurance environments | Standard regulatory mandates |
| Best For | Critical/classified data | Operational backup tiers |
An immutable backup is a copy of data that cannot be modified or deleted for a defined retention period. Immutability is typically enforced through WORM (Write Once, Read Many) storage technology or object-level locking in cloud storage platforms. Once written, the data is locked: no administrator, malware, or ransomware can alter or erase it until the retention period expires.
Immutable backups remain network-connected. They live in your cloud storage environment, accessible to your backup systems, just unwritable. This means they are reachable by an attacker with sufficient access and, in certain situations, can be compromised or rendered unrecoverable.
Air-gapped backups provide isolation; they are unreachable. Immutable backups provide integrity; they are unalterable. Both protect against different attack vectors. Xigent’s CRaaS includes both, so your organization can stay fully protected and unreachable.
Ransomware that encrypts backup storage will fail against immutable data, because it cannot overwrite the locked copies. But a sophisticated attacker who exfiltrates data and then threatens to publish it may still access immutable copies via a network path. An air-gapped copy, by contrast, was never reachable from the network in the first place; exfiltration from it requires physical access to the isolated environment.
For most threat models, immutable backup is the baseline. Air-gapped backup is the highest-assurance layer, reserved for the most sensitive data sets and the most demanding recovery scenarios.
Enterprise organizations managing regulated data, such as personal health information, financial records, classified or sensitive government data, should operate both layers. Immutable backups cover the operational tier: fast, always-on, policy-protected copies that enable rapid recovery from most incidents. Air-gapped backup covers the crisis tier: the clean, unreachable copy of last resort that survives even a complete compromise of the production environment.
If a ransomware group compromises your environment, moves laterally for 90 days, and then detonates, the question is not whether your immutable copies survived modification. The question is whether an attacker had 90 days of network access to a copy they could eventually reach. Air-gapped backup eliminates that question.
Understanding air-gapped backup at a conceptual level is straightforward. Implementing it at enterprise scale, with reliable recovery, tested failover, and continuous monitoring, is where most organizations struggle.
Xigent’s Cyber Recovery as a Service (CRaaS) is designed specifically for this challenge. It delivers air-gapped protection through a cloud-based architecture that isolates data from the production environment, maintains real-time recovery points, and enforces recovery workflows that guarantee clean, uncompromised restoration.
Backup as a Service (BaaS) and Disaster Recovery as a Service (DRaaS) solve important problems, but they were designed for a pre-ransomware threat model. They protect against hardware failure, accidental deletion, and site-level outages. They assume the backup itself is trusted.
CRaaS operates on a different assumption: that the production environment may be entirely compromised, including all credentials, administrative access, and connected backup systems. The recovery target must be a clean environment that was never reachable by the attack.
One of the most common failures in enterprise backup strategy is the assumption that a backup works because it ran. Xigent’s CRaaS includes mandatory failover testing, scheduled, documented recovery exercises that confirm not only that data was written, but also that it can be restored within recovery time objectives.
Continuous 24/7 monitoring provides real-time visibility into backup job health, anomaly detection on data ingestion patterns, and alerting when backup integrity is at risk. The combination of isolated architecture, tested recovery, and continuous monitoring distinguishes a cyber recovery posture from a standard backup program.
Most organizations discover gaps in their backup posture only after an incident. Xigent’s Cyber Recovery as a Service (CRaaS) delivers air-gapped & immutable backup protection, real-time recovery points, and 24/7 monitoring, so you’re ready before an attack, not scrambling afterward. Explore the full benefits of Cyber Recovery as a Service (CRaaS)