Air Gap – The physical separation between a storage device and an IT network so that there is no electrical signal connection whatsoever between the two, meaning that the contents of the storage medium cannot be changed. For example, tape cartridges stored in tape libraries are placed in shelves. They are offline in the shelves, and hence air-gapped from any network access. If users need to instantiate a tape backup or restore, then the library gets sent commands, selects and moves a tape cartridge to a drive, and carries out the directed operation. If the tape cartridges are physically removed from the library then they cannot have their contents changed at all.
A virtual air gap is where there is an electrically signalling connection to the storage drive, but it is somehow logically separated from the user’s own IT network so that it is invisible to it and its contents cannot be changed. This is less secure than a physical air gap, as the intermediary organization is connected to the user’s network and could receive commands to alter a virtually air-gapped storage drive’s contents, or the air gapped-data’s access privileges so as to alter its status or contents.
