Ransomware threats are evolving, and attackers are now targeting backups directly to maximize the amount of critical data they can steal. Once they compromise a system, they often attempt to encrypt, corrupt, or delete backup data, leaving organizations without a clear timeline for recovery. That’s why immutable backups have become essential to every modern business continuity and disaster recovery (BCDR) strategy.
BCDR solutions from ConnectWise offer an AirGap feature that combines layered authorization, enforced retention, and intelligent deception to ensure every backup remains secure, recoverable, and tamper-proof. Acting as a silent last line of defense, AirGap isolates and preserves data in an airtight archive, ready for near-instant recovery.
In this blog, we’ll break down how AirGap works, why immutability is the cornerstone of modern data backup and recovery, and how our BCDR solutions help managed service providers (MSPs) and IT teams eliminate downtime and stay one step ahead of ransomware.
Key takeaways
- Air-gapped, immutable backups serve as the last line of defense against ransomware, malware attacks, data tampering, and accidental deletions.
- AirGap separates deletion commands from the actual mechanics of data removal, using honeypots and safety archives to mislead attackers.
- x360Recover and x360Cloud store backups as independent, proprietary snapshots using chain-free technology from ConnectWise, ensuring each restore point is tamper-proof.
- Rapid recovery in as little as 15 minutes minimizes downtime and financial impact in the event of a breach.
- AirGap is built into ConnectWise solutions and ready for MSPs and enterprise IT providers, offering cost-effective peace of mind and compliance tools for businesses of all sizes.
What is AirGap?
In data recovery, an airgap refers to a layer of protection where backup data is stored on systems or media that are completely isolated from the primary network and production environment. By physically or logically separating backups from everyday systems, air-gapped data remains unreachable for cyberthreats such as ransomware, ensuring that a clean, uncompromised copy is always available for recovery.
The AirGap technology used by x360Recover and x360Cloud takes this concept further by automating and enforcing it through built-in immutability, authorization controls, and deception-based protection. It serves as a dedicated isolation layer within the ConnectWise backup architecture, providing an always-available recovery source that cannot be altered, overwritten, or permanently deleted.
Additional safeguards, such as honeypots, create the illusion of successful deletion while the real data remains secure in a protected, air-gapped archive. This deception ensures attackers believe their actions succeeded. By ensuring backups are both immutable and resilient against deletion, AirGap enables MSPs and IT teams to rapidly restore critical systems after a cyberattack or mistake, providing confidence that recovery is always possible.
Third-party security testing performed by FRSecure confirms that even with full administrative access, backup data using the AirGap feature could not be fully erased. In one test, attackers thought they had succeeded in deleting data, but x360Recover immediately restored a clean backup from the secure archive using AirGap technology.
How does AirGap work?
Traditional backup deletion models rely on immediate or single-step confirmation, leaving them vulnerable to cybersecurity and insider threats. AirGap helps stop cybercrime by introducing multiple layers of misdirection, verification, and isolation. The result is a system where attackers think they’re triumphant, but the immutable backups remain untouched and safe.
Chain-free ZFS snapshots for immutability
AirGap technology achieves immutability through patented chain-free ZFS snapshots, which eliminate the dependency on traditional incremental backup chains that can be corrupted, deleted, or broken. In chain-based systems, each backup relies on the one before it, meaning a single damaged link can compromise the entire recovery set.
With ZFS’s copy-on-write architecture, each snapshot captures a complete, point-in-time view of the file system without overwriting existing data blocks. These snapshots are immutable by design, meaning they cannot be altered once written, and they are stored separately from the live production environment in a secure, isolated archive.
Because each snapshot stands alone, recovery does not depend on rebuilding a chain of backups, which not only speeds up restoration but also ensures data integrity even if earlier snapshots are lost or tampered with. Within the AirGap feature of x360Recover, these chain-free snapshots form the foundation of protection. Backups remain intact and recoverable, making recovery more reliable than ever.
Multi-step verification for backup deletion confirmation
One of the most powerful elements of AirGap technology is that no backup data is ever deleted immediately. Instead, every deletion request, whether intentional or malicious, must pass through a multi-step verification process. Here’s how it works:
- Request interception: When a deletion command is issued, AirGap prevents it from acting directly on the backup data. Instead, the request is intercepted and redirected into a secure safety archive.
- Delayed execution: Rather than deleting data instantly, AirGap places the request into a timed holding pattern. This delay provides administrators with the opportunity to review activity and stop any suspicious or unauthorized actions before data is lost.
- Validation checks: During the delay period, the system evaluates the request against multiple criteria, including user credentials, access history, and anomaly detection. If something appears out of place, it can be automatically flagged or blocked for deletion.
- Honeypot feedback: To attackers, the system responds with a “false success” message, convincing them that the deletion has gone through. Using this strategy, bad actors stop their attack, assuming they’ve succeeded, but thanks to AirGap, backups are safe.
By separating intent from action and building in a human- and system-driven verification step, AirGap ensures that only legitimate, carefully reviewed deletion requests are executed. This process turns what used to be a single point of vulnerability into a layered, resilient safeguard against both mistakes and malicious attacks.
In addition to these verification layers, AirGap technology enforces a minimum retention period through its safety archive. Even after deletion is authorized, backup data remains recoverable for a defined time window, ensuring protection against accidental deletion, insider misuse, or human error. This human-factor safeguard provides an added layer of assurance that critical data cannot be prematurely removed from recovery readiness.
Off-site replication for flexibility
x360Recover and x360Cloud are integrated with AirGap to ensure that off-site replication is both seamless and highly secure. Backups are first captured locally on an appliance or vault, then automatically replicated to the ConnectWise secure off-site cloud for disaster recovery. This off-site replication process uses block-level deduplication and compression to minimize bandwidth usage and accelerate transfers, making it an efficient method for managing multiple clients or environments. Once replicated, those backups are stored in the ConnectWise cloud as immutable snapshots, where this feature adds an additional layer of protection.
AirGap technology also ensures that even in the cloud, data cannot be immediately or permanently deleted. Replicated cloud data isn’t just stored off-site; it’s protected against tampering, giving MSPs and IT teams confidence that a true, undeletable copy of data always exists. This practice enables fast, flexible recovery from local appliances or the cloud, with the assurance that replicated off-site backups are immutable and recoverable.
Built-in automatic protection for speed and security
Perhaps the most overlooked, but most valuable, AirGap capability is that it’s always on. Unlike other backup tools that require admins to configure complex immutability policies, retention rules, or secondary storage, AirGap is enabled by default across all x360Recover and x360Cloud deployments. There are no add-ons, no optional settings to toggle, and no risk that a technician forgets to turn it on. With zero configuration risks, AirGap technology eliminates the possibility of accidental gaps in coverage.
For MSPs, automated protection means you don’t have to spend time auditing backup configurations or managing multiple immutability policies across clients. It’s a “set it and forget it” safeguard that scales effortlessly across environments. Every client benefits from the same level of protection, regardless of size, industry, or backup frequency. That consistency simplifies service delivery, compliance reporting, and customer reassurance. Furthermore, because AirGap is integrated into the core architecture of x360Recover and x360Cloud, and doesn’t require additional cost, complexity, or dedicated resources, MSPs can advertise immutable, air-gapped backups as a built-in differentiator without inflating costs.
Rapid recovery for uninterrupted business continuity
AirGap technology isn’t just about protecting data; it’s about restoring data backups quickly when every second counts. In the event of a ransomware attack, accidental deletion, or system failure, x360Recover and x360Cloud enable IT teams to restore systems in as little as 15 minutes thanks to AirGap technology. This speed comes from the way backups are stored as independent, immutable snapshots that can be spun up immediately without relying on fragile chains or lengthy rebuilds.
For MSPs and enterprise IT teams, downtime can be dramatically reduced, productivity rebounds faster, and the financial and reputational impact of disruption is minimized. Rather than scrambling to piece together data from multiple points, or worse, paying a ransom, organizations can return to full operations almost immediately. This rapid recovery capability transforms AirGap from a passive security feature into an active business continuity strategy, giving service providers confidence that they can deliver on their uptime promises even in high-pressure scenarios.
Add BCDR solutions from ConnectWise to your stack
AirGap technology changes the conversation about data protection from being reactive to proactive. For enterprise IT teams and MSPs, it represents more than just another backup feature; it’s a built-in necessity that outsmarts bad actors, eliminates single points of failure in your architecture, and protects your data and business.
Because AirGap protection is natively integrated into x360Recover, IT providers gain enterprise-grade immutability without additional licensing, hardware, or configuration costs. Whether deployed on-premises, in the cloud, or across hybrid environments, AirGap delivers the same level of protection with maximum flexibility and minimal overhead, reducing total cost of ownership while simplifying compliance and recovery management.
The best way to appreciate its impact is to see it working in real time. Join a live BCDR demo or reach out to speak with a product specialist who can answer your questions about AirGap, x360Recover, and x360Cloud.
