In the media and entertainment industry, where large volumes of valuable media files are produced, edited, and stored, data security is paramount. The rise of ransomware attacks has created significant challenges for companies handling vast libraries of high-resolution videos, audio files, and other large media assets. One of the most effective ways to safeguard this data from ransomware is by implementing a data air-gap. This blog explores the concept of a data air-gap, why it is crucial for protecting large media files, and how it can be effectively implemented in the media and entertainment industry.

What is a Data Air-Gap?

Air Gap Storage

data air-gap is a security technique that isolates a system, network, or storage device from other systems, particularly from connections to the public internet. Traditionally, the concept involves physically disconnecting a system from any network, ensuring that no outside attacker can access it remotely. However, in the context of the media and entertainment industry, the air-gap also needs to protect storage containing backup and archive data from malware-infected hosts within the customers environment.

Such an air-gapped system prevents ransomware and other malicious software from having access to the data, even if workstations are compromised. This is especially important in creative industries, where the production and storage of large files are central to the business model, and the financial implications of data loss can be catastrophic.

Why is an Air-Gap Backup Essential to Protect Data?

Large projects, such as movies, television shows and audio recordings, are often stored on centralized servers or local storage arrays. Media files are not only large but also time-consuming and costly to recreate. A ransomware attack that targets these valuable assets can cause immense damage, including production delays, lost revenue, and reputational harm. As ransomware tactics become more advanced, attackers are increasingly focusing on industries with high-value assets, making media companies prime targets.

An air-gap isolates backup systems not just from internet-based attacks, but from any potential infection originating from within the local environment. This means that even if malware makes its way into the editing or production environment, it cannot reach the air-gapped backups and destroy or encrypt the large media files backed up and archived there.

How Ransomware Spreads in Media Workflows

Understanding how ransomware spreads is key to understanding the value of air-gapping in media and entertainment. Here are some common methods:

  1. Malware Introduced via External Devices: Many media companies use external hard drives, portable SSDs and camera storage cards to transfer files between workstations and studios. These devices can unknowingly carry malware from one system to another.
  2. Infected Workstations: Even if media production systems aren’t connected to the internet, they may still be linked to internal networks. If one system is infected, through a compromised email attachment, for instance, malware can spread across the network and target file servers.
  3. Shared Storage Environments: Media production often involves large file-sharing systems where multiple team members access the same storage device. Once ransomware finds its way into such a system, it can encrypt media files across all devices connected to that storage.

Given these vulnerabilities, an air-gapped system is essential for ensuring that ransomware cannot touch critical backups, even if it spreads through the internal network.

Achieving an Effective Air-Gap for Media Storage

There are several methods to achieve an air-gap in the context of media file storage, each offering varying levels of security and practicality. Below are three primary approaches:

1. Physical Air-Gap

In a physical air-gap, backup media, such as LTO tapes or other offline storage devices, are completely disconnected from host computers. These devices are only connected when backups are being made, and once the backup is complete, they are physically removed from the system and stored in a secure location.

  • How It Works: During the backup window, media files are copied to an offline storage device. Afterward, the device is disconnected and stored securely, with no connection to the primary network.
  • Advantages: Physical air-gapping offers complete isolation, ensuring that even if ransomware infects a media production system, it cannot reach the backup data.
  • Challenges: Managing physical media can be labour-intensive and requires strict handling protocols to avoid damage or loss. Given the size of media files, large-capacity storage devices such as LTO tapes are needed.

2. Logical (Network) Air-Gap

A logical air-gap provides a virtual separation between the primary system and the backup environment. This is achieved by keeping backup systems on separate network segments with no direct connection to the main network, except during specific backup windows. Once the backup process is complete, access to the backup system is restricted, ensuring that it remains isolated from potential ransomware threats.

  • How It Works: Media files are backed up during scheduled intervals, after which the backup system is disconnected from the network until the next scheduled backup.
  • Advantages: Logical air-gapping offers a more automated solution compared to physical air-gaps, reducing the need for manual intervention. It is particularly effective for large-scale media workflows where physical media management is impractical.
  • Challenges: If the air-gap is not properly implemented or maintained, there is still a risk of ransomware spreading during the backup window when the system is connected to the network.

3. Cloud-Based Air-Gap

In cloud-based air-gapping, media files are backed up to a cloud storage system that support the locking of objects once uploaded. This means that, after the backup is complete, the cloud storage becomes un-deletable, preventing ransomware from accessing or encrypting the backup. Cloud storage vendors typically allow object locking to be configured, such that uploaded objects are locked for a fixed period, during which they cannot be removed/deleted.

  • How It Works: Media files are sent to a cloud provider that offers ‘immutable’ storage. After the backup/archive data is uploaded, the cloud system protects the objects uploaded for a set period of time..
  • Advantages: This solution is highly scalable, ideal for media companies with large data storage needs. Cloud-based air-gaps also provide redundancy and disaster recovery options.
  • Challenges: Cloud services come with latency and retrieval delays, especially when dealing with massive media files. Trust in the cloud provider’s security protocols is also essential.

Best Practices for Implementing an Air-Gap in Media and Entertainment

When implementing an air-gap for large media files, following best practices is crucial for success:

  1. Regular Backups: Regularly backup media files to ensure that you always have a recent version stored in the air-gapped environment. Archiware P5 Backup is able to backup to both LTO and cloud object storage, allowing an air-gap.
  2. Archival of completed projects to cold storage: By moving completed project work to offline storage, pressure is released on shared storage capacity and projects are retained for the long term, cost effectively. Again, the LTO and cloud support offered by Archiware P5 Archive protects with an air-gap.
  3. Test Backup Integrity: Periodically test backup and archive data to verify that they are not corrupted and can be restored when needed.
  4. Rotate Storage Media: For physical air-gaps, use a rotation system where you frequently change the storage media used for backup, avoiding a single point of failure.
  5. Monitor and Audit: Implement strict access controls and audit logs to monitor any access attempts to the air-gapped system, ensuring that it remains secure.

Conclusion: Air-Gapping for Ransomware Defense

In the media and entertainment industry, where large media files are the lifeblood of production, safeguarding this data from ransomware is critical. A data air-gap offers a robust solution that protects backups not just from internet-based threats but also from malware spreading within the internal environment. Whether through physical, logical, or cloud-based air-gapping, implementing this strategy ensures that your most valuable assets remain secure, even in the face of evolving ransomware tactics.

Data Air-Gaps: Protecting the Media and Entertainment Industry from Ransomware
Tagged on:                                 
en_US
de_DE en_US