Skip to content
Back to glossary
Security

What is Air-gapped?

An air-gapped infrastructure is physically isolated from any external network, including the internet. A security standard for critical and regulated environments.

What an air-gapped infrastructure does

The term air-gapped describes a computing environment with no network connection to the internet or to standard enterprise networks. The isolation is physical: no routable cable to the outside, no Wi-Fi, no active Bluetooth. Data enters and leaves only through controlled transfer (scanned USB key, unidirectional network diode, application gateway).

The goal is to neutralise an entire class of threats: data exfiltration by malware, remote command-and-control, intrusion via internet-exposed zero-day vulnerability. If the environment has no network path outside, these attack vectors become inoperable by construction.

Typical use cases

Sensitive regulated sectors. Defence, intelligence, critical infrastructure (energy, water distribution, telecommunications). Some contractual or legal obligations mandate air gap.

Ultra-confidential data. Law firms on strategic cases, private banks holding highly sensitive client information, research medicine on identifiable patient cohorts. The exfiltration risk justifies the increased operational friction.

Industrial systems (OT/ICS). SCADA, programmable logic controllers, production lines. The air gap protects physical production against cyber attacks. Although IT/OT convergence blurs that boundary, air gap remains the reference for critical ICS environments.

Ultimate backup. An air-gapped backup copy (immutable, offline) protects against ransomware that encrypts all online-accessible backups. This practice, called "immutable backups" or "air-gapped vault", has become a standard post-2022.

Air gap and Kubernetes

Running Kubernetes in an air-gapped environment poses specific challenges:

  • Private image registry: no image can be pulled from Docker Hub. All images must be pre-positioned in an internal registry (Harbor, Quay) with a controlled update process.
  • Private Helm charts: same logic, no direct download from Artifact Hub. An internal Helm repository mirrors validated charts.
  • Kernel and OS patches: no yum update / apt update to the internet. An internal mirror reflects validated packages.
  • Logs and monitoring: no shipping to external SaaS (Datadog, New Relic). 100% internal stack (Prometheus, Loki, Grafana).
  • Kubernetes upgrades: downgrade impossible, so rigorous testing before every upgrade.

Operational effort is typically 2 to 3 times higher than a non-air-gapped cluster. Hidora operates several air-gapped environments for Swiss public-sector and financial clients via suited K8s distributions (RKE2, OpenShift) and automated image-propagation pipelines.

Air gap vs private network

Many organisations talk about an air gap when they actually mean an isolated private network (VLAN, dedicated VPN, segment behind a firewall). That is logical isolation, not physical. The difference matters: an "isolated" VLAN still exposes an attack surface through routing equipment, whereas a true air gap removes that surface.

For use cases where the security/productivity trade-off leans toward productivity, a private network is usually enough. For use cases where the trade-off leans toward maximum security, air gap remains the reference.

Related Hidora services

  • Consulting: air-gapped architecture design, selection of a suitable Kubernetes distribution, image-propagation pipeline setup.
  • Managed Services: operation of air-gapped environments for regulated clients with dedicated procedures.
  • Sovereign Cloud, Kubernetes, DRP: related building blocks in a strong sovereignty strategy.