It's a very good question to ask, Tony.

For the uninitiated, air-gapping is the complete disconnection of a computer or storage from any network so as to isolate it. Typical uses are to isolate a laptop with very sensitive data on it, or to test potential malware on it, or when applied to storage to safeguard it from being tampered with.

At work, we use air gapping to protect important backup data, so that during a potential attack not all backups could be identified and destroyed, rendering us helpless in the face of the ransom demand. We do it two ways: our cloud backup service does automatic air-gapping of our 7th oldest daily backup so that even we cannot access it. It would require us to request access, once systems are running and malware removed, to be able to restore our data.

Secondly, my infrastructure guy and I each carry a 12TB backup drive caddy in our cars at all times, encrypted of course. This simple and antiquated sounding strategy works very well for quick access to our total server backups, should we need. A third caddy kept in the fire safe gives additional air-gapping.

Finally, we use a laptop with no connection to the network, either via cable or wi-fi, if we want to test a USB drive with a potential payload. That laptop is then wiped and rebuilt with MDT to clean it afterwards.

You can never have too many backups!