Introducing

Air Gap Recover

by Databarracks

Your Backups Are
Under Attack

94% of ransomware attacks now target backups. 57% succeed. Air Gap Recover makes them untouchable.

SOPHOS 2024 | 94% BACKUP ATTACKS | $2M MEDIAN RANSOM

94% target backups

57% succeed

8× higher recovery cost when backups are compromised

What Is

Air Gap Recover?

THE PROBLEM

AWS Backup = same account
Compromised creds = lost backups
No true isolation
Compliance gaps

OUR APPROACH

100% AWS-native services
Two separate AWS Orgs
CRR + snapshot sharing
Zero-trust model

THE RESULT

Invisible to attackers
15-min RPO, <1hr RTO
Compliance-ready
Managed for you

Problem → Approach → Result

Two organisations. Complete isolation. 100% AWS-native.

YOUR AWS ORG

Production Environment

S3 / RDS / Aurora / EBS / EFS / Git

CRR + SNAPSHOT SHARING

→

VAULT ORG

Isolated Recovery Vault

Separate AWS OrgRe-Encrypted (Your Keys)Immutable (WORM)

S3 → Cross-Region Replication

Real-time object replication with Object Lock immutability

RDS/EBS → Snapshot Sharing

Native snapshots re-encrypted with your KMS keys

Zero Network Connectivity

No IAM trust, no VPN, no shared credentials

Two replication methods. One air-gapped vault. Every AWS data service covered.

How It Works

Four Steps to Air-Gapped Protection

Tag & Discover

Tag resources with DisasterRecovery:Protection=true. Lambda auto-discovers S3 buckets, RDS databases, EBS volumes, and more.

SELF-SERVICE

Replicate

S3 objects replicate via CRR in near real-time. RDS/EBS snapshots are created and shared cross-account automatically via DLM.

15 min RPO

Encrypt & Lock

Vault Lambda re-encrypts all data with your customer-managed KMS keys. S3 Object Lock and SCPs prevent deletion by anyone — including root.

YOUR KEYS

Recover

Terraform-orchestrated recovery rebuilds your full environment. Clean room option scans for malware before restoring to production.

<1hr RTO

99.99% SLA | <1hr RTO | 15min RPO

Why Not Just Use AWS Backup?

Separate AWS Organisation

vs AWS BACKUP

Different org = different auth boundary
Compromised creds can't reach vault

Separate org Same account

Your Own Encryption Keys

vs AWS-MANAGED KMS

Customer-managed KMS re-encryption
Even we can't decrypt your data

Your KMS keys AWS-managed keys

CRR + Native Snapshots

vs AGENT-BASED TOOLS

S3 CRR for object storage, native snapshots for DB/block
No agents, no VPNs, no bandwidth overhead

AWS-native replication Agent overhead

Zero-Trust MSP Model

vs TRADITIONAL MSPs

We trigger Lambda — we never touch your data
15-min credentials, one-way sharing, CloudTrail audit

Zero data access Full admin access

Compliance built in

Meet controls for ISO 27001, NIST CSF, SOC 2, HIPAA, GDPR & DORA — not weeks of manual prep

WITHOUT AIR GAP RECOVER

Week 1-2: Manual evidence gathering
Week 3: Planning DR test around operations
Week 4: Disruption, gaps, audit findings

80%

REDUCTION

Weeks → Hours

WITH AIR GAP RECOVER

Automated compliance reports
Continuous non-disruptive DR testing
Real-time Power BI dashboards
Exportable audit evidence

ISO 27001:2022

A.8.13 Backup

NIST CSF

PR.IP-4

GDPR

Art. 32

HIPAA

§164.308

SOC 2

CC7.2 / CC7.3

DORA

Art. 11-12

Continuous DR drills | 100% automated | Real-time evidence

70% lower cost than traditional DR

No hot standby infrastructure. No agents. Pay only for what you protect.

Traditional

TRADITIONAL DR

£14,000/mo

Hot standby infrastructure
Annual DR testing only
Same auth boundary — vulnerable

70%

Savings

£9,150/month

Recommended

AIR GAP RECOVER

£4,850/mo

Pay-per-use storage only
Continuous DR testing
True air-gapped isolation

S3: £25/TBRDS: £150/TBAurora: £50/TBEBS: £100/TBEFS: £25/TBGit: £2.5/repo

Days or weeks to restore

Terraform-orchestrated, tested quarterly

Let's protect your AWS infrastructure

Free DR Review

30-minute assessment

Current risk analysis
Gap identification
Tailored recommendations

Proof of Concept

4-week pilot

Your AWS environment
Live replication demo
ROI analysis

Go Live

4-6 weeks deployment

Full service coverage
24/7 UK support
Compliance evidence