Air-Gapped Deployment
An air-gapped deployment is a system architecture where analytics or data systems operate in complete isolation from the internet and external networks, preventing data exfiltration and unauthorized access.
Air-gapped deployments physically and logically separate systems from network connectivity, creating an isolated environment where no direct connection exists to the internet or other external networks. This approach is used in high-security environments like government agencies, national laboratories, and financial institutions where data cannot be exposed to external threats. In an air-gapped analytics environment, data flows through controlled ingress and egress points: new data enters only through approved channels like physical media or secure transfers, and results leave only through manual review and approval processes.
Maintaining analytics capabilities in air-gapped environments presents operational challenges: software patches and updates cannot be automatically downloaded, dependencies must be pre-staged, and data scientists cannot access cloud services, external libraries, or collaboration platforms. Despite these constraints, air-gapped deployments remain essential for handling the most sensitive information. Organizations often use hybrid approaches where non-sensitive work occurs in connected environments while sensitive analysis happens in air-gapped systems, connected only through carefully controlled transfer points.
Key Characteristics
- ▶No direct internet connectivity or connection to external networks
- ▶Data ingress and egress controlled through manual transfer or approved devices
- ▶Prevents automated attacks, malware downloads, and unauthorized data exfiltration
- ▶Requires pre-staging all software, libraries, and updates
- ▶Increases operational overhead for provisioning, patching, and support
- ▶Demands strict procedures for physical and logical access control
Why It Matters
- ▶Provides highest level of protection for extremely sensitive information
- ▶Eliminates threat vector of external attackers gaining network access
- ▶Prevents data exfiltration through internet connections and cloud services
- ▶Meets requirements for classified information in government and defense sectors
- ▶Reduces risk of supply chain attacks and compromised dependencies
- ▶Enables operation of critical systems even during widespread cyberattacks
Example
A national security agency operates an air-gapped analytics system for analyzing classified signals intelligence data. The system has no network connection. Analysts bring classified data to the facility on encrypted removable media, load it into isolated systems through controlled transfer stations, perform analysis, and export results to approved classified networks through separate transfer equipment. All software and updates are vetted, digitally signed, and pre-staged on-site before installation.
Coginiti Perspective
Coginiti operates in air-gapped environments on on-premises infrastructure with no internet access, enabling organizations to maintain analytics capabilities for classified and extremely sensitive data. The platform works with air-gapped versions of connected platforms like Snowflake or Databricks; software updates and dependencies can be pre-staged offline, allowing organizations to maintain semantic intelligence and analytics governance without requiring network connectivity.
Related Concepts
More in Security, Access & Deployment
Attribute-Based Access Control (ABAC)
Attribute-Based Access Control is an access model that grants permissions based on attributes of the user, resource, action, and environment, evaluated using policies rather than predefined roles.
Column-Level Security
Column-Level Security is a data access control mechanism that restricts which columns a user can access within a table based on their role, department, or other attributes.
Data Masking
Data masking is a data security technique that obscures or redacts sensitive information within datasets while preserving data utility for analytics, testing, or development purposes.
Data Privacy
Data privacy is the right of individuals to control how their personal information is collected, processed, stored, and shared by organizations, enforced through legal frameworks and technical safeguards.
Data Security
Data security is the practice of protecting data from unauthorized access, modification, or destruction through technical controls, policies, and organizational procedures.
Encryption (At Rest / In Transit)
Encryption is a cryptographic process that converts readable data into ciphertext to protect confidentiality, with data at rest referring to stored information and data in transit referring to information moving across networks.
See Semantic Intelligence in Action
Coginiti operationalizes business meaning across your entire data estate.