What is offline secure storage?

Offline secure storage (OSS) is a data protection method where data is physically disconnected from the internet when not in use. Unlike cloud storage, data stored offline has zero remote attack surface — it cannot be hacked, ransomed or accessed remotely because it is not connected to any network. Firevault provides this through hardware-encrypted vaults that are physically isolated.

How does Firevault protect against ransomware?

Firevault protects against ransomware by physically disconnecting your data from the internet. Ransomware can only encrypt data it can reach over a network. When your data is stored offline in a Firevault, ransomware attacks cannot reach it. Even if your entire network is compromised, your offline vault remains untouched and intact.

How much does Firevault cost?

Firevault Vault starts from £75 per month (inc VAT) for individuals. Business Storage starts from £360 per month (inc VAT). Enterprise Platform pricing is available on request. All plans include hardware encryption, identity verification, and physical disconnection by default.

Who is Firevault designed for?

Firevault is designed for individuals protecting passports, wills and crypto keys; professionals such as solicitors, accountants and consultants protecting client data; SMEs and businesses protecting crown jewel data; and regulated industries including healthcare, financial services and legal sectors requiring offline backup for compliance with GDPR, NIS2, DORA and FCA regulations.

Is Firevault GDPR compliant?

Yes. Firevault is designed to support GDPR compliance by keeping sensitive personal data physically isolated and offline. Physical disconnection ensures data is not exposed to network-based attacks, supports data minimisation principles, and provides an audit trail of access. Firevault is also designed to support NIS2, DORA, FCA and SRA compliance requirements.

What is a physical air gap?

A physical air gap is a security measure where a computer or storage device is completely isolated from the internet and all unsecured networks. Unlike a logical or software air gap, a physical air gap cannot be bridged remotely. Firevault uses a Layer 1 physical air gap — your data is stored on hardware that is physically disconnected from any network when not in active use.

Control

Control the Path.
Protect the Asset.

A nine-module system designed to govern how systems connect, how data moves, and how critical assets are protected when risk is at its highest.

Control brings together two layers of enforcement. One controls the path. The other protects the asset. Together, they reduce exposure, contain incidents, manage access, and secure what matters most.

DISCONNECT TO PROTECT

Disconnect to Protect. Retain Control.

A modular control layer for enterprise and security teams. Nine modules governing how data is accessed, moved and disconnected across OT, CNI and defence infrastructure.

Control is built for environments where risk cannot be managed through software alone. It provides a structured way to govern connectivity, access, movement, storage, and response using a system of modules that can be combined into real-world blueprints.

Every security tool apart from Control monitors, alerts, or restricts. Control changes what can happen in the first place.

Physics, not promises.

Two Layers. Nine Modules.

A complete control system

Control is made up of nine modules across two distinct layers.

FIRE Layer

Controls the path

The FIRE layer controls the path. It governs when systems connect, how access is opened, when environments are separated, and how action is taken during live conditions.

VAULT Layer

Protects the asset

The VAULT layer protects the asset. It governs how data is transferred, locked, disconnected, archived, and held securely when exposure is not acceptable.

fire

Controlled Offline Access

vault

Secured Offline Data

Fracture

Break. Segment. Contain.

Isolate

Disconnect. Shield. Protect.

Relay

Route. Control. Enforce.

Execute

Trigger. Act. Terminate.

Vault

Store. Secure. Protect.

Unlink

Detach. Revoke. Clean.

Control the path

The FIRE layer governs connectivity and behaviour across the environment. It determines when something can connect, when it must be cut off, and how exposure is reduced before a threat becomes a crisis.

Fracture

Breaks connection paths to remove trust and stop attack progression.

Isolate

Separates systems and environments to contain risk and prevent spread.

Relay

Enables controlled, time-bound access when needed, without leaving systems exposed.

Execute

Triggers immediate control actions during live conditions and incidents.

The VAULT Layer

Protect the asset

The VAULT layer governs how data and digital assets are handled, secured, and preserved.

Transfer

Controls how data moves between environments without creating exposure.

Lock

Restricts access based on identity, purpose, and condition.

Unlink

Removes persistent connections to reduce standing exposure.

Vault

Protects critical assets in a controlled, offline environment.

What Are You Trying to Control?

Start with the outcome

Different environments require different types of control. The system is designed to meet those needs through structured blueprints.

Stop ransomware spreading across your network

Contain a breach before it escalates

Control third-party and vendor access

Protect OT and critical infrastructure systems

Secure leadership and operational data

Prove compliance without exposing systems

Control Blueprints

Pre-defined ways to apply control

Blueprints combine modules from both layers to solve real-world challenges.

See how Control is applied across critical infrastructure, OT, and IT environments.

Explore Control solutions by sector

Why Control Exists

Because connected systems are reachable systems

Most security strategies focus on protecting connected environments. Control starts by reducing what is connected in the first place.

If a path does not need to remain open, it should not remain open.

If access does not need to be persistent, it should not be persistent.

If an asset is too valuable to leave exposed, it should not be exposed.

That is the principle behind Control.

Take control before control is taken from you

Explore how Control can be applied to your environment.

Control the Path.Protect the Asset.

Disconnect to Protect. Retain Control.

A complete control system

FIRE Layer

VAULT Layer

Control the path

Fracture

Isolate

Relay

Execute

Protect the asset

Transfer

Lock

Unlink

Archive

Vault

Start with the outcome

Pre-defined ways to apply control

Because connected systems are reachable systems

Take control before control is taken from you

Control the Path.
Protect the Asset.