What is offline secure storage?

Offline secure storage (OSS) is a data protection method where data is physically disconnected from the internet when not in use. Unlike cloud storage, data stored offline has zero remote attack surface — it cannot be hacked, ransomed or accessed remotely because it is not connected to any network. Firevault provides this through hardware-encrypted vaults that are physically isolated.

How does Firevault protect against ransomware?

Firevault protects against ransomware by physically disconnecting your data from the internet. Ransomware can only encrypt data it can reach over a network. When your data is stored offline in a Firevault, ransomware attacks cannot reach it. Even if your entire network is compromised, your offline vault remains untouched and intact.

How much does Firevault cost?

Firevault Vault starts from £75 per month (inc VAT) for individuals. Business Storage starts from £360 per month (inc VAT). Enterprise Platform pricing is available on request. All plans include hardware encryption, identity verification, and physical disconnection by default.

Who is Firevault designed for?

Firevault is designed for individuals protecting passports, wills and crypto keys; professionals such as solicitors, accountants and consultants protecting client data; SMEs and businesses protecting crown jewel data; and regulated industries including healthcare, financial services and legal sectors requiring offline backup for compliance with GDPR, NIS2, DORA and FCA regulations.

Is Firevault GDPR compliant?

Yes. Firevault is designed to support GDPR compliance by keeping sensitive personal data physically isolated and offline. Physical disconnection ensures data is not exposed to network-based attacks, supports data minimisation principles, and provides an audit trail of access. Firevault is also designed to support NIS2, DORA, FCA and SRA compliance requirements.

What is a physical air gap?

A physical air gap is a security measure where a computer or storage device is completely isolated from the internet and all unsecured networks. Unlike a logical or software air gap, a physical air gap cannot be bridged remotely. Firevault uses a Layer 1 physical air gap — your data is stored on hardware that is physically disconnected from any network when not in active use.

Back to Guides

Guidesadvanced

fv-PaaS Buyer's Guide

A decision-maker's guide to the Firevault Platform for regulated industries. Learn how nine modular components provide physical control over data paths and asset protection.

18 min read

Executive Summary

Who this guide is for: CISOs, Risk and Compliance Officers, Governance Leaders, and technology decision-makers in heavily regulated industries.

What you will learn: How the Firevault Platform (fv-PaaS) provides modular, physical control over data flows and asset protection, beyond what software policies can achieve.

Key takeaway: fv-PaaS delivers physical path control, not software policies. Nine modules govern when data can flow, who can access assets, and how to protect what matters most.

What is fv-PaaS?

fv-PaaS (Firevault Platform as a Service) is a modular, offline-first platform built for enterprise-grade, multi-site deployments across governments, enterprises, and critical infrastructure.

The platform comprises nine modules that control:

When data can flow (connectivity control)
Who can access assets (identity and authorisation)
How assets are protected (offline storage and isolation)

What fv-PaaS is NOT

Not a cloud service: All components can be deployed offline
Not software-only security: Physical controls at the wire level
Not a single product: Modular architecture for tailored deployments
Not a replacement for existing security: A complementary offline layer

Who is fv-PaaS For?

fv-PaaS is designed for organisations that:

Operate under stringent regulatory requirements (NIS2, DORA, FCA)
Manage critical national infrastructure
Require demonstrable offline capabilities for audit
Need multi-site, multi-zone data protection

Fire Modules (Connectivity Control)

Four modules govern when data can flow:

FireConnect: Controlled path opening during authorised windows
FireBreak: Instant connection severance when threats appear
FireGate: Scheduled connectivity with defined access rules
FireWall: Physical isolation enforcement (not software firewalls)

Vault Modules (Asset Protection)

Five modules govern how assets are protected:

VaultStore: Dedicated offline storage with identity-locked access
VaultArchive: Immutable long-term retention
VaultTransfer: Secure data movement between zones
VaultAccess: Granular access control and audit
VaultBackup: Offline backup with verified recovery

Deployment Architecture

fv-PaaS supports multiple deployment models:

Single-site: All modules in one location
Multi-site: Distributed across data centres
Hybrid: Mix of Firevault Bunkers and on-premise
Sovereign: Fully contained within national boundaries

Regulatory Alignment

fv-PaaS is designed to support:

NIS2 resilience requirements
DORA operational resilience
NIST CSF and 800-53
ISO 27001 and 27002
GDPR Article 32
Sector-specific requirements (FCA, HIPAA, PCI-DSS)

Integration

fv-PaaS integrates with existing infrastructure:

SIEM and SOC workflows
Backup and DR systems
Identity providers (SAML, OIDC)
API-driven automation

Pricing

fv-PaaS pricing is modular and based on:

Modules selected
Deployment scale and locations
Service level requirements

Enterprise pricing requires a discovery engagement.

Getting Started

Requirements workshop: Define your protection objectives
Architecture design: Select modules and deployment model
Proof of concept: Validate in your environment
Deployment: Phased rollout with integration
Operational handover: Training and support transition

Next Steps

If your organisation requires demonstrable offline capabilities for regulatory compliance or operational resilience, book a technical consultation to explore fv-PaaS.