What is offline secure storage?

Offline secure storage (OSS) is a data protection method where data is physically disconnected from the internet when not in use. Unlike cloud storage, data stored offline has zero remote attack surface — it cannot be hacked, ransomed or accessed remotely because it is not connected to any network. Firevault provides this through hardware-encrypted vaults that are physically isolated.

How does Firevault protect against ransomware?

Firevault protects against ransomware by physically disconnecting your data from the internet. Ransomware can only encrypt data it can reach over a network. When your data is stored offline in a Firevault, ransomware attacks cannot reach it. Even if your entire network is compromised, your offline vault remains untouched and intact.

How much does Firevault cost?

Firevault Vault starts from £75 per month (inc VAT) for individuals. Business Storage starts from £360 per month (inc VAT). Enterprise Platform pricing is available on request. All plans include hardware encryption, identity verification, and physical disconnection by default.

Who is Firevault designed for?

Firevault is designed for individuals protecting passports, wills and crypto keys; professionals such as solicitors, accountants and consultants protecting client data; SMEs and businesses protecting crown jewel data; and regulated industries including healthcare, financial services and legal sectors requiring offline backup for compliance with GDPR, NIS2, DORA and FCA regulations.

Is Firevault GDPR compliant?

Yes. Firevault is designed to support GDPR compliance by keeping sensitive personal data physically isolated and offline. Physical disconnection ensures data is not exposed to network-based attacks, supports data minimisation principles, and provides an audit trail of access. Firevault is also designed to support NIS2, DORA, FCA and SRA compliance requirements.

What is a physical air gap?

A physical air gap is a security measure where a computer or storage device is completely isolated from the internet and all unsecured networks. Unlike a logical or software air gap, a physical air gap cannot be bridged remotely. Firevault uses a Layer 1 physical air gap — your data is stored on hardware that is physically disconnected from any network when not in active use.

Back to Guides

Resiliencebeginner

Recovery Independence: Recover Without Compromise

The single greatest weakness in most disaster recovery strategies is circular dependency: the plan to recover from a system compromise is stored on systems that can themselves be compromised. Recovery independence eliminates this fatal flaw.

10 min read

The Circular Dependency Problem

Consider a typical disaster recovery scenario. Ransomware has encrypted your domain controllers, your file servers, and your email. Your team knows what to do: follow the incident response plan, access the recovery credentials, restore from backup.

But the incident response plan is on SharePoint. The recovery credentials are in the password manager. The backup console requires Active Directory authentication. Every dependency in your recovery chain lives on the same infrastructure that has just been compromised.

This is not a theoretical risk. It is the single most common reason organisations pay ransoms. Not because they lack backups, but because they cannot access the credentials and procedures needed to use them.

What Recovery Independence Means

Recovery independence is the organisational capability to restore operations without depending on any system that could be affected by the incident requiring recovery. It requires that three things exist outside your connected infrastructure:

Recovery credentials that unlock your backup systems, cloud consoles, and administrative interfaces
Recovery procedures that guide your team through restoration in the correct sequence
Recovery contacts that enable communication when email, messaging, and phone systems are down

The Recovery Independence Test

Ask your IT team this question: "If every connected system in the organisation were encrypted in the next hour, what would you actually do first?"

If the answer involves accessing any connected system, credentials stored digitally, or documentation on a server, you do not have recovery independence. You have a recovery aspiration that depends on the same infrastructure the attack has already compromised.

Building Recovery Independence with OSS

Offline secure storage provides the physical foundation for recovery independence. By governing critical recovery assets in hardware that has no network interface, no IP address, and no remote access capability, OSS ensures these assets survive any network-based attack:

Credential Independence

Maintain offline copies of every credential your recovery depends on. Domain admin passwords, cloud console access, backup system credentials, DNS management access, and certificate authority keys. Update these on a defined schedule through controlled transfer procedures.

Procedural Independence

Store your incident response playbook, recovery sequence documentation, and system rebuild procedures offline. When your team is under pressure and primary documentation is unavailable, these become the single source of truth.

Communication Independence

Maintain offline copies of emergency contact details: personal mobile numbers for key staff, vendor escalation contacts, regulatory notification details, and insurance broker information. When email and corporate directories are down, this list is how you coordinate.

The Recovery Independence Maturity Model

Level 0 (Dependent): All recovery assets are on connected systems. Recovery depends on the same infrastructure that failed.
Level 1 (Partially Independent): Some credentials are printed or stored on USB drives. No governance, no update schedule, no verification.
Level 2 (Governed): Recovery assets are stored offline with defined ownership, update schedules, and access controls. Regular verification ensures currency.
Level 3 (Practised): Recovery independence is tested through regular exercises. The team has physically accessed offline assets under simulated incident conditions.
Level 4 (Evidenced): Recovery independence is documented, audited, and reported to the board, regulators, and insurers as a measurable capability.

Conclusion

Recovery independence is not a technology purchase. It is an architectural decision: the decision to break the circular dependency that causes most recovery failures. Offline secure storage provides the physical mechanism, but the strategic value comes from the certainty it creates. The certainty that when everything connected has failed, recovery remains possible.