What is offline secure storage?

Offline secure storage (OSS) is a data protection method where data is physically disconnected from the internet when not in use. Unlike cloud storage, data stored offline has zero remote attack surface — it cannot be hacked, ransomed or accessed remotely because it is not connected to any network. Firevault provides this through hardware-encrypted vaults that are physically isolated.

How does Firevault protect against ransomware?

Firevault protects against ransomware by physically disconnecting your data from the internet. Ransomware can only encrypt data it can reach over a network. When your data is stored offline in a Firevault, ransomware attacks cannot reach it. Even if your entire network is compromised, your offline vault remains untouched and intact.

How much does Firevault cost?

Firevault Vault starts from £75 per month (inc VAT) for individuals. Business Storage starts from £360 per month (inc VAT). Enterprise Platform pricing is available on request. All plans include hardware encryption, identity verification, and physical disconnection by default.

Who is Firevault designed for?

Firevault is designed for individuals protecting passports, wills and crypto keys; professionals such as solicitors, accountants and consultants protecting client data; SMEs and businesses protecting crown jewel data; and regulated industries including healthcare, financial services and legal sectors requiring offline backup for compliance with GDPR, NIS2, DORA and FCA regulations.

Is Firevault GDPR compliant?

Yes. Firevault is designed to support GDPR compliance by keeping sensitive personal data physically isolated and offline. Physical disconnection ensures data is not exposed to network-based attacks, supports data minimisation principles, and provides an audit trail of access. Firevault is also designed to support NIS2, DORA, FCA and SRA compliance requirements.

What is a physical air gap?

A physical air gap is a security measure where a computer or storage device is completely isolated from the internet and all unsecured networks. Unlike a logical or software air gap, a physical air gap cannot be bridged remotely. Firevault uses a Layer 1 physical air gap — your data is stored on hardware that is physically disconnected from any network when not in active use.

Back to Guides

Resilienceadvanced

Supply Chain Resilience: Third-Party Protection

Your recovery capability depends on a chain of third-party services: cloud providers, backup vendors, identity platforms. When any link in that chain is compromised, your recovery depends on assets you control physically.

12 min read

The Chain You Cannot See

Modern organisations depend on complex supply chains of technology services. Your production data runs on a cloud platform. Your backups are managed by a backup vendor. Your identity system is provided by a third party. Your DNS is managed by another. Your certificates are issued by yet another.

Each of these services represents a dependency in your recovery chain. And each is operated by an organisation with its own security posture, its own vulnerabilities, and its own risk of compromise.

Supply Chain Attacks Are Increasing

The SolarWinds attack demonstrated that supply chain compromise can affect thousands of organisations simultaneously. The MOVEit breach showed that a vulnerability in a single file transfer tool can expose data across hundreds of organisations. The Okta breach revealed that identity provider compromise gives attackers access to every system that depends on that provider.

These are not theoretical scenarios. They are precedents that demonstrate the fragility of supply chain dependencies in recovery architecture.

Mapping Your Recovery Supply Chain

To understand your exposure, map every third-party dependency in your recovery process:

Cloud provider: If your cloud provider suffers a major outage or breach, can you access your cloud console? Can you retrieve your data?
Backup vendor: If your backup vendor is compromised, are your backup credentials still under your control?
Identity provider: If your identity platform (Azure AD, Okta, etc.) is breached, can you still authenticate to critical systems?
DNS provider: If your DNS is hijacked, can you regain control of your domain?
Certificate authority: If your CA is compromised, can you reissue certificates from a trusted root?

The First-Party Recovery Principle

Supply chain resilience requires a simple principle: for every critical recovery capability, maintain a first-party fallback that does not depend on any third-party service.

This means:

Cloud console root credentials stored offline (not in the cloud provider's own credential manager)
Backup encryption keys stored independently of the backup vendor's infrastructure
Local authentication credentials that bypass federated identity systems
DNS registrar credentials stored offline for domain recovery
Root CA key material under your direct physical control

How OSS Enables First-Party Recovery

Offline secure storage is the mechanism for maintaining first-party recovery capability. By storing critical credentials and procedures in physically disconnected hardware under your direct control, you create recovery independence from every third-party service:

Cloud independence: Root account credentials stored offline enable cloud console access even during provider incidents
Vendor independence: Backup encryption keys stored offline ensure you can decrypt backups even if the vendor is compromised
Identity independence: Local admin credentials stored offline bypass federated identity systems entirely
Certificate independence: Root CA keys stored offline enable certificate reissuance from a trusted foundation

The Kaseya Lesson

The Kaseya VSA attack in 2021 compromised a remote monitoring and management tool used by managed service providers. Through a single supply chain compromise, ransomware was deployed to over 1,500 organisations simultaneously.

Organisations that maintained recovery credentials independently of their MSP recovered in days. Organisations whose recovery depended entirely on their MSP waited weeks, because their MSP was the vector of the attack.

Practical Implementation

Map dependencies. Document every third-party service your recovery process depends on.
Identify single points of failure. For each dependency, assess what happens if that service is unavailable or compromised.
Create first-party fallbacks. For each critical dependency, establish an offline fallback under your direct control.
Store offline. Place all first-party fallback credentials and procedures in physically disconnected storage.
Test independence. Regular exercises should include scenarios where specific third-party services are unavailable.

Conclusion

Supply chain attacks exploit trust. Every third-party service in your recovery chain is a trust relationship that an attacker can compromise. Offline secure storage provides the first-party recovery capability that eliminates this exposure, ensuring that your ability to recover depends on assets you physically control, not on the security posture of your suppliers.