CTO blog

Your trusted source within the Data Protection industry…

September 2025

Securing IT-OT Convergence with Air-Gapped Recovery

Working with enterprises and MSPs, I frequently meet OT environments built decades ago, now tightly connected to IT and business outcomes. The risk is two-sided: criminal ransomware and geopolitical probing of industrial controls. EU organizations are responding – CISO ownership of OT security has climbed from 16% in 2022 to 52% in 2025, with 80% planning to formalize it within a year. This is why the recovery plane now deserves board attention, not just technical oversight.

At the same time, “visibility” grows more honest as maturity rises – many teams now recognize blind spots across OT assets and interfaces, and impacts increasingly span both IT and OT, not one or the other. Median dwell times remain measured in days, not hours – underscoring the need for fast, verified recovery when prevention fails.

Five posture gaps you still see – and what “good” looks like

#1 – IT-OT boundary & remote access

Gap: Flat or poorly segmented networks; contractor/VPN access without staged controls.

Good: Segmented zones, brokered remote access, strict change windows, and continuous monitoring — plus a separate recovery plane that’s not reachable from production. DI’s survey synthesis highlights weak monitoring and “forgotten links” as recurring root causes.

B4Restore closes the gap: We don’t sell OT segmentation tooling; we do contain blast radius with an air-gapped, off-network recovery plane run under Separation-of-Duties (SoD). If IT is breached, your backups remain unreachable — and recoveries are performed in a controlled cleanroom before anything re-enters production.

#2 – Asset visibility & legacy risk

Gap: Incomplete inventory, 20–30-year-old devices, and “virtual patching” needs; organizations that mature become more aware of blind spots.

Good: Federated inventories, prioritized risk profiles, and pre-defined recovery playbooks that assume exploitation can occur.

B4Restore closes the gap: Air-gapped copies of data, configs, and golden images — stored in EU-sovereign Tier-3 DCs under SoD — plus evidence exports for auditors and boards. If a legacy device is compromised, the recovery plane restores clean data into an Isolated Recovery Environment (IRE) for malware-scanned, staged re-entry.

#3 – Backups co-located with production

Gap: Backups on the same network/site, or logically reachable from production.

Good: Off-network backup copies at sufficient distance. That’s not optional anymore: Commission Implementing Regulation (EU) 2024/2690 Annex 4.2.2(c) requires storing backup copies “in a safe location… not in the same network… and at sufficient distance to escape any damage from a disaster at the main site.”

B4Restore closes the gap: Air-gapped off-network backups in EU-sovereign, ISO-certified facilities; geo-separated replication (>15 km); and board-ready compliance evidence via the B4R Storage Portal.

#4 – Recovery assurance (not just “ohh, we do have backups”)

Gap: Infrequent restores; reinfection risk; weak proof for auditors/insurers.

Good: Routine, scripted restore tests into an IRE/cleanroom, full-content malware scanning, and provable RTO/RPO performance.

B4Restore closes the gap: Isolated Recovery Environment (Cleanroom) for verification and validation; automatic ransomware scanning of restored data with artifacts; periodic single-app and bulk exercises; and exports of restore evidence for compliance and cyber-insurance.

#5 – Executive accountability & reporting

Gap: Boards/C-suites get lagging indicators, not operational assurance; OT/IT incident impacts converge.

Good: CISO-owned OT risk, tested playbooks, and direct evidence that back-ups are off-network, air-gapped, recoverable, and compliant with NIS2 (and for financials, DORA’s operational resilience obligations). ENISA’s technical guidance now provides concrete, auditable parameters and examples of evidence for implementing 2024/2690.

B4Restore closes the gap: SoD governance (logical/technical/physical), API-first evidence exports, and board-ready reporting from the B4R Storage Portal; all operated in line with ISO 27001/22301 and ISAE 3402/3000attestations.

Why an air-gapped recovery plane – not “immutable-only” – is the inflection point

Immutable is a useful feature, but it’s still frequently online and addressable. An air-gapped copy, governed by SoD and validated in an IRE, is materially harder to reach — by insiders, malware, or adversaries. That is B4Restore’s design core: combine air-gapped storage, SoD, IRE validation, and evidence into a single operating model. (Request B4Restore’s AirGap rationale and SoD framework.)

What you can expect from B4Restore (IT + OT)

  • Air-gapped, off-network copies in EU-sovereign Tier-3 DCs; geo separation beyond typical disaster ranges
  • Separation-of-Duties across logical, technical, and physical layers — eliminating single-admin risk and vendor/supplier/partner overreach
  • Isolated Recovery Environment (Cleanroom) for malware-scanned, staged restores — minimizing reinfection risk
  • Evidence at your fingertips: backup location, distance, access controls, restore success, and RTO/RPO metrics exportable to auditors, boards, and insurers
  • Scale & reliability: >70M backup jobs/year with EU-wide operations, aligned to ISO 27001/22301 and ISAE 3402/3000.

Executive checklist

  1. Confirm off-network, air-gapped backups with documented physical distance from main sites (NIS2 2024/2690 Annex 4.2.2(c))
  2. Enforce SoD between production, backup, and recovery operations (admin paths, credentials, tooling)
  3. Run quarterly IRE restore tests (single-app + bulk), with malware-scan artifacts and RTO/RPO evidence
  4. Map DORA obligations (for financials) to your recovery plane evidence and executive reporting
  5. Require geo-separated replication (>15 km) and ensure no shared network reachability from production
  6. Integrate board-level dashboards: location, access, test results, exceptions, and SLA adherence from B4R Storage Portal.
photo of Henrik Lind

Henrik Lind, Chief Technology Officer, B4Restore A/S