FAQ

Addressing a few points we occasionally come across when asking questions in forums about offline installation

  • This is 2022! You do know the world is online?

  • Don't you know that IT is about securing sharing and accessing data ?

  • Why do this to your users?

There are many reasons why data should be in an environment with little or no outbound access. In many cases it is stakeholder requirements, but requirements can come from many sources. As an example of three actual environments....

  1. A university research groups holds names, addresses and health information of serving members of the armed forces. The university does not want the data on it's network due to the increased risk of state sponsored hacking

  2. A local government Social Services dept have names of vulnerable people with private information about criminal acts they have been subject to.

  3. An organisation has experienced sophisticated (failed) hacking attacks and a Business Continuity Exercise has indicated that to recover from a compromised networks will take 2 working days, which will result in a loss of hundreds of thousands of dollars. A separate offline network is created that will hold data for those two days to reduce the risk impact if any recovery is needed.

  • You can do this fully online with proper security controls!

Yes, but as said , often it is stakeholder requirements.

  • Speak to your stakeholders, explain to them that ....

The point you are making are (probably) correct , However in many cases stakeholders requirements are set in stone.

  • Isolated does not mean secure

Agreed, which is why we don' use the word "secure".

  • The greatest threat to organisation is from inside!

In most cases yes, and in those where it isn't, it is still a significant threat

  • Being in such an environment means you cannot keep software and Operating System up to date.

Which is why we are here

  • Covid-19 Working from Home, shows how foolish you are!

We would have though that too. In fact because the environment is already locked down, the new risks in opening up a VPN gateway (such as RDP in "screen view mode"), can be well defined and mitigated. with a small number of controls.