The copy ransomware can’t reach — immutable, indelible and isolated as a managed service, adopted with a policy edit instead of an engineering project.
How it’s rated
Full scoreboard ↓Quick answer
Commvault Air Gap Protect is immutable, indelible backup storage as a managed service: copies written to Commvault-managed cloud storage that is logically air-gapped from your production and backup infrastructure, locked against alteration or deletion — by ransomware, by compromised admins, by anyone — for their retention period. It's the '1' in 3-2-1-1-0 delivered as a checkbox instead of a project: no object-lock engineering, no second vendor, no egress surprises hidden in the fine print. When every other defence fails, this is the copy the recovery starts from.
This page covers Air Gap Protect. The rest of the eight-product portfolio:
Most product pages skip this. We start here — so you buy a capability, not a buzzword.
A backup copy that cannot be altered or deleted for its retention period — enforced by the storage layer (WORM), not by permissions — held in infrastructure isolated from your blast radius.
It’s the “1” in 3-2-1-1-0: the copy that survives when everything else falls, delivered here as a managed service.
What consolidation actually replaces, dimension by dimension.
| Dimension | Backups guarded by permissions | Immutable service (Air Gap Protect) |
|---|---|---|
| The premise | Backups protected by permissions | Backups protected by physics (WORM) |
| Stolen admin creds | Backups deleted first, then encryption | Locked copies unreachable, undeletable |
| Insider sweep | Everything writable, gone | Unexpired copies simply remain |
| Building it | Object-lock project: weeks + key ceremony | A storage target — minutes |
| Residency | Cross-border caveats in the diagram | In-region, India included |
| Insurance form | 'Sort of' with explanation | Yes, with evidence export |
| Recovery from it | The vault nobody restore-tested | First-class restores, Cleanroom-ready |
| Cost shape | Engineering + egress surprises | Per-TB line item |
Adoption is an afternoon — a storage target, a policy edit, and the deletion test that proves the lock.
Vendors love diagrams; buyers need to know what they’re actually operating. Here’s the whole platform, demystified.
Cloud storage Commvault runs, patches and hardens — your copies land in infrastructure your credentials don't govern.
Write-once-read-many enforced at the storage layer for the retention period — no API, console or admin can alter a locked copy.
Deletion requests can't touch unexpired copies — the disgruntled-admin and stolen-credential scenarios end here.
Separate infrastructure, separate credentials, separate failure domain — compromise of your estate doesn't propagate.
Locked copies restore like any other — into production, into Cleanroom Recovery, at granular or full scale.
One agent on every machine, one console over all of them — modules attach without a second operational world.
Air Gap Protect turns the modern doctrine’s hardest requirement into a storage target you tick.
Copies locked at the storage layer for their retention period — alteration is impossible by construction, not by policy promise.
Not even your global admin can delete an unexpired copy — the stolen-credential and insider scenarios are answered by architecture.
Retention set by policy and enforced by the lock — compliance holds that hold even against the person who set them.
Separate infrastructure, credentials and failure domain — ransomware that owns your network still can't see this storage.
Commvault runs, patches and hardens the vault — your team configures a target and gets on with life. No object-lock engineering project.
Azure regions worldwide including India — the RBI/IRDAI/DPDP residency question answered inside the product.
Appears as a storage target in Commvault Cloud — existing Plans add an immutable copy with a policy edit, not a migration.
Locked copies restore like any other — granular or full, into production or into Cleanroom's isolation. Immutability never slows the exit.
The clean copy feeds the clean room — Air Gap Protect + Cleanroom Recovery is the platform's core cyber-recovery motion.
Immutability posture, retention locks and copy inventories exportable — the question every auditor and insurer now asks, pre-answered.
A storage line item with predictable pricing — the alternative (DIY object-lock plumbing plus egress surprises) costs more in engineering alone.
The immutable-copy requirement of modern backup doctrine delivered as configuration — the standard, met by Tuesday.
The Air Gap + Cleanroom pairing, the immutability primer and the full resilience loop.
The clean copy feeding the clean room — the core cyber-recovery motion.
Immutability for beginners — why the lock has to be structural.
Where the immutable copy sits in the full resilience loop.
Want a live, India-context walkthrough on your own fleet?
Book a guided demo →Here’s what genuinely sets Air Gap Protect apart from the alternatives.
A policy that says 'don't delete' bends to whoever owns the policy. WORM at the storage layer, in infrastructure your credentials don't govern, doesn't bend — that's the whole point.
Ransomware crews steal admin credentials precisely to delete backups first. Indelible means even the real admin can't — so the stolen one can't either.
DIY immutability means object-lock configuration, key ceremonies, separate accounts and egress modelling. Air Gap Protect is a storage target you tick in the console you already run.
In-region storage including India answers the RBI/IRDAI/DPDP question inside the product — no cross-border caveats buried in the architecture diagram.
Cyber-insurance questionnaires now ask 'immutable backups?' as a premium-shaping question. A managed, evidenced yes is worth real money annually.
The clean copy is step one; the isolated rebuild is step two. Air Gap Protect and Cleanroom Recovery are designed as one motion — the recovery that doesn't reinfect.
Where do copies live today, and which could a stolen admin delete? TechBag maps the honest answer free.
Air Gap Protect added as a storage target; crown-jewel Plans grow an immutable copy tier — a policy edit, not a project.
Quarterly-drill pattern established: restore from the locked copy, timed, evidenced — immutability that provably recovers.
Insurance forms and audits answered from exports; Cleanroom pairing rehearsed annually. TechBag manages the per-TB commercials.
Trusted across regulated industries in 100+ countries
Modelled on Gartner Peer Insights structure. *Counts and breakdowns are illustrative pending verified review collection.
“The attackers had domain admin for nine days and deleted every backup they could see. They couldn't see this one. That sentence is the product review.”
“Adoption was literally a policy edit — our Plans grew an immutable copy tier in an afternoon. The DIY object-lock project we'd scoped was six weeks.”
“Cyber insurance renewal asked for immutability evidence. We exported the report; the premium conversation improved measurably.”
“In-region India storage closed the residency objection in one slide. The RBI audit accepted the architecture as-is.”
“We restore-tested from the locked copy quarterly — immutability that also restores fast is the combination that matters.”
“Per-TB pricing is clean; just model retention honestly — locks mean you keep what you promised to keep.”
“A disgruntled admin's deletion sweep hit everything writable. The unexpired copies just… stayed. HR's problem, not a data-loss event.”
“Paired with Cleanroom, the tabletop finally ends with 'and then we recover' instead of ellipsis.”
Analyst firms bury this view behind paywalls, and G2 retired its Grid. So here’s TechBag’s synthesis of the immutability market — tap any vendor to see why it sits where it does.
Execution strength vs product vision — the classic market map, minus the paywall.
Managed immutability with residency and evidence — this page's subject.
The grid nobody publishes — how structural the guarantee is vs what it costs to get there.
Structural guarantees at checkbox effort — the corner the category is moving toward.
Positions are TechBag’s illustrative synthesis of public review-platform data and vendor documentation — not a reproduction of any analyst graphic. Verify before relying on it.
Hardened repos, platform locks, cloud primitives and the shelf — honest lanes, including the DIY path.
| Dimension | Air Gap Protect | Veeam hardened repo | Rubrik immutability | DIY S3 Object Lock | Tape |
|---|---|---|---|---|---|
| What it is | Managed immutable service | Self-hosted hardened Linux | Platform-native locks | Cloud primitive + your glue | The original air gap |
| Isolation from your blast radius | Structural | Your datacentre | Rubrik-managed options | Your account | A shelf |
| Ops burden | None | Real | Low | A project | Very real |
| Recovery speed from the copy | Cloud-fast, Cleanroom-ready | Fast | Fast | Egress-bound | Days |
| Residency (India) | In-region option | Wherever you build | Region options | Your region choice | Your vault |
| Evidence for audit/insurance | Exportable posture | You document it | Built-in reporting | You assemble it | A logbook |
| Best fit | Commvault estates & regulated firms | Veeam shops with ops muscle | Rubrik-platform buyers | Cloud-engineering teams | Belt-and-braces mandates |
Honest fit signals — because the fastest way to lose your trust is to pretend one product wins every scenario.
Drag the sliders (count protected TBs; IT-hour cost as loaded ops rate). Estimates assume ~2 hours per TB per year across DIY-lock upkeep, evidence assembly and copy-topology reviews, with ~70% removed by the managed service — the avoided-catastrophe value (the copy that survives) is the real number, and it doesn't fit a slider. Illustrative.
Loaded cost = salary + overheads per productive hour. Illustrative only — your TechBag quote models actual device counts and modules.
Air Gap Protect prices per TB — a line item, not a project. TechBag models retention tiers in one GST quote.
Best for what attacks target
Best for broad coverage
Best for cyber-recovery programmes
Whatever the list prices above, TechBag negotiates a significantly better deal — with GST-compliant INR invoicing and local support. Ask us for your discounted quote.
Tell us your device counts and current tools — we’ll model it against what you spend today.
Take this into your next vendor call — including ours.
In the PoC, try to delete a locked copy as the highest admin you have. The failure IS the acceptance criterion.
Immutable that can't restore fast is a museum. Time a real restore from the locked copy.
Not everything needs the lock — tier the estate and lock what an attack would actually target.
Locks are commitments: model the per-TB cost of what you promise to keep, for how long.
Confirm the India-region option in writing if RBI/IRDAI/DPDP applies to you.
Pull the insurer's questionnaire now — configure to answer its exact questions.
Rehearse clean copy → cleanroom rebuild once. That motion is the actual plan.
Pair with anomaly detection so the copy you lock isn't already encrypted — clean in, clean out.
Get a per-TB quote with retention tiers, or bring your copy topology and let a TechBag advisor run the stolen-admin tabletop against it.
Stats, ratings, review counts and pricing are illustrative and sourced from public materials; verify before purchase.