Who needs air-gapped business software and how does it provide complete data isolation?

Air-gapped business software runs on a machine that is never connected to any network — no internet, no LAN, no WiFi. This provides the highest possible level of data isolation for organizations handling the most sensitive information: national security-related work, highest-level corporate strategy, or protected personal data.

Air-Gapped Business Software: Complete Data Isolation | Skanda Data

What "Air-Gapped" Actually Means

An air-gapped system is physically disconnected from all networks. The machine has no Ethernet connection, no WiFi card (or it is physically removed/disabled), no Bluetooth, and no cellular modem. Data enters the system through removable media (USB drives, external hard drives) that are carefully controlled. Data leaves the system through the same controlled media path or through manual transcription. The "air gap" is literal: there is a gap of air between this machine and any other networked device.

For business software, an air-gapped deployment means the application, its database, and all its data exist entirely on a standalone machine. The software must be fully functional without any network dependency — no license checks that phone home, no cloud-based features, no external API calls, no automatic updates. ONS Data Terminal supports this deployment model because it was designed from the start to work without any internet connectivity.

Who Needs Air-Gapped Deployment?

National Security and Defense-Adjacent Work

Organizations working with classified or sensitive government information often require air-gapped systems by regulation. A business intelligence or case management platform used in this context must operate fully offline on the air-gapped machine. Data entry and analysis happen entirely within the isolated environment.

Highest-Level Corporate Strategy

For the most sensitive corporate activities — evaluating a transformative acquisition, planning a response to a hostile takeover approach, developing a fundamentally new business strategy — some organizations choose to isolate the work on air-gapped machines. This eliminates the risk of network-based exfiltration entirely. The strategy documents, financial models, and competitive assessments exist only on the isolated machine.

Protected Personal Data

In some jurisdictions and contexts, certain categories of personal data (health records, biometric data, financial records of protected persons) must be handled with extreme isolation. An air-gapped system provides a demonstrable level of protection: there is no network path by which the data could be accessed or exfiltrated.

Highly Confidential Investigations

Internal investigations into executive misconduct, fraud, or other sensitive matters may warrant air-gapped handling. The investigation team works on an isolated machine. Findings, evidence, and interview notes never touch a networked system until (and unless) a decision is made to transfer specific outputs to a networked environment for reporting or action.

How Air-Gapped Software Works in Practice

Installation

The software is installed from physical media or a one-time network connection that is then severed. All dependencies are bundled — the application, the database engine, any required runtimes. Nothing is downloaded at install time because there is no network to download from.

Data Ingestion

Data to be analyzed is transferred to the air-gapped machine via controlled removable media. Documents, spreadsheets, database exports — whatever source data the analysis requires — are copied to the machine's local storage. Virus scanning happens before transfer. The removable media is physically secured after transfer.

Work

Users work directly on the air-gapped machine — or, in some configurations, on thin clients that connect to the air-gapped machine through a dedicated, isolated KVM switch with no network bridging. All data creation, analysis, and modification happens on the isolated system. The software operates exactly as it would on a networked machine because it has no network-dependent features.

Data Export

When work products need to leave the air-gapped environment — a final report, a set of findings, a structured data extract — they are written to removable media and physically carried to a networked machine. The export is deliberate, reviewed, and logged. There is no "send by email" or "share link" option because there is no network.

ONS Data Terminal in Air-Gapped Mode

ONS Data Terminal is well-suited for air-gapped deployment because:

It has zero cloud dependencies. All features work fully offline.
It bundles its own database (PostgreSQL). No external database server is needed.
It uses a local web interface. No internet browser features are required.
License activation can be done offline.
Updates can be applied from physical media without network access.

For organizations that do not need full air-gap isolation but want strong network-level protection, ONS Data Terminal also works well in LAN-only mode — connected to the office network but with no internet access, accessible only to devices on the local network segment.