Zero trust for air-gapped networks: where isolation fails

At a glance

What this is: A guide to applying zero trust in air-gapped environments, with the key finding that isolation alone does not stop insider access, removable media threats, or pre-compromised hardware.

Why it matters: It matters because IAM teams must govern identity, privilege, and auditability even where cloud controls are unavailable, and the same trust assumptions also affect NHI, autonomous, and human access models.

By the numbers:

• Insider breaches cost an average of $4.92 million.
• 51% of malware now targets USB devices.
• 93% of security leaders say insider threats are as difficult or harder to detect than external attacks.
• 90% of IT leaders say properly managing NHIs is essential for a successful zero-trust implementation.

👉 Read Pomerium's guide to zero trust for air-gapped networks

Context

Air-gapped networks are designed to reduce exposure by cutting off direct connectivity to external systems, but that design only addresses one class of threat. The primary identity governance problem is that trust is often treated as binary inside the perimeter, even though the real risk comes from who can act, what they can touch, and how much authority they retain once they are inside the environment.

This matters for human identity, NHI, and autonomous access alike. Shared credentials, service accounts, and automated processes all become part of the same control problem when network isolation removes cloud-dependent guardrails and forces every access decision to be made locally.

Key questions

Q: How should security teams implement zero trust in air-gapped environments?

A: They should treat identity verification and per-request authorization as local controls, not cloud services. That means replacing shared access with unique identities, validating each action against policy, and keeping logs inside the isolated environment. The goal is to preserve zero trust even when internet connectivity is unavailable.

Q: Why do air-gapped networks still get breached?

A: Because isolation blocks remote access, not insider misuse, infected removable media, or compromised hardware that arrives already trusted. Once an attacker or malicious actor is inside the perimeter, static credentials and weak local governance can provide enough access to move, exfiltrate, or disrupt systems.

Q: What breaks when organisations rely on shared passwords in air-gapped systems?

A: Shared passwords destroy accountability and create permanent access that survives role changes, device changes, and personnel departures. In an isolated environment, that means defenders may not know who acted, when they acted, or whether access should still exist at all. The control gap is not just convenience, it is unrevoked authority.

Q: How do NHI controls differ from human access controls in air-gapped networks?

A: The underlying principle is the same, but NHI controls must also govern service accounts, automation, and workload identities that act without human intervention. In practice, teams need local identity issuance, scoped privileges, and revocation workflows that work offline, because machine access can outlive the assumptions built into manual administration.

Technical breakdown

Why isolation is not a trust model

Air gaps prevent remote network reachability, but they do not create verified identity. Once a user, device, or workload enters the isolated environment, the security question shifts from perimeter defence to authorization quality. The article distinguishes physical, operational, electronic, and logical isolation, but the important point is that each still depends on local controls to decide who gets to do what. Without identity-aware checks, the network boundary becomes a false proxy for trust.

Practical implication: replace perimeter trust with identity-aware authorization inside the isolated environment.

Per-request authorization and continuous validation

Per-request authorization evaluates each action separately instead of granting broad session-wide access after login. That matters in air-gapped environments because the attacker or insider may already be inside the perimeter, which makes initial authentication a weak control on its own. Continuous session validation extends the same logic by rechecking access as context changes, such as device state or role changes. In practice, this is the local analogue of zero trust: the system must keep re-verifying trust rather than assuming it once.

Practical implication: design access so every request is reauthorised, not just every session.

Static credentials, removable media, and audit gaps

The guide is explicit that static credentials and shared passwords create permanent access, while removable media and pre-compromised hardware bypass network isolation entirely. That combination is why air-gapped environments still suffer from compromise paths that look nothing like a remote intrusion. Audit logging becomes essential because it is often the only durable evidence of who used what, when, and under which policy. In a closed environment, the log trail is not a nice-to-have. It is the control that makes identity governance possible after the fact.

Practical implication: remove standing secrets and preserve local audit trails for every privileged action.

Threat narrative

Attacker objective: The attacker aims to execute malicious code or extract sensitive data inside a zone that defenders assumed was protected by isolation alone.

1. Entry occurs through physical access to the isolated environment, often via a compromised USB drive, malicious insider action, or pre-loaded hardware supply chain compromise.
2. Credential access or abuse follows when shared passwords, static secrets, or trusted local accounts are used to operate inside the perimeter without meaningful per-request verification.
3. Impact emerges as malware, data exfiltration, or unauthorized system control spreads within the trusted zone and bypasses the assumption that internal access is inherently safe.

Breaches seen in the wild

• Cisco DevHub NHI breach — IntelBroker exploited exposed Cisco credentials, API tokens and keys in DevHub.
• DeepSeek breach — DeepSeek breach exposed 1M+ log lines and sensitive secret keys.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Air-gapped security fails when organisations confuse isolation with authorization. The perimeter may stop remote intrusion, but it does not answer who can act once inside, how much privilege they retain, or whether those rights are still appropriate. That is an identity governance problem, not a network topology problem. Practitioners need to treat air-gap design as a trust boundary that still requires local identity control.

Standing credentials are the failure mode that most often survives the air gap. Shared passwords, long-lived access, and manual procedures persist because teams assume the environment is already protected. That assumption breaks when insiders, contractors, or compromised media operate from within the trusted zone. The implication is that access review without credential expiry and revocation discipline leaves a permanent path inside the perimeter.

Per-request authorization is the right named concept for air-gapped zero trust. It replaces session entitlement with action-level decisioning, which is the only model that matches the operational reality of isolated networks. This aligns with Zero Trust Architecture and workload governance principles because it forces every request to earn access locally rather than inheriting trust from network location. For practitioners, the governance unit becomes the request, not the login.

Self-hosted identity control planes are not an implementation detail in air-gapped environments, they are the operating assumption. Cloud-dependent access workflows cannot be the source of truth inside a disconnected perimeter. That means the market conversation should move away from remote management convenience and toward local enforcement, auditability, and sovereignty. Practitioners should evaluate whether their identity stack can function entirely offline before they depend on it for critical access.

Zero Trust for air-gapped networks is best understood as a bridge between human IAM, NHI governance, and autonomous access policy. The article covers all three access types because isolated environments do not care whether the actor is a person, service account, or automated workflow. What changes is how identity is proven and how often policy is rechecked. Practitioners should align governance so the same trust test applies regardless of actor type.

From our research:

• 90% of IT leaders say properly managing NHIs is essential for a successful zero-trust implementation, according to Ultimate Guide to NHIs.
• Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.
• For the standards view, see Ultimate Guide to NHIs - Standards for the control set that maps most directly to isolated-environment governance.

What this signals

Per-request authorization becomes the practical dividing line between isolation and governance. Air-gapped programmes that stop at network segmentation still leave identity risk untouched, especially where service accounts or automation can act repeatedly without fresh authorization. For teams running mixed human and machine access, the priority is proving that policy enforcement works locally before the perimeter is ever treated as sufficient.

The broader signal is that zero trust is no longer a remote-access architecture alone. In isolated estates, it becomes a local identity discipline that must cover humans, NHIs, and any automated workflow with the same revocation and audit expectations, even when the control plane cannot rely on external services.

For practitioners, the next planning question is whether local identity services, audit retention, and revocation paths can survive a complete connectivity loss. If they cannot, the air gap is reducing connectivity while leaving the governance model incomplete.

For practitioners

• Eliminate static credentials inside isolated environments Replace long-lived passwords, shared accounts, and manually managed secrets with short-lived, locally verifiable identities that can be revoked inside the air gap.
• Enforce per-request authorization for every privileged action Require the policy engine to evaluate each request separately so a single successful login does not become blanket access across the entire session.
• Instrument local monitoring and audit logging Capture who accessed what, when, from which workstation, and under which policy so investigations and compliance reviews remain possible without external telemetry.
• Validate offline identity infrastructure before deployment Confirm that authentication, policy decisions, and log retention all work without cloud dependencies, because external control planes undermine the air-gap model.

Key takeaways

• Air-gapped environments are still vulnerable when identity and privilege are treated as trustworthy inside the perimeter.
• The control failure is permanent access, not remote reachability, which is why static credentials and weak revocation remain dangerous in isolated systems.
• Practitioners should anchor air-gapped zero trust in local per-request authorization, offline identity services, and durable audit logging.

Key terms

• Air-Gapped Network: A network or system intentionally separated from external networks, especially the internet, to reduce remote attack exposure. In practice, air gaps reduce reachability but do not eliminate insider risk, removable-media threats, or supply chain compromise, so identity and access controls still matter inside the boundary.
• Per-Request Authorization: An access model that evaluates each action individually instead of granting broad access for an entire session. In isolated environments, this is the strongest way to avoid assuming trust from login alone, because the identity must earn permission every time it tries to do something.
• Static Credential: A long-lived password, token, or key that remains valid until someone manually changes or revokes it. In air-gapped or offline environments, static credentials are especially risky because they can survive personnel changes, be reused by insiders, and remain exploitable long after their original purpose has passed.
• Offline Identity Control Plane: The local authentication, policy, and logging layer that operates entirely inside a disconnected environment. For air-gapped governance, this control plane must issue identities, authorize requests, and preserve audit evidence without relying on cloud connectivity or external services.

Deepen your knowledge

Zero trust for air-gapped networks, per-request authorization, and offline identity governance are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building isolated-environment controls for humans, service accounts, or automated workflows, it is worth exploring.

This post draws on content published by Pomerium: Complete Guide to Zero Trust for Air-Gapped Networks. Read the original.