On Fri, Aug 25, 2017 at 9:42 AM, James Fournie <[log in to unmask]>
> Hi Sarah,
> I think what you are asking about is an "air gap".
> Here's a blog entry from Bruce Schneier with some best practices:
This strikes me the way to go.
Be aware that unless the system is encrypted and the files are encrypted at
rest, they will be more vulnerable than they would being stored in a
services specifically designed to protect confidential data (even then,
they might be). Also, you need robust key management and data protection or
you could lose everything in the blink of an eye.