I have been asked if the MSP360 backup is considered an "Air Gapped" backup. Obviously we are storing the backup offsite and the offsite storage is not physically connected to the server. That brings up another question... if a hacker gains access to the server, what prevents them from opening the backup console and deleting the existing backups?
With Advanced Rebranding, you can disable the Agent to avoid anyone from accessing information locally. You can also disable the ability to delete files from the Storage tab in a backup agent (assuming you wanted to keep the agent enabled and simply prevent deletions from backup storage). You can also do things like disable editing of backup / restore plans in the agent. I think with those options, you can consider cloud backups air-gapped. If you have additional questions, let me know.