Self-healing recovery of files using a cyber recovery vault for deduplication file systems

What is claimed is: 1. A computer-implemented method comprising: copying data to be backed up from a production system to a backup system in data center; providing a cyber security vault coupled to the data center; configuring an air-gapped connection between the data center and the cyber security vault to be controlled from within the cyber security vault and that renders the cyber security vault inaccessible without control of the air-gapped connection; copying at least a portion of the data to be backed up to a first namespace in cyber security vault; making a point-in-time (PIT) copy of the portion of data to a second namespace; retention locking the copied portion of data in the second namespace; detecting a corrupted data element in the data to be backed up; and providing, through the vault controlled air-gapped connection, a missing data element for the corrupted data element from the PIT copy in the cyber security vault, wherein the data center comprises part of a deduplication backup process executed by a data storage server running a Data Domain File System (DDFS), and wherein the data to be backed up comprises compressed data stored in a container striped across of a plurality of disks in a disk array of the backup system, and wherein the air-gapped connection is automated to provide network isolation and eliminate potential compromise of management interfaces of the cyber security vault. 2. The method of claim 1 wherein the data to be backed up comprises files each consisting of a stream of segments, and wherein each segment is uniquely identified by a key label pair referred to as a fingerprint. 3. The method of claim 2 wherein each file is stored in a Merkle tree structure with content data stored in a bottom level of the tree and indexed by the fingerprints. 4. The method of claim 3 wherein an index lookup to read data returns a container ID and a region ID for a corresponding fingerprint. 5. The method of claim 4 wherein the corrupted data element comprises a missing fingerprint caused by a failed index lookup. 6. The method of claim 5 wherein the failed index lookup is caused by a failure of two or more disks in the disk array. 7. The method of claim 5 wherein the step of providing a missing data element for the corrupted data element comprises looking up bottom level (L0) references of a file Merkle tree in the cyber recovery vault, and if the segments are present in the vault, copying the segments back into a new container. 8. The method of claim 1 further comprising analyzing the retention locked copy of data to detect any malware causing data corruption in the data to be backed up. 9. The method of claim 8 further comprising reporting the result of the analyzing to a system administrator. 10. A method comprising: striping a container holding compression regions of a file to be backed up across a plurality of disks in a disk array to first backup the file in primary storage; providing a cyber security vault coupled to the primary storage; configuring an air-gapped connection between the primary storage and the cyber security vault to be controlled from within the cyber security vault and that renders the cyber security vault inaccessible without control of the air-gapped connection; storing, through a second backup, the compression regions in the cyber security vault; making a point-in-time (PIT) copy of the compression regions in a namespace of the cyber security vault, and applying a retention lock to the PIT copy; detecting a failed index lookup resulting in a missing segment for an access to data in a compression region of the container; and providing, through the air-gapped connection, the missing segment from the PIT copy in the cyber security vault through the air-gapped connection, wherein the primary storage comprises part of a deduplication backup process executed by a data storage server running a Data Domain File System (DDFS), and further wherein the air-gapped connection is automated to provide network isolation and eliminate potential compromise of management interfaces of the cyber security vault. 11. The method of claim 10 wherein the file comprises of a stream of data segments, and wherein each data segment is uniquely identified by a key label pair referred to as a fingerprint. 12. The method of claim 11 wherein the file is stored in a Merkle tree structure with content data stored in a bottom level of the tree and indexed by the fingerprints, and wherein the index lookup to read data returns a container ID and a region ID for a corresponding fingerprint. 13. The method of claim 12 wherein the step of providing a missing segment comprises looking up bottom level (L0) references of a file Merkle tree in the cyber recovery vault, and if the segments are present in the vault, copying the segments back into a new container. 14. The method of claim 10 further comprising analyzing the retention locked copy of data to detect any malware causing data corruption in the data to be backed up, and reporting the result of the analyzing to a system administrator. 15. A system comprising: a backup server copying data to be backed up from a production system to a backup system in a data center; a cyber security vault coupled to the data center through an air gapped connection, wherein the air-gapped connection is configured to be controlled from within the cyber security vault to render the cyber security vault inaccessible without control of the air-gapped connection, and further wherein the backup server copies at least a portion of the data to be backed up to a first namespace in cyber security vault; a copy component making a point-in-time (PIT) copy of the portion of data to a second namespace, and retention locking the copied portion of data in the second namespace; and an analysis component detecting a corrupted data element in the data to be backed up, and providing, through the air-gapped connection, a missing data element for the corrupted data element from the PIT copy in the cyber security vault, wherein the data center comprises part of a deduplication backup process executed by a data storage server running a Data Domain File System (DDFS), and further wherein the air-gapped connection is automated to provide network isolation and eliminate potential compromise of management interfaces of the cyber security vault, and yet further wherein the data to be backed up comprises compressed data stored in a container striped across of a plurality of disks in a disk array of the backup system, the data to be backed up comprising files each consisting of a stream of segments, and wherein each segment is uniquely identified by a key label pair referred to as a fingerprint. 16. The system of claim 15 wherein each file is stored in a Merkle tree structure with content data stored in a bottom level of the tree and indexed by the fingerprints, and wherein an index lookup to read data returns a container ID and a region ID for a corresponding fingerprint, and further wherein the corrupted data element comprises a missing fingerprint caused by a failed index lookup, and yet further wherein providing a missing data element for the corrupted data element comprises looking up bottom level (L0) references of a file Merkle tree in the cyber recovery vault, and if the segments are present in the vault, copying the segments back into a new container. 17. The system of claim 15 wherein the analysis component further analyzes the retention locked copy of data to detect any malware causing data corruption in the data to be backed up and reports