June 28, 2022
3-2-1 Backup Rule: Implementing Efficient Data Protection
Most businesses now understand the importance of backing up data to avoid the negative impact of data loss on their operations. Whether it is disruptions caused by accidental deletions and hardware failure or more severe accidents like natural disasters or malware attacks, maintaining access to data is key.
A single copy of critical data may seem to be sufficient to recover from. However, at the heart of every robust data protection plan is the 3-2-1 backup rule. Today, this rule is a universally accepted strategy within the IT industry and beyond. The 3-2-1 backup approach is recommended by information security professionals and government agencies like the Cybersecurity and Infrastructure Security Agency (CISA) in the USA (in the Data Backup Options document by US-CERT).
Read on to learn about the components of the 3-2-1 rule and how to build on it to meet emerging cybersecurity challenges.
What Is the 3-2-1 Backup Rule?
The 3-2-1 backup rule refers to a tried-and-tested approach to data retention and storage:
- Keep at least three (3) copies of data.
- Store two (2) backup copies on different storage media.
- Store one (1) backup copy offsite.
By applying this rule, you ensure that data can be recovered in almost any failure scenario. One of the most common practices is to keep one copy of production data, one backup on a local repository and one backup copy in offsite storage or in the cloud.
This approach is not about choosing one medium over another but rather about finding the right combination of storage media and locations in terms of cost-efficiency, security and flexibility. Let’s take a closer look at each point of the 3-2-1 rule.
Keep at least three (3) copies of your data
Three copies mean the primary production data and two backup copies. Keeping 3 copies of data is the bare minimum required to ensure that you can recover in any failure scenario, keep recovery objectives low and avoid a single point of failure.
It follows then that the more backup copies you have, the less likely it is that you would lose them all at once. Having a single backup stored in the same location as the primary data means that any disaster that hits your production can also affect your secondary copies.
Store two (2) backup copies on different storage media
Having all your backups on the same type of storage media makes it more likely that both devices would fail at about the same time due to a defect or simple wear and tear.
To abide by the 3-2-1 rule, you need to store your primary data and backup copies on at least two different storage media, including internal or external hard drives, NAS, tape and others.
Store one (1) copy offsite
Keeping all of your backups in a single place is not recommended since they could be entirely wiped out in a natural disaster or a building emergency like an office fire. For this reason, the 3-2-1 backup strategy dictates that you should store one or more backup copies in a remote location, for example, in another city, state, country or even continent. A remote location in this case can be physical offsite storage or the cloud.
Keep in mind that while remote backups improve your chances of recovery, keeping local copies provides faster and easier recovery. To ensure business continuity and prepare for all potential risks, the 3-2-1 backup rule should be part of a comprehensive disaster recovery plan.
Expanding to the 3-2-1-1 Backup Rule
The original 3-2-1 backup strategy was conceived before the internet era and is perfectly sufficient in most scenarios. However, in recent years, this approach has been expanded to the 3-2-1-1 backup rule in response to the cyberthreat landscape and data compliance requirements. The 3-2-1-1 backup strategy:
- Keep at least three (3) copies of your data.
- Store two (2) backup copies on different storage media.
- Store one (1) copy offsite.
- Create one (1) immutable or air-gapped backup copy.
What are immutable backups?
Immutable backups are backup files stored using the write-once-read-many (WORM) model. These backups cannot be modified or deleted making them immune to new ransomware attacks and accidental or intentional deletion.
Different storage devices, like tape and optical disks, allow you to apply immutability to backups. Immutable storage can also be configured on Linux OS-based machines or in the cloud, for example, in AWS using the Amazon S3 Object Lock feature.
What are air-gapped backups?
You can create air-gapped backups by storing data offline on detachable disks, NAS or tape and disconnecting them from the production site. Similar to immutable backups, air-gapped backups are ransomware-proof and can be used for swift recovery following a disaster or a cyberattack.
Implementing the 3-2-1 Backup Rule
Modern solutions like NAKIVO Backup & Replication offer numerous backup features that allow you to implement the 3-2-1 rule and extend it to the 3-2-1-1 backup strategy to include immutable backups.
Along with direct backups, these features include:
- Backup to network shares, the cloud (Amazon S3, Wasabi), offsite storage, etc.
- Backup copy (to tape, cloud, etc.)
- Chaining to automate backup copy creation after successful backups
- Immutable backup repositories on Linux-based machines and in the cloud
The 3-2-1 backup rule has been the most effective approach in data protection for decades. By keeping three different copies of your data, stored on two storage media with one kept offsite, you significantly reduce the chances of losing all of your data. However, as threats continue to evolve, so should your security techniques. The recent 3-2-1-1 backup strategy provides a more robust defense against cyberattacks thanks to immutable and air-gapped backups.
You cannot implement a comprehensive data protection plan without a modern solution like NAKIVO Backup & Replication. Get the Free Edition today to implement these strategies in your environment.