The Golden 3-2-1 Backup Rule is a rule to live by. Here at Ideas Plus, we have been advocating this rule for many years to help organizations ensure recoverability and Business Continuity when it is needed most. In this blog I’m going to explain the 3-2-1 Rule and show you the way to upgrade it to a more modern and resilient way of thinking!
The 3-2-1 Rule, as I like to explain it, states the following:
3: Keep 3 copies at least (one primary backup and two copies) to ensure that you can recover the data from any accidents.
2: Save backups to two different storage devices or locations.
1: Keep at least one backup copy in a different location.
The popularity of this method lies in its effectiveness. So much so that even the US-CERT recommends it for creating backups.
To better understand this concept, let’s consider the following example of backing up documents stored on your computer:
Now, according to the 3-2-1 rule, you must regularly back up all of your pertinent files and documents on two devices of different types or storage media. Therefore, you must store your documents on a device that’s not attached to your computer. These formats include:
- External hard drive,
- Optical disks,
- Digital tape,
- USB drives, or
- Cloud storage
A highly recommended option is to store your documents on Network Attached Storage (NAS). These devices are affordable, easy-to-access on-site storage back up solutions. A major advantage when it comes to NAS devices is that you can access them anytime you want and they won’t be affected by most threats as they act independently from your main system. (Kaspersky reports that there is a growing threat to NAS storage by a specific type of ransomware, but you can take steps to protect your devices.)
Backing up your data on an external on-site device will surely do you good, but it’s not enough as it could be damaged in case of a local disaster. That’s where the “1” in the 3 2 1 backup rule comes into play. This part of the 3-2-1 rule states that you must store at least one copy of your data at an off-site location such as a cloud server.
Even if it’s not on the cloud that you want to use, the storage location/device should be located as far away from the primary data location as possible. This way, if an earthquake, wildfire, or another natural (or manmade) disaster were to impact the region where your primary storage backups are located, you’d still have a backup at another regional location that you can fall back on.
Why the 3-2-1 Rule Works
Thanks to the on-site back up you’ve created, you won’t have to go running around in the event that your primary device gets compromised. You’ll be able to restore your data promptly by using the two on-site backup devices that you have available.
Now, what if the unimaginable happens, and both the primary device as well as both the on-site device get lost or damaged? That’s where the off-site storage comes in to save you from all the anguish you’d otherwise face. The off-site data that you’ve stored will protect your data in case both devices — your primary and back up devices — suffer damage and lose your data. This might seem unlikely, but it’s certainly a possibility in disasters such as tornadoes, earthquakes, floods, etc.
The double-layer protection and greater data-access flexibility are the reasons why the 3-2-1 backup rule is a strategy that’s recommended by security experts the world over. But there is one important thing to remember with all of this…
The 3-2-1 Backup Rule Is Great — But Only When You Implement It Properly
No matter how good a plan looks on paper, it must be implemented correctly to make it work the way it’s supposed to. The 3-2-1 backup rule is no exception here. The 3-2-1 backup rule sounds like a fool-proof plan that won’t let your data go away anywhere, but there are things that you need to consider.
Whether you’re an individual who wants to back up your cute cat photos or an organization that wants to back up a ton of organizational or customer data, the 3-2-1 backup strategy can be your rule of thumb for data protection and disaster recovery because it minimizes the chances of data loss, thanks to its double layer of protection.
Having three copies of your data is, of course, great but it’s not enough as there are factors that matter immensely to make or break your backup strategy. Here are four tips to ensure your backups are there when you need them:
- Implement access measures to ensure the security of your backups. You must ensure that the devices and backups you use can be accessed only by authorized individuals. These devices must be secure so that the data doesn’t get damaged, lost, or stolen.
- Schedule and perform frequent backups. You must take backups at short, regular intervals to ensure that all data is backed up.
- Use encryption to protect your at-rest data. If your data is sensitive and could affect you or your customers should an unintended user gets access, then you must encrypt it so that an unauthorized person won’t be able to see or tamper with it.
- Perform regular quality checks to ensure the backups are working. What if your backup device has become infected with malware and it’s corrupting your data? And what if you don’t even notice until it’s too late? That’s why, you must regularly perform quality checks to ensure that the data is working so it’s there when you need it.
A Final Word on the 3-2-1 Backup Rule
It’s never a pretty sight to see someone lose all their data, and it’s even more painful if you’re that person. Nobody wants to lose their data and that’s why everyone needs to back up their data, no matter how boring or monotonous the task may seem.
The 3-2-1 backup strategy might sound like a lot of work, but it could save you a lot of time, frustration, and money when things eventually go wrong. And if Murphy’s Law is true, things inevitably always will go wrong at some point.