3-2-1 Backup Rule: Implementing Efficient Data Protection
Most businesses now understand the importance of backing up data to avoid the negative impact of data loss on their operations. Whether it is disruptions caused by accidental deletions and hardware failure or more severe accidents like natural disasters or malware attacks, maintaining access to data is key.
A single copy of critical data may seem to be sufficient to recover from. However, at the heart of every robust data protection plan is the 3-2-1 backup rule. Today, this rule is a universally accepted strategy within the IT industry and beyond. The 3-2-1 backup approach is recommended by information security professionals and government agencies like the Cybersecurity and Infrastructure Security Agency (CISA) in the USA (in the Data Backup Options document by US-CERT).
Read on to learn about the components of the 3-2-1 rule and how to build on it to meet emerging cybersecurity challenges.
What Is the 3-2-1 Backup Rule?
The 3-2-1 backup rule refers to a tried-and-tested approach to data retention and storage:
- Keep at least three (3) copies of data.
- Store two (2) backup copies on different storage media.
- Store one (1) backup copy offsite.
By applying this rule, you ensure that data can be recovered in almost any failure scenario. One of the most common practices is to keep one copy of production data, one backup on a local repository and one backup copy in offsite storage or in the cloud.
This approach is not about choosing one medium over another but rather about finding the right combination of storage media and locations in terms of cost-efficiency, security and flexibility. Let’s take a closer look at each point of the 3-2-1 rule.
Keep at least three (3) copies of your data
Three copies mean the primary production data and two backup copies. Keeping 3 copies of data is the bare minimum required to ensure that you can recover in any failure scenario, keep recovery objectives low and avoid a single point of failure.
It follows then that the more backup copies you have, the less likely it is that you would lose them all at once. Having a single backup stored in the same location as the primary data means that any disaster that hits your production can also affect your secondary copies.
Store two (2) backup copies on different storage media
Having all your backups on the same type of storage media makes it more likely that both devices would fail at about the same time due to a defect or simple wear and tear.
To abide by the 3-2-1 rule, you need to store your primary data and backup copies on at least two different storage media, including internal or external hard drives, NAS, tape and others.
Store one (1) copy offsite
Keeping all of your backups in a single place is not recommended since they could be entirely wiped out in a natural disaster or a building emergency like an office fire. For this reason, the 3-2-1 backup strategy dictates that you should store one or more backup copies in a remote location, for example, in another city, state, country or even continent. A remote location in this case can be physical offsite storage or the cloud.
Keep in mind that while remote backups improve your chances of recovery, keeping local copies provides faster and easier recovery. To ensure business continuity and prepare for all potential risks, the 3-2-1 backup rule should be part of a comprehensive disaster recovery plan.
Expanding to the 3-2-1-1 Backup Rule
The original 3-2-1 backup strategy was conceived before the internet era and is perfectly sufficient in most scenarios. However, in recent years, this approach has been expanded to the 3-2-1-1 and even 3-2-1-1-0 backup rule in response to the cyberthreat landscape and data compliance requirements (NIS2, NIST, etc.).
The 3-2-1-1(-0) backup rule:
- Keep at least three (3) copies of your data.
- Store two (2) backup copies on different storage media.
- Store one (1) copy offsite.
- Create one (1) immutable or air-gapped backup copy.
- Ensure zero (0) errors during backup recovery.
What are immutable backups?
Immutable backups are backup files stored using the write-once-read-many (WORM) model. These backups cannot be modified or deleted, making them immune to new ransomware attacks and accidental or intentional deletion.
Immutable backups can be configured on Linux OS-based machines and deduplication appliances, in the cloud, including public clouds like Amazon S3, Azure Blob, Wasabi and other S3-compatible platforms.
What are air-gapped backups?
You can create air-gapped backups by storing data offline on detachable disks, NAS or tape and disconnecting them from the production site. Similar to immutable backups, air-gapped backups are ransomware-proof and can be used for swift recovery following a disaster or a cyberattack.
Implementing the 3-2-1 Backup Rule
Modern solutions like NAKIVO Backup & Replication offer numerous backup features that allow you to implement the 3-2-1 rule and extend it to the 3-2-1-1 backup strategy by including immutable backups.
Along with direct backups, these features include:
- Backup for virtual (VMware vSphere, Nutanix AHV, Hyper-V, Proxmox VE), cloud (Amazon EC2), physical (Windows and Linux), Microsoft 365 apps and Oracle Database
- Backup to cloud (Amazon S3, Wasabi and S3-compatible cloud platforms), deduplication appliances, tape, and more
- Backup copy (to tape, cloud, etc.) and chaining to automate backup copy creation after successful backups
- Immutable backups on Linux-based machines, in the cloud/S3-compatible platforms and on HYDRAstor systems
- Source-side backup encryption for protection against data breaches
- Automated instant backup verification to ensure that VMs are recoverable
Check out this short video guide on how to implement the 3-2-1 backup strategy for Microsoft 365 with NAKIVO:
Conclusion
The 3-2-1 backup rule has been the most effective approach in data protection for decades. By keeping three different copies of your data, stored on two storage media with one kept offsite, you significantly reduce the chances of losing all of your data. However, as threats continue to evolve, so should your security techniques.
The 3-2-1-1 strategy provides a more robust defense against cyberattacks thanks to immutable and air-gapped backups to adopt comprehensive backup software able to deliver all the necessary functionality.
