Downtime and data loss can wreak havoc on businesses, and there are statistics abound to prove it. For example, IBM’s Cost of a Data Breach Report 2020 found that the average cost of a single lost or stolen record was $146 USD. Additionally, Dell reported that the average cost of downtime in 2019 was $810,018 USD. Unfortunately, there’s no one-size-fits all solution to preventing data loss and downtime. Everything from ransomware to human error to failing hardware can lead to lost data and productivity. Because of the risks associated with data loss and downtime, reliable backups are a must have for modern businesses. A rock-solid backup strategy is the cornerstone of disaster recovery and business continuity. But, what backup strategy should you use? How about one that has been advocated for by a United States Computer Readiness Team paper and proven by years of use within the tech industry? The 3-2-1 backup rule fits that description to a T. Here, we’ll look at the benefits of the 3-2-1 backup rule, the details behind the concept, and how you can use it to your advantage.
What is the 3-2-1 backup rule?The idea behind the 3-2-1 backup rule is simple:
- Have at least 3 copies of your data
- Save data on 2 different physical media
- Keep at least 1 copy of the data offsite
The benefits of 3-2-1 backupsThe primary benefits of 3-2-1 backups are resilience and risk mitigation. If one copy of your data is corrupted, you have 2 more to fall back on. If one storage medium goes obsolete, there is another you can use. If there is a disaster or complete loss of data at your primary site, you still have your offsite data. Simply put: a 3-2-1 backup strategy reduces your chances of losing your data completely. In a world where data loss and ransomware attacks can cripple a business, that is a major upside.
Why 3 copies?The “3” in 3-2-1 backups means keeping 3 copies of your data. 1 copy is the primary copy, i.e. what you actively use in production. The other 2 copies are backups. This approach gives you redundancy in your backups. This means you won’t suffer a catastrophic loss of data just because 1 backup is corrupted. Remember: It’s important that your backups all have the same data and that the data is current enough to be useful. The point of backups is to get you back to an operational state in a reasonable amount of time. If your backups are stale and you can’t use them to continue day-to-day operations, they aren’t very useful. Keep this in mind as you design your overall backup and recovery strategy.
What’s this about 2 media?There are plenty of different media that you can use to store data, including:
- Hard Drive Disks (HDDs)
- Solid State Drives (SSDs)
- Magnetic tape drives
- Optical media (e.g. DVDs)
- Use two different types of media (e.g. a separate SSD and HDD)– This is the traditional interpretation.
- Use the same type of media but on two different physical devices (e.g. 2 separate HDDs)– This is a looser interpretation some have adopted over the years.
Why do offsite backups matter?Using 2 different types of physical media doesn’t rule out a disaster like a fire wiping out all your data. That’s where the “keep at least one copy of your data offsite” rule comes in. For many businesses, cloud backups can make this simple. If your primary data resides at your local offices or corporate datacenters, a cloud service is inherently offsite. But what if you store your primary data in the cloud? How can you have an offsite solution in that case? You could use a second cloud provider or keep onsite copies of your data. The idea here is: 1 backup needs to be somewhere that would be unaffected by a disaster at your primary site. Whether your primary site is a your own physical location or a cloud provider (that could go out of business or suffer a data loss of their own), this part of the 3-2-1 backup rule helps you avoid single points of failure in your backup strategy.
Different versions of the ruleThere have been different twists on 3-2-1 backups over the years. We saw one earlier when we discussed the strict and loose interpretations of the “2 different physical media” rule. There are also concepts like 3-2-2 and 3-2-3 backups where you up the number of offsite storage locations. However, since the 3-2-1 rule calls for “at least” 1 offsite backup, these are really just different implementations of the same general 3-2-1 concepts.
Key points to remember when using the 3-2-1 backup ruleHere are a few key points to remember when you implement the 3-2-1 backup rule:
- Don’t let data get stale. Schedule your full and incremental backup schedules so your backups will be useful in the event production goes down. When possible, automatically sync data (e.g. between on-site storage and the cloud).
- Accessibility matters. Downtime costs money. If you have reliable backups but it takes too long to get the data into production, you have a business continuity problem. Understand how much data you may need to recover, set an RTO (recovery time objective), and design your backup strategy with that in mind.
- Test your backup recovery strategy. A failure shouldn’t be the first time you test your backups. Test your recovery strategy regularly.