3-2-1 backup rule

The purpose of the 3-2-1 backup rule is that there should be no data loss, even in the worst-case scenario. If an incident occurs, you should be able to recover your data from any one of the 3 sources.

IT teams can use the same 3-2-1 backup strategy to secure their organization’s data. If you are part of IT, you should always choose a solution purposefully built for data backup and disaster recovery. Before choosing your backup vendor, here are some questions that will help you plan and choose one that meets all of your needs:

What do you need to back up?
Most common are endpoints (desktops, laptops), servers (file servers, NAS, virtual machines), and SaaS apps (Microsoft 365, Google Drive). The preferred vendor must support all or most of the data sources that you need to back up.

What is your budget? 
If you are a small business and your primary motive is solely data backup and recovery, stick to a simple, cost-effective solution. However, if you are part of a large organization with more than 1000 employees, list all your requirements and go with the solution that meets your needs, such as backing up and protecting data across multi-cloud environments, data centers, and edge.

What regulatory compliance protocols must you support?
Companies in the healthcare industry need to comply with HIPAA when dealing with patient record data, and financial services companies must comply with SEC, CFTC, FINRA, and exchange regulations. Ensure that your backup service provider is compliant with important regulations and frameworks.

How frequently do you want to back up data? 
Frequent backups will require more storage space and high network bandwidth. If you are using on-premises storage, then you must also take into account the hardware costs, upkeep and maintenance costs, additional personnel to manage the storage system, and so on. A 100% SaaS solution with no hardware involved usually has consumption-based pricing. 100% SaaS can reduce your total cost of ownership by up to 50%.
 
Is the solution easy to use? 
Ease of use will ensure that employees of the organization can back up and restore their data as required without IT support. This would ensure that the IT team is free to handle more critical tasks such as remotely wiping a lost device or investigating backed-up data for potential malware.  

To learn more about the different data backup options available today, read our free enterprise data backup guide. Download now!

Back up frequently and regularly
You must back up your data at regular intervals throughout the day. Most companies plan to back up twice a day, such as before lunch and then again just before the end of the day. Ensure that each time you back up your data, there are two additional copies of it stored on different media or storage systems. 

Customer Quote:

Before Druva, our NetApp snapshots only kept two weeks of data at a time, so if an employee needed a file from beyond that it was nearly impossible. Now we can find files quickly no matter how far back. Before Druva, our backups were taking three days to complete, and even then we would have to stop them because they had gone on too long, now they always complete within hours.
– John Parry – Group IT Infrastructure Manager
   Johnson Service Group

Automate backups
Use software that will automatically backup your data as per the 3-2-1 rule at defined intervals during the day. This will eliminate the cumbersome process of manually creating copies of the data.

Test the data recovery speed and efficiency
Backups are only good if you can recover the data when required. As straightforward as it may seem, backing up data does not guarantee that you will be able to recover the whole data. Ransomware specifically targets backups because they eliminate your failsafe first to force companies to pay the ransom. 

Maintain basic cyber hygiene
Ensure you continue to adhere to cyber security practices such as using antivirus for your devices, avoiding phishing emails, refraining from uploading or adding sensitive business information on any website, using corporate VPN when sending and receiving official data while you are not in your office, refrain from connecting unknown hard drives or USB devices to your office computer, and so on. 

Back up important files only
Avoid backing up unimportant data such as personal videos, pictures, cache folders, and other things that are not related to work. If you are using backup software, you can pre-define the file types and folders that you want to back up.

• No clarity on storage types that you must use – The rule does not specify what types of storage media you should use for storing data both onsite and offsite. On-premises storage such as tapes and disks require an upfront hardware investment, physical space, personnel for regular upkeep and maintenance (which can be a challenge with the pandemic), and are prone to physical disasters such as fire and theft. On the other hand, the cloud helps to reduce costs, as you don’t need any upfront investment and are only charged for the amount of data you store, and it scales with your requirements.
  
• Costly – The price of copying data to tapes and sending them to a different location to safely keep in a vault is huge when you are a large organization generating several terabytes of fresh data daily. In addition, if you have to recover data, retrieving it from an offsite location can be time-consuming and expensive.
• Does not take into account viruses and ransomware – Cyber attacks are now more frequent and severe. However, the 3-2-1 rule assumes that your backed-up data is uninfected. If you inadvertently copy infected data to other storage locations, you run the risk of infecting other data stored in such systems. If all systems are connected to the same network, the infection can quickly spread to multiple devices. If you restore this data to any device you will reinfect that device
• Too much data redundancy – The rule assumes that you will create fresh copies of data every time you back up your data. This approach would use up a lot of space as you are re-copying entire files and not the files that have changed. This would increase costs as you keep adding more space to your backup storage system.

It absolutely is. The 3-2-1 backup rule serves as a template for any backup strategy that you want to use. Here’s is Mr. Backup (W. Curtis Preston) himself explaining how the rule applies to the cloud:

Druva’s cloud data protection solution uses AWS S3 for storing backup data. Whenever you back up any data, it is immediately encrypted using an AES 256-bit encryption key and then replicated in three separate locations. This enables you to have 4 separate copies of data in 4 different locations. As the data is encrypted, only authorized personnel from an organization can view and restore the data. Thus, you always have an offsite version of the data that is not only secure but always accessible to the right people.

Druva’s cloud-native, scalable, 100% SaaS solution takes advantage of the public cloud’s simplicity and scale to provide a single solution for backup and recovery, disaster recovery, cyber resilience, eDiscovery, legal hold, compliance, and forensics. 

Click here to download our free guide to enterprise data backup and recovery architectures. It explains the different backup methods available today so that you can make an informed decision while choosing your backup vendor.

Now that you’ve learned about the 3-2-1 backup rule, brush up on these related terms with Druva’s glossary:

• What is a backup policy?
• What is a data retention policy?
• What is data loss prevention?