The 3-2-1 Rule And Backup Best Practices

Posted by De Nnochiri on September 14, 2020

It’s estimated that 60% of businesses that experience catastrophic data loss will shut down within six months of the event. So a backup plan and an effective strategy for Disaster Recovery (DR) are essentials for any organization that relies on information for its existence — which pretty much includes everyone, these days. The 3-2-1 Rule is one of the basic foundations for an effective backup strategy, and in this article we’ll be breaking it down, and looking at some best practices for data backup and business continuity.

The 3-2-1 Rule In A Nutshell

The 3-2-1 Rule provides both a backup strategy and a basic framework for complete backup and disaster recovery planning. Counting down from 3, it goes like this:

3: You need three copies of your data.

At the heart of any backup strategy is the principle of redundancy — the idea that you should have multiple instances or copies of everything important. That way, if an original fails, you can fall back on one of the others.

In the context of Information and Communications Technology (ICT), this applies to hardware, software, data, and methods for communicating. The “3” in the 3-2-1 Rule takes on the data element, by stipulating the minimum amount of redundancy that you should have — your primary data source, plus two backups of that information.

With at least three copies of all your information, you’ll be in a better position to account for cases of corrupted data, lost or stolen files, hardware failures, and incidents due to natural or human-made disasters.

2: Backed up data should be held on at least two different types of storage.

Storage devices can fail at any time, and if all of your data is held on the same kind of technology, the chances of the same fault being common across all units are higher. Keeping information on different types of storage media helps guard against this.

There are numerous storage options available, including internal hard drives for primary data, tapes, discs, or external hard drives, and of course the cloud. For enhanced data security and the assurance of greater business continuity, information stored on these different media types should also be held in a different location to your primary data source — and those alternate locations should be accessible, but secure.

1: At least one copy of your data should be held at an off-site location.

Natural disasters, local hardware failures, and other crisis events can occur at your primary data site without warning. If they do — and if all of your backup data is at the same location — there’s a chance that you won’t be able to restore your information, effectively crippling your business.

Keeping at least one backup set at an alternate site takes advantage of geographical redundancy (having viable copies of your data at multiple locations) to increase your chances of recovery. This is particularly relevant in the case of ransomware attacks, where a successful assault can corrupt all information at the targeted site. The only reliable method of recovery in such cases is to restore clean backup data from an unaffected site.

The Cloud And Off-Site Backup

Cloud storage provides a logical option for organizations looking for a remote and secure location for their backups. Data transfer can be easily implemented using software and centralized administration, allowing backup and restore operations to occur on a site by site basis, or across the entire enterprise.

However, although the cloud is an ideal off-site backup solution, it shouldn’t be the only option you consider. Off-site backup should also include an offline element, which doesn’t rely exclusively on internet access or network connectivity to remain viable.

So in a truly ideal setup, you should use the cloud for off-site backup, in conjunction with an offline backup alternative such as a removable drive or other storage medium, held at a secure and remote location.

Setting Objectives For Recovery

Creating backup copies of all your data is one thing – being able to restore all that information quickly and return your organization to a functional state is another. Every backup strategy should therefore incorporate solid and achievable goals for what the backup and restore processes are meant to accomplish.

The most common way of doing this is using metrics — measurable quantities that indicate the performance of backup and recovery operations. Two metrics are typically employed:

  • Recovery Time Objective (RTO): A measure of how long it should take to get everything back in order. This will vary from organization to organization, but should obviously be as short as possible.
  • Recovery Point Objective (RPO): A measure of how much data the enterprise can stand to lose, and still remain viable. Again, this will depend on the nature of your organization and its operations.

Keeping Everyone On The Same Page

Your internal IT team, cloud vendor, and external partners such as managed service providers all need to be part of your backup and business continuity ecosystem. Everyone should be following the 3-2-1 Rule and best practices to preserve your data should any disruptions occur.

It’s important as well, to educate your staff in these best practices and the workings of the 3-2-1 Rule, to keep everyone on the same page when it comes to backups and data security.

Test Your Backup Strategies

Finally, it’s essential to periodically test your backup and recovery procedures. This will enable you to determine the effectiveness of their timing and technique. By restoring backed up data to a test system, you’ll also be able to learn how viable and up to date your backup information actually is.

Ultimately, the requirements and unique circumstances of your enterprise will determine how best to implement the 3-2-1 Rule and your backup strategy, to keep in line with your business continuity plan.

Related materials:

Views All Time
Views Today
Return to all posts

How Amazon Web Services (AWS) Are Responding To COVID-19
The following two tabs change content below.