3-2-1 Backup Strategy: The Simple Third Step to Protecting Your Data
Too often, businesses treat their data the way some people treat their health. That is, they take it for granted until something happens. Likewise, data-smart people have something in common with health-smart people: They focus on preventing problems rather than waiting to fix them.
While leaders generally acknowledge that their data is the most important part of their business, they often allow it to be the most vulnerable part as well. Either the right steps have not been taken to protect data, or they wrongly assume that their data is already protected by their software vendors. However, if they were to read the fine print of their OneDrive or Google Docs terms and conditions, they would see there that data safety is not guaranteed.
This is what business leaders have to understand. As the ones in charge of business continuity, protecting the company’s data is up to them.
The 3-2-1 backup rule
The 3-2-1 backup rule provides an easy-to-understand framework for how backup works and supports companies in creating a more reliable strategy for business continuity. It ensures that no matter what happens to their original data or even to their primary backup, companies will still be able to retrieve all the information they need to resume operations.
Here is what the numbers mean:
3 – Three is the minimum number of copies you should have of your data.
2 – Two of these copies, including the live device where data is generated or first collected and then a second one on a local storage unit. Traditionally, this was an on-site server or external hard drive.
1 – One copy of your data should also be stored in a separate location. Increasingly, this means on a public cloud.
Having at least one backup of your data is smart practice. Having a local backup means that you can retrieve data very quickly if, say, for example, a laptop breaks down.
However, a single local backup is not enough for all types of risk. What if you are keeping your external hard drive in the same bag as your laptop and that bag gets stolen? On a larger scale, what happens if there is a fire or flood at your office? Servers are as vulnerable to fire and water damage as any other electrical equipment.
This is why it makes sense to keep a third copy in a remote location. Physical distance alone ensures that, in case of theft or local environmental disaster, you will still have one copy that remains unaffected and this can be used to reboot your business.
Furthermore, the cost of cloud storage is extremely low, so, given the safety payoff, there is no reason not to add that extra precaution
How 3-2-1 can protect you from cyberattacks
More and more, companies are falling prey to deliberate attacks that specifically target their data. These malicious attacks are intended to sabotage data, delete it, steal it, or hold it to ransom.
Cyberattacks travel over a network, so what you want is a way for your remote backup solution to identify the threat and cut off access. This technique is known as ‘air gapping’ is offered by providers who offer backup as a service (BaaS). It works sort of like raising a drawbridge, keeping your offsite data unaffected and ready when you need it.
Is 3-2-1 the ultimate solution?
Because data has become critical to business continuity (and therefore survival), there is an ongoing evolution of ways to offer ever-better protection. This includes having secure, constantly accessible backups. The 3-2-1 backup rule is for the bare minimum a company needs in order to safeguard their data.
Naturally, there has been a move away from physical backups and more businesses and individuals are relying on the cloud for even their primary backup. However, just because software is parked on the cloud does not mean they will take responsibility for data recovery. You should still store copies of your data in at least three locations.
To protect your data is to protect your business
Think of 3-2-1 as the beginning, not the end, of your backup strategy. It is the first step to understanding that data protection requires multiple and diverse layers. Technical and environmental threats still exist, and cyberattacks grow more elaborate by the day. You have the responsibility to not make yourself an easy target.
Data recovery requires careful consideration of the different types of data you have, the risks you face and how to mitigate those risks. After all, your backup strategy is like health insurance for your company. In the event of any mishap, it supports quick recovery to have you up and running again.