The 3-2-1 backup rule rethought

When an organization is under attack, every second of system failure can be catastrophic. A not insignificant problem with the traditional 3-2-1 backup rule comes into play with the desired recovery time objective (RTO) and the target recovery point objective (RPO). Often, neither can be met or achieved. Even worse, the backups are compromised and the risk of complete data loss is high - even if you pay the ransom. So it makes sense to consider a contemporary approach to the 3-2-1 rule.

Slow recovery

The traditional 3-2-1 rule recommends that you keep at least three copies of your data. Two copies should be stored on-site on different media (or on two hard drives on different systems). A third copy is kept at a remote location, according to the rule. This would give you two copies on different media at two locations or on two devices. In principle, this would mean quick access to the backup should the primary storage fail. But that is not always the case. Suppose a site-wide disaster occurs and both storage systems fail? And what if ransomware gets into the administrator's system and the malware spreads like wildfire, even infecting the secondary storage?

If this happens and the primary storage and onsite backups are compromised, shut down all systems and then start the backup and disaster recovery process. At the same moment, you turn your attention to the remaining offsite backups. And it is at this point that the problems begin. Because secondary storage is primarily designed to provide backup security and scalability at a relatively low cost, tape-based storage is often used. Tape, while comparatively inexpensive, is slow. Even the use of traditional hard disks hinders fast restores simply because of bandwidth limitations. As a result, it takes a long time for applications and data to be restored and online after a disaster. This time can be very costly for companies or even threaten their very existence. That's why it's important to find a 3-2-1 approach that guarantees fast recovery.

Full data protection including fast recovery

In the traditional 3-2-1 rule, the 2 refers to the number of media types (and/or separate systems) that are used. In a revised rule, the 2 should better refer to the locations.

It makes sense to position the first copy as close as possible to the endpoints. This allows data to be restored quickly in the event of a disaster, and there is no need to worry about latency or access. The second backup copy should be kept outside the Virtual Local Area Network (VLAN) or away from the site. If the copy is not kept within the VLAN or the site, the data is protected from most malware or ransomware. Off-site storage also protects in the event of a site-wide disaster, such as fire or flooding.

Backup and restore on schedule without much administration

Enterprises need an efficient backup and recovery strategy - ideally with centralized, simple management and with clearly defined service level agreements (SLAs). This will achieve the desired recovery times and recovery points. Should a primary system fail for whatever reason, a company must be able to restore the failed servers, including files and folders, from backup within seconds.

Easy scalability, continuous data protection

Immutable snapshots are an important feature for protection against ransomware. Snapshots can be used to back up data every 90 seconds, for example. The smart thing about this type of backup is that snapshots are stored in a hidden share and are read-only. This automatically protects them from ransomware and encryption. Even better, if the data on the primary storage is compromised, all data can be restored from the hidden and secure copies within 15 seconds.

1 for 100%ige business continuity

The question arises, what happens if the local copy and external storage fail in a disaster? This is where 1 of the 3-2-1 rule comes into play. It refers to storing the third copy in a secure, off-site location. Today, this is often cloud storage, which is also a viable alternative in terms of cost and scalability. However, transferring large amounts of data between local systems and the cloud is very bandwidth intensive and can impact the local network. If the required speed for fast recovery is not available and compliance with RTO and RPO cannot be guaranteed, there are ways to achieve business continuity even with cloud storage. For example, solutions such as additional virtual server startups in the cloud can usefully bridge the time while local systems are being restored and keep the business up and running.

Some parts of the 3-2-1 rule are still useful today. However, the principle must be adapted to today's technological possibilities and supplemented with better methods.

Source: StorageCraft Technology Corp.