A staggering 80 percent of businesses saw an overall increase in cyber threats throughout the year.

A sound backup strategy is essential for businesses to mitigate risks and unplanned downtime. However, the emphasis is on “sound.” Moving multiple computer systems and virtual environments (holding many virtual machines) to another location is a backup strategy, just not a sound one.

To build an effective backup strategy in a complex multi-cloud hybrid infrastructure – the 3-2-1 backup rules should be up for consideration.

What is the 3-2-1 Backup Rule?

Peter Krogh, a commercial photographer is credited with making the 3-2-1 backup rule popular by describing it in his book The DAM Book: Digital Asset Management for Photographers. The rule suggests three (3) copies of your data on two (2) different storage media, with one (1) copy located offsite. Keep in mind, the 3-2-1 backup rule is not actually a process but a mere guideline, which means it can be tweaked as per business requirements.

Let’s dive deep into the 3-2-1 backup rule.

3 – Copies of Your Data

A single backup is as good as bringing a butter knife to a gunfight. An effective backup strategy requires multiple copies of the same data to ensure if something happens to the first and even to the second, you still have a copy left.

The first copy will be your primary or production data stored on an internal hard drive, followed by two backup copies of your primary data on two independent devices. It is not to say you can’t have more than three copies, but ideally, you should have at least three copies.

2 – Different Storage Devices

Folks put too much confidence in the storage device they use. However, the bitter truth is storage devices eventually fail due to defect or wear and tear. Storing all your backup data on the same device is a foolproof way of losing your precious data.

Instead, physically store your backup data across two different storage media. It includes an external hard drive, optical disks, digital tape, or the cloud (public or private). The probability of two independent storage media failing is less than that of two devices of the same type.

1 – Backup Copy Offsite

Even if you keep the primary data on an internal hard disk and two copies of backup data across two different storage media – they are still in one place. Natural disasters like the California wildfires or Hurricane Michael can damage all copies of your data.

To avoid this situation, keep at least one copy of your data in a remote location, such as secondary physical data centers or private clouds. If you are using offsite data centers, ensure a good amount of physical separation from your primary data center.

Offsite storage is key in achieving a complete backup strategy; it is the most crucial factor in enforcing the 3-2-1 backup rule.

Here’s a recap of the 3-2-1 backup rule.

Is the 3-2-1 Backup Rule Perfect?

Nothing is ever so perfect, and the 3-2-1 backup rule is no exception. However, it is a practice highly recommended by reputed institutions and government authorities like Carnegie Mellon and the United States Computer Emergency Readiness Team (US-CERT).

The challenge is to find a backup system reasonably close to perfection that is a viable option for an SMB. In this context, the 3-2-1 backup rule might work for your MSP.

Why the 3-2-1 Backup Rule Works

MSPs are increasingly adopting the backup-as-a-service model, and many of them use the 3-2-1 backup rule as it offers flexibility and security.

The success of the 3-2-1 backup rule lies in the “air gap.” An air gap is a way of securing a copy of data by physically separating primary data from the backup copies. It ensures restoration in any scenario, whether there is a technical failure, hackers, or natural disasters. The result is a safe, reliable backup service.

Why the 3-2-1 Backup Rule Does Not Work

The 3-2-1 backup rule enables an effective backup strategy, but at a price tag. If you revisit the backup rule — it requires you to have two copies (which you will have to keep overwriting on both storage devices and the offsite storage) that reflect the latest version of the original. Moreover, your customers will have to bear the expenses of maintaining an offsite location.

However, the bigger problem with the 3-2-1 backup rule is that it does not consider the changing nature of data. If you overwrite your backup with corrupt data, you will have corrupt data living on two different storage media and an offsite location. Your customers will be in the same position as they were without a backup.

3-2-1 Backup Rule Variations

The drawbacks have pushed MSPs to explore variants of the 3-2-1 backup rule.

These variants might not be popular but are worth considering.

The 3-2-1-0 Backup Rule

This rule begins with the traditional 3-2-1 backup rule. However, the 0 part of the rule describes the type of backup you Do Not want. It acts as a preventive measure in the case of a data breach.

  • 3 copies of data
  • 2 different medias
  • 1 offsite backup location (online)
  • 0-day vulnerability (assuming someone will obtain a copy, and issue a patch)

The 3-2-1-1-0 backup rule

This rule includes protection against ransomware by giving offsite and offline options a step for recovery testing.

  • 3 copies of data
  • 2 different medias
  • 1 offsite backup location (online)
  • 1 offsite backup location (offline)
  • 0 recoverability errors

The 3-2-1 Backup Rule Done Right with Unitrends MSP

Unitrends MSP offers fully automated, application-level testing and failover to ensure guaranteed data restoration in a data loss incident. It validates the 3-2-1 backup rule, giving you and your customers peace of mind.

Want to know if Unitrends MSP is the right fit for your business? Schedule a Demo today.