Backup: What is the 3–2–1 rule?
Backups play a very important role within companies; they are at the heart of the management of an information system and it is a daily concern: did the backups last night go well? It is in a way the life insurance of a company: in the event of an incident, it is the backup that will allow you to restart your activity.
It is essential to have reliable backup system that actually secures your business data. You don’t have to save in order to save, but ask yourself the right questions. What should I save? How often? On what support? With what retention? And so on…
It is not always easy to answer this question: how to properly back up data? This is where the 3–2–1 rule for saving comes into play to help you out.
Indeed, the 3–2–1 rule for backup is there to allow you to effectively manage any failure scenario. Risk 0 does not exist, but the objective will be to reduce this risk as much as possible. Concretely, what does the 3–2–1 rule mean?
Three copies of your data
Three copies of your data do not mean that you have to have three different backup copies, but that you should at least have two backups in addition to the main production data. This gives a total of three copies for the data.
If you only have two copies i.e., production data and a backup, chances are good that the backup is physically stored in the same location as the production data. A real problem in the event of a major incident that would impact the physical integrity of the premises.
Even in the event that your backup is not on the same physical site as the production version, it is risky to have only one copy. In computer science everything is possible and no one is immune to being affected by the Law of series … Also remember that hardware redundancy at the level of disks thanks to RAID does not represent a backup.
With three copies, the likelihood of all three devices failing at the same time is very low and that’s good news!
Depending on the criticality of the data, it will be necessary to define a strategy in order to back up your data and the associated servers more or less regularly.
Two different supports
The notion of support is essential: what is the use of having two backups if they are stored on the same storage space or on two devices in the same room? It is important to have the production copy on the one hand, a backup on a first device and the third backup on another device. By device I mean an external hard drive, tape drive (LTO, for example), NAS, storage server, etc.
We can imagine having the production copy, a backup to a tape drive and then to a NAS located at a remote site over the network. This allows me to make the transition to the notion of offsite copying.
An offsite copy
Whether it is the NAS, the external hard drive, the tape drive, etc. These solutions are not miraculous when taken individually. Indeed, if your company suffers an incident such as a fire, a flood or a theft, the backup medium will be inoperable just like the production machine. There’s a similar backup cloud device available in the market which works on the same 3–2–1 concept you may check out this review learn more about and where to get that cloud backup device.
Where it is interesting and that it completely justifies the principle of the rule “3–2–1”, it is when one goes, at the same time:
· Use at least 3 copies
· Use two different types of media
· And have an offsite copy
You can have a fire on your site and lose the production server as well as the copy stored on the NAS (or other), you will have the off-site copy left: it is essential and can save the company! Whether on the Cloud, or on equipment located on another site (the principle of cross-backups is interesting), or even in a safe stored at the bank, you have to outsource your backups.
Regarding the off-site copy, make sure that it is carried out through a secure channel in order to maintain the confidentiality of your data: through a VPN tunnel or even an encrypted stream via HTTPS / TLS.
The final word
Your backup strategy must be part of an overall reflection on the management of the information system, and be integrated into your Business Continuity and Resumption Plan (PRA / PCA). The choice of backup media and the location of those media is a key step in complying with the 3–2–1 rule.