Is the 3-2-1 Rule of Data Backups Outdated?

The 3-2-1 rule of backups has been something akin to not using weak passwords or flossing daily: While not everyone follows it, it’s generally agreed to be a good idea. As with all things technology-related, there are newer alternatives that may do a better job of securing your organization’s data.

What is the 3-2-1 rule of backups, anyway?

The 3-2-1 rule recommends keeping three data backups on two different forms of media with one copy offsite. When first proposed, this rule provided the bare minimum for data protection; if you have multiple backups onsite, your bases would be covered in the case of equipment failure. If your office was hit by a natural (or otherwise) disaster, an offsite copy would mean the ability to recover data. Anything less qualified as needlessly risky behavior.

What changed?

One of the benefits of having an offsite backup was that data was “air-gapped,” or not connected to any other systems. In other words, if something corrupted data across a local network, including onsite backups, there would be a copy completely disconnected and not subject to the same threats. 

In the era of cloud-based backups and NAS solutions, having a backup “offsite” doesn’t mean it’s isolated. Ransomware attacks will often target and encrypt backups and live data alike and can just as easily compromise a cloud-connected backup as an onsite one. 

Given the scale of the damage, economic and otherwise, caused by ransomware and other forms of cyberattacks, IT professionals have proposed a few alternatives. The names are admittedly less simple and memorable as “3-2-1,” but when implemented properly, they do overcome its shortcomings.

3-2-1-1-0

Like 3-2-1, 3-2-1-1-0 requires keeping three separate backups on two different types of media with one offsite copy. Where it goes further is that it also requires one copy to be air-gapped and the storage environments have zero errors. This means that there’s an additional option in the event of a ransomware attack, the zero errors part introduces the need for regular testing and monitoring, something not addressed in the 3-2-1 model.

 4-3-2

The other popular replacement to 3-2-1 is 4-3-2. This requires four copies of data in three locations with two copies stored offsite. While this might just sound like super-sizing all of the elements in the 3-2-1 approach, it provides a few failsafe not addressed by its predecessor: Multiple locations means recoverability in the face of natural disasters or catastrophes, and having two offsite backups on two separate networks adds protection from large-scale cyberattacks.  

Which approach should I use?

It ultimately depends on the nature of your data, the size of your organization and your vulnerability to cyberattacks. While the 3-2-1 approach is getting long in the tooth, its long-standing acceptance goes to the core of protecting data, namely that one copy isn’t enough, two copies aren’t perfect and keeping every copy in the same location can leave them vulnerable to physical damage. 

Equipment failures and ransomware attacks are unlikely to decline as a threat anytime soon, so following at least one of these approaches should go a long way toward preventing a data disaster for your organization in the future.

Wondering what your options are? Not sure which plan would be best for your organization? Nodal can help! Contact us today!