logo ORSYS Le mag

The training and skills medium

Home > Digital technologies > Good backup practices: the 3-2-1-1-0 rule

Good backup practices: the 3-2-1-1-0 rule

Published on March 29, 2024
Share this page :

Ransomware, a corrupted database, malicious internal activity or a simple water damage can threaten your data and cripple your business. However, a simple and effective strategy helps minimize risks and guarantee the continuity of your business: 3-2-1-1-0 backup. This strategy relies on cloud backup, fast recovery and a good dose of common sense. Here's how to implement it...

Data loss can have a devastating impact on a business. The figures are alarming: 93 % of ransomware victims report being unable to restore all their data and reestablish their operational processes within 3 days, according to a 2024 study by security specialist Cohesity!

Whether due to hardware failure, cyberattack or human error, rapid data restoration is essential to minimize disruption and financial loss.

In this matter, prevention is better than cure. Strategies limit risks while guaranteeing the continuity of your activity:

  • Define a backup policy by identifying critical data for your activity and define the backup frequency.
  • Define a business recovery plan (PRA) adapted to your needs
  • Plan for business continuity in a business continuity plan (BCP)

Safeguarding is therefore the basis of all resilience.

But what is a good backup?

Understanding the 3-2-1-1-0 rule

A good backup is a complete and reliable copy of your data, accessible when needed. It must be regular and can be restored easily and quickly according to your organization's Recovery Time Objective (RTO). It must make it possible to restore data of acceptable age according to your organization's Recovery Point Objective (RPO).

It protects you from different types of threats (hardware failures, human errors, cyberattacks, malicious acts, natural disasters, etc.).

Rule 3-2-1

The 3-2-1 rule is a backup strategy established by American photographer Peter Krogh in 2003. It has proven itself and has been adopted by many organizations.

Its principle is simple:

3 copies of your data

It is crucial to keep at least three copies of your data, a production backup (your original data), a local backup, and a remote backup. This helps ensure that at least one copy remains accessible if the others are lost or corrupted.

2 different media

Store your copies on two separate media types (hard drive, storage server, tape, NAS, cloud) to improve redundancy. If a failure occurs on a medium, all backups on this medium can be considered failed.

1 offsite backup copy

Keep a copy of your data in a physical location different from your main site. This protects your data from natural disasters, fires and other incidents that could affect your site. During the fire at the OVH data center in Strasbourg in March 2021, the backup servers were in the same building as the production servers. The fire therefore destroyed the original data and their copies.

Remote backup, Backup as a Service (BaaS) or Storage as a Service (SaaS) can be done on a public cloud (Amazon S3, Azure, Google Cloud Storage, OVHcloud, etc.), a private or hybrid cloud.

The choice of storage type and frequency depends on the type of data, the use you want to make of it and the frequency of access.

For example, Azure Files provides cloud-based file shares that integrate seamlessly with on-premises file servers. For data analysis, you will instead have to turn to a data lake like Azure Data Lake Storage.  

The 3-2-1- rule1-0

Cyberattacks have changed backup strategies. The 3-2-1 strategy has therefore been extended by two other rules.

1 offline copy

Store a copy of your data on media not connected to the Internet. It will be protected against cyberattacks and ransomware. Backing up on magnetic tape remains to this day the safest way for offline backups according to Anssi in its guide Backup of information systems from 10/18/2023.

The cartridge must be physically inserted into the drive to be read, which in principle protects it from network attacks.

Many publishers (Veeam, Hornetsecurity, Rubrik, Nakivo, etc.) offer solutions for making immutable, therefore unalterable (impossible to modify, overwrite or delete), read-only backups. This WORM (Write Once Read Many) storage, write once, read several times, has proven itself.

An offline backup solution remains considered more robust than an online WORM solution as offered by these publishers. However, an acceptable compromise may be to perform regular backups with a WORM solution and perform offline backups to magnetic tape, for example, at a lower frequency.

0 error

An effective backup is one that is tested regularly. Make sure your backups are error-free and can be restored quickly and easily by doing regular restore tests. An automated monitoring system can relieve you of this work.

Anticipation is key

Finally, consider including installation media and business application configurations in the backups. And, in the event of a suspected compromise or attack in progress, it is important to have planned an emergency isolation procedure for the backup system (servers, media, etc.).

You may also be interested in these articles

Google Tag Manager Google Tag Manager: optimise the collection of your digital data web scraping Web scraping: how to automatically retrieve data from the web Illustration article business intelligence: from Excel to power BI From Excel to Power BI, how do you make the most of a data table?

PREVIOUS ARTICLE

Climate fresco: raise your employees' awareness and strengthen your CSR approach!

NEXT ARTICLE

Communicating better to prevent burn-out

Our expert

ORSYS Editorial Board

Made up of journalists specialising in IT, management and personal development, the ORSYS Le mag editorial team [...]

associated domain

Virtualization, Cloud, DevOps

associated training

Veeam Backup & Replication v12 - Configure, Manage and Recover

Virtualization, synthesis

Windows 2022, implementation and administration