A ransomwareA corrupted database, malicious internal activity or a simple water damage can threaten your data and bring your business to a standstill. However, there is a simple and effective strategy for minimising the risks and guaranteeing the continuity of your business: the 3-2-1-1-0 backup. This strategy is based on cloud backup, rapid recovery and a good dose of common sense. Here's how to implement it...
Data loss can have a devastating impact on a business. The figures are alarming: 93 % of ransomware victims say they are unable to restore all their data and re-establish their operational processes within 3 days, according to a 2024 study by security specialist Cohesity!
Whether due to hardware failure, cyber-attack or human error, rapid data recovery is essential to minimise disruption and financial loss.
So prevention is better than cure. There are strategies to limit the risks while guaranteeing the continuity of your business:
- Define a backup policy by identifying the data that is critical to your business and define the backup frequency.
- Define a disaster recovery plan (PRA) tailored to your needs
- Plan business continuity in a business continuity plan (PCA)
Safeguarding is therefore the basis of all resilience.
But what is a good backup?
Understanding the 3-2-1-1-0 rule
A good backup is a complete and reliable copy of your data, accessible when you need it. It must be regular and can be restored easily and quickly according to the Recovery Time Objective (RTO) of your organisation. In addition, the restored data must be of an acceptable age in accordance with your organisation's Recovery Point Objective (RPO).
Finally, a good backup protects you from different types of threat: hardware failure, human error, cyber attacks, malicious acts, natural disasters, etc.
The rule 3-2-1
The 3-2-1 rule is a safeguarding strategy established by the American photographer Peter Krogh in 2003. It has proved its worth and has been adopted by many organisations.
Its principle is simple:
3 copies of your data
It is crucial to keep at least three copies of your data, a production backup (your original data), a local backup and a remote backup. This ensures that at least one copy remains accessible if the others are lost or corrupted.
2 different media
Store your copies on two different types of media (hard disk, storage server, tape, NAS, cloud) to improve redundancy. If a failure occurs on one medium, all the backups on that medium can be considered to have failed.
1 offsite backup copy
Keep a copy of your data in a physical location other than your main site. This protects your data from natural disasters, fires and other incidents that could affect your site. When the OVH data centre in Strasbourg caught fire in March 2021, the backup servers were in the same building as the production servers. The fire therefore destroyed the original data and their copies.
Remote backup, Backup as a Service (BaaS) or Storage as a Service (SaaS) can be done on a public cloud (Amazon S3, Azure, Google Cloud Storage, OVHcloud, etc.), private cloud or hybrid cloud.
The choice of storage type and frequency depends on the type of data, the use you wish to make of it and the frequency of access.
For example, Azure files provides cloud-based file sharing that integrates perfectly with on-premises file servers. For data analysis, you will need to turn to a data lake such as Azure Data Lake Storage.
Rule 3-2-1-1-0
Cyber attacks have changed backup strategies. The 3-2-1 strategy has therefore been extended by two other rules.
1 offline copy
Store a copy of your data on a medium that is not connected to the Internet. It will be protected against cyber attacks and ransomware. Backing up on magnetic tape is still the safest way to back up data offline, according to the European Commission.ANSSI in its guide Backing up information systems from 10/18/2023.
The cartridge must be physically inserted into the reader in order to be read, which in principle protects it from network attacks.
Many publishers (Veeam, Hornetsecurity, Rubrik, Nakivo...) offer solutions for making immutable, and therefore unalterable (impossible to modify, overwrite or delete), read-only backups. WORM (Write Once Read Many) storage has proved its worth.
An offline backup solution is still considered to be more robust than an online WORM solution as offered by these publishers. Nevertheless, an acceptable compromise may be to perform regular backups with a WORM solution and to perform offline backups on magnetic tape, for example, at a lower frequency.
0 error
An effective backup is one that is tested regularly. Make sure that your backups are error-free and can be restored quickly and easily by carrying out regular restore tests. An automated monitoring system can relieve you of this work.
Anticipation is the key
Finally, remember to include installation media and business application configurations in backups. And in the event of a suspected compromise or attack in progress, it is important to have an emergency procedure for isolating the backup system (servers, media, etc.).
