3-2-1 Backup: is This Data Center Backup Strategy Hype or Reality?

September 18th, 2019

A little advice never hurt anyone, right? Especially advice that’s been supported by countless leaders and experts. But even tried-and-true advice deserves a discerning eye. In the data center backup world, the 3-2-1 Backup Rule is considered the standard model for how organizations should backup their data.

What is 3-2-1 Backup?

3-2-1 Backup refers to:

  • keeping 3 separate copies of your data,
  • storing the copies on at least 2 different types of media,
  • and keeping at least 1 copy off-site.

This has served many IT teams well over the years. But these days, 3-2-1 Backup is not as universally supported as some data center backup vendors may claim. In this blog post, we’re giving 3-2-1 Backup the ole Diogenes treatment and examining exactly what it is, and if it’s really as fail-proof of an approach to data center backup as so many think it is.

Firstly, keeping three copies of your data means that in a worst-case disaster scenario, whatever super hacker or storm you face will have to take out three separate copies of your data to really immobilize your organization. The probability of this happening is low, and given standard risk assessments, three copies are enough.

In terms of having to have two different file types, it is recommended as a method of preventing storage failure. For example, your file type duo can consist of an internal or external hard drive and a portable drive, USB flash drive, SD cards, or even CD/DVD disks.

Lastly, at least one of your data copies should be stored offsite. This prevents all your data from being lost, should you suffer an on-site disaster that physically destroys your main storage. A great place for storing the off-site copy is via cloud-based storage or a storage device attached to a network (NAS, SAN) so you can access it remotely.

3-2-1 Backup Alternatives

While many data center backup vendors like Nakivo, Carbonite, and Veeam support the 3-2-1 Backup rule, not all do. Vendors such as Asigra and Unitrends have some robust criticisms.

With Asigra, 3-2-1 Backup is presented as having been a great rule in the past, but not in the future. Why? Ransomware is becoming more and more sophisticated. They do not suggest that 3-2-1 Backup be entirely discarded, but rather augmented with further protection.

For example, the 3-2-1 Backup rule doesn’t account for files become infected, proliferating. Asigra advises that IT teams not only use the 3-2-1 Backup rule, but invest in backup software that includes ransomware and malware detection to prevent the spread and backup of infected data.

Unitrends takes a stronger stance. They say that one off-site copy of your data simply isn’t enough. They offer an alternative rule they call the 3-2-2 backup strategy. With this rule, rather than keeping only one offsite copy, you keep two. They recommend this strategy for achieving continuity by using both a cloud-based copy and a second local copy. With this method, you not only have additional recovery options (which is always a good thing), but the options are not prone to the exact same risks. The 3-2-2 backup strategy is depicted below:

[Mark Campbell / Unitrends]

Ultimately, the decision for what backup model to use is up to you and your organization. However, choosing a data center backup product that provides you with flexibility in terms of actually supporting your chosen strategy is key. To see what others in the data security field are saying about storage flexibility, check out data center backup reviews right here on TrustRadius.