Move Beyond the 3-2-1 Rule for Data Backups
Data is a critical resource to today's digitally enabled companies—and it’s absolutely central to keeping business operations running. When a ransomware attack causes data loss, it can halt an organization's ability to properly function for long stretches of time.
The traditional wisdom behind business continuity and disaster recovery (BC/DR) can exacerbate the problem when an attack first happens and data is lost. Many companies still rely on the old 3-2-1 backup approach. This strategy requires having three copies of your data, on two different forms of media, with one offsite copy. But organizations using this approach might find that their recovery isn't as fast as expected—or even guaranteed.
The data-security landscape has changed immensely since the 3-2-1 backup rule was introduced in the mid-aughts; as the field has advanced, old approaches to security are no longer the most effective to mitigate data loss. Modern data landscapes call for modern solutions to most effectively get companies back up and running following an attack.
The 3-2-1 Rule of Data Backup
The 3-2-1 rule of data backup was designed to help ensure that people and organizations could successfully recover data following an event such as data corruption, accidental data deletion, physical-device failure/loss, or physical damage (such as from a fire or flood).
Since its introduction, the 3-2-1 rule has become the industry standard for simple and effective data protection and disaster recovery. Keeping multiple copies of data in separate locations makes organizations more resilient to cyberattacks because if one copy is impacted, there are others safely available in another location or storage medium.
Although IT environments have changed significantly since the 3-2-1 rule was first introduced, today's organizations still use the strategy to tackle data loss. Unfortunately, this legacy approach to data protection simply isn’t robust enough to appropriately address modern-day cyberattacks.
Modern Cyberattacks and Recovery
Traditional backup methods based on the 3-2-1 rule take periodic snapshots of data to fall back on. If a user on a system inadvertently lets malware in, however, the entire network could be compromised—meaning that near-instant recovery might not be possible.
If, for example, the ransomware deleted or encrypted local backups and snapshots, recovery times could be drastically lengthened. The organization would only have access to the next available data-backup copy, which is held remotely. As such, recovery could take longer, and fewer restore points are likely to be available. This leads to more significant data gaps at recovery—which could span hours or even days. Low bandwidth at remote sites can also make data recovery painfully slow.
Today’s organizations are larger than ever. They generate huge amounts of data every day. Recovery after data loss can be a massive process spanning days and tanking operational productivity. Organizations need other backup options that enable them to recover quickly and comprehensively against ransomware and other modern-day threats.
Better Protection with 4-3-2-1
Those looking to improve upon the traditional 3-2-1 strategy are turning to a more robust 4-3-2-1 backup plan—which includes storing data in the cloud and creating an immutable copy of your data. With the 4-3-2-1 backup plan:
- You have four copies of data: the actual production data plus three backup copies.
- You store these data copies at three different sites; one of these sites should be in the cloud, while the other two can be any combination of local or offline locations.
- You use two types of storage (on-premises and offsite).
- You have one immutable copy of the data that cannot be changed in any way by any system user.
An important addition in the 4-3-2-1 backup strategy is necessarily keeping data stored in the cloud. In the case of a ransomware attack, if the production site is badly compromised, replicated data in the cloud can be restored to mitigate damage.
Another valuable element of 4-3-2-1 is having a completely immutable copy. In the event that even the cloud has been compromised by ransomware, it is essential to have an immutable copy locked away. Ransomware can infect entire infrastructure systems; if you have an immutable copy of your data unchanged by any potential bad actor in the system, a full recovery can still be made.
Modern cyberthreats call for hefty protection to keep company data safe. Organizations are moving beyond traditional backup strategies and ramping up their data protection by making more replications of data and spreading them across a variety of storage locations. Accordingly, companies should seek out a range of storage options and the flexibility to make however many copies they want, stored wherever they want, with ease—no matter the number of workloads they have.