Backups of data and transaction logs are a critical component of a disaster recovery plan as it’s the only way an organization can restore data lost in a catastrophic failure. Disaster recovery plans cover failure from a security event, corrupted I/O events, or physical incidents such as flood, theft, or fire. One backup copy is never enough to ensure fast, seamless recovery of data. The 3-2-1 rule exists to reduce the risk of damaged or unrecoverable backup files.
Frequency of backups is determined by an organization’s threshold of tolerance should one system fail. Small businesses might be able to go several days without a backup and still function fine. Larger organizations have only a few minutes of tolerance. For instance, a financial organization could lose thousands of data points within a few minutes, so backup frequency is every few minutes.
Tolerance is decided using two factors: RTO (Recovery Time Objective) and RPO (Recovery Point Objective). RTO determines the duration of time an organization can withstand before downtime is considered a critical revenue-impacting event. RPO is a point in time where data must be restored to avoid revenue-impact from data loss. Both values are calculated based on business rules, the system that must be backed up, resources, and the system’s purpose. For instance, a database system storing financial data might be very critical and needs frequent backups, but a report server that uses old data for analysis could lose a day’s data and not be crucial to productivity.
Another way to calculate risk is to consider the media used to store backups. For instance, if a hard drive has a 1/100 chance of failure, this calculates to a 1/100 chance that a backup could be corrupted or fail and data could be unrecoverable. If you have three copies of backups on three different media and all three have a 1/100 chance of failure, you then reduce risk to minuscule levels. The chance would then be calculated as:
1/100 * 1/100 * 1/100 = 1/1,000,000
With the above calculation, you can see why businesses follow the 3-2-1 rule.
The 3-2-1 rule reduces the chance of unrecoverable data to a point that it’s nearly guaranteed that a backup will recover data without issue.
The first component of the 3-2-1 rule is that an organization should always have at least three copies of backup data. This is often overlooked at new or small organizations that think one copy is enough to cover the backup and restore procedures. Three copies of backups should be taken, and at least two copies should be on different media.
Three copies cover the issue of corrupted backups, but what happens if organizations store all three backups on the same hard drive? Should the hard drive fail, the organization all three copies are lost. Some organizations use RAID configurations to mirror or stripe data across multiple disks, but this configuration still leaves a single point of failure. If a drive controller fails, then the data is unrecoverable.
With two media types, organizations reduce risk and remove the single point of failure. Most administrators store data on a network drive, and then take another copy on removable media such as an optical disk. Tape backups are also common when the organization needs an extensive amount of storage capacity. Tape drives store more data, but the read and write procedures are slow on tape drives. Optical disks hold less data but are faster with reads.
At least one copy of backups should be stored offsite. For instance, if backups are stored on tape, the organization owner could take one home. This is often the option for very small organizations but isn’t feasible for larger ones.
The best backup solution is cloud backups. The cloud offers infinite data storage, and it provides a way for organizations to cover all three rules with one backup location. A copy can be sent to the cloud, it’s an alternative media source from a network drive, and it’s offsite. Cloud backups are the most common way organizations cover the 3-2-1 rule.
After backup procedures are determined, they should be incorporated into the organization’s disaster recovery plan. Backups should be automatic, and they should be performed during off-peak hours to avoid network performance degradation.
At minimum, one copy should be readily available, which can be a copy on the network or cloud backups. Occasionally, administrators should restore a backup to ensure that the data isn’t corrupted and that automatic backups are working properly. With backups and a solid disaster recovery plan, organizations can be saved from catastrophic failures or becoming victims of a security event that requires restored data.