When looking into backup best practice, the first words you’ll often hear uttered is “you need a 3-2-1 backup strategy,” also known as the “3-2-1 rule”. But how exactly do you go about setting this up?

In this article, we’ll discuss some of the things you should include (and some things you definitely shouldn’t) in your final backup plan.

A Quick Overview: 3-2-1 Backup Plans

If this is the first time you’ve heard the term “3-2-1 backup strategy”, here’s the concept in a nutshell. It means having at least three backups on two different types of media, and one of them off-site.

This is considered the bare minimum you need to effectively protect your backups from a wide variety of data loss scenarios. Here’s why.

Three Backups: If you have at least three different backups, if one of these backups becomes corrupt, you have two spares to use. It also gives you some different points in time to restore the data from.

Two Different Media: This means having your backups on at least two different devices. E.g. NAS and a USB HDD. This is the proverbial ‘not putting all your eggs in one basket’. If something compromises one piece of media, such as physical damage or electrical fire, then you don’t lose all your backups.

One Backup Off-site: If you have at least one backup off-site, then even if the whole business was vandalized or burned to the ground, you’ve still got a copy of your business data safely stored in a separate location.

Considerations with a 3-2-1 Backup Strategy

1. Is a Full Image Backup Needed?

If there’s an incident that takes out your whole machine, did you want to have the ability to bring it back from “bare-metal”? A bare-metal recovery is when you restore your whole system on a “bare-metal” disk drive – one with no operating system (OS) or applications. This is very useful because it makes recovery very fast, circumventing the need for a drawn out OS installation and configuration process, application installation, and driver rollout.

Long story short? It means you can reinstall and reconfigure your system in minutes instead of hours. This is incredibly attractive for your business continuity.

To perform a bare-metal recovery, though, you need an image backup of your whole system ahead of time, like a snapshot of your OS, drivers, software and data. This is what is transferred onto your bare-metal drive if disaster strikes.

If this is important for your business, you should perform full image backups as part of your 3-2-1 strategy (These are known as System Backups in BackupAssist; see our how-to guide).

With BackupAssist, when performing a System Backup, a full backup will be performed when it first runs. If the data selection and destination do not change, subsequent backups will be incremental. This means you’re only backing up what data has changed between backups, as opposed to sending and storing another complete duplicate each time.

2. Don’t Use a Sync Solution

Make sure your backup solution is not just a synchronization of your data in another location. E.g. When data changes on your live server, a mirror copy is changed identically at your backup destination. The reason you don’t want this is because you want version control.

Version control is when you have different versions of the same data from different points in time. E.g. A version of a word file as it existed yesterday, a few days ago, and a few weeks ago. With a sync solution, if you accidentally mess up a file, you’ve got two identically messed up files. But with versioning, you can roll back the file to a point in time before you made the mistake.

Having a great backup scheme, such as a grandfather-father-son scheme, gives you version control.

A grandfather-father-son scheme works like this: You perform daily backups, typically for the first four work days of the week. These are your ‘Son’ backups. On the fifth day, a weekly backup is made (Father). At the end of the month, a monthly backup is made (Grandfather). Below is an example of this concept.

You can easily adjust a scheme like this based on your RPO and RTO requirements.

3. Have a Time Limit

Versioning is great, but you don’t want to keep an ever-increasing number of backups on a storage device. This will get out of control pretty fast. A good solution is to either delete any backups over a year old or put the backup in cold / long term storage (See our article on archiving).

4. Compress & Encrypt Network / Cloud Data

Make sure any backups you’re storing either in a network location (NAS) or in the cloud (public or private) is compressed and encrypted.

The reasons for this are twofold. One, it saves you space (and therefore bandwidth and money). Secondly, encrypting your data means if someone walks off with the NAS or busts into your cloud destination, they won’t have unfettered access to your business data.

5. Don’t Locally Mount Your NAS

If your NAS is mounted as a file or folder on any computer, it’s going to be more vulnerable to ransomware infections. If your machine is compromised by ransomware, it will sweep through and look for different pathways to infect, and this will give it a wide-open door.

One way to actively protect your backups from ransomware infection is to have a feature like BackupAssist’s CryptoSafeGuard. CryptoSafeGuard protects your backups from being directly accessed and compromised by ransomware, as well as ransomware being backed up by accident and corrupting your backups.

Got any additional advice for users putting together their 3-2-1 backup strategy? Post it here!

Posted by Adam Ipsen

2 Comments

  1. You state to encrypt then compress at 4) end of first paragraph. Encrypted files do not compress well. Compress then encrypt should be more space efficient. The title is correct, end of first paragraph in reversed .

  2. Nice catch! The line has been updated.

Leave a Reply