Blog & Events

The 3-2-1 Rule for Cloud Backup

Oct 31, 2018, 11:00 AM by Trenton Baker

3-2-1 Rule for Cloud Backup

If you’re looking into cloud backup and disaster recovery solutions you need to be aware of the “3-2-1 backup” mantra. In the modern multi-cloud era, putting backups in a service provider’s cloud is a way to address the 3-2-1 rule and can be used to meet any data availability requirement for the modern data center.

What is the 3-2-1 Backup Rule

Backups are synonymous with data protection, and the de facto approach is to implement the failure protection scenario known as the 3-2-1 backup rule. This principle also works for virtual environments; regardless of the hypervisor, you are running (VMware, Hyper-V or whomever).

This 3-2-1 rule was established to address hard drive failures thanks to Peter Krogh, a well-known photographer obsessed with protecting data. Data storage is prone to failure, making data backup the only safe option. This backup approach helps to answer the questions: how many backup files should I have and where should I store them? In essence:

3) — Have at least three copies of your data.
2) — Store the copies on two different media.
1) — Keep IT safe with one backup copy offsite.


3-2-1 Rule for Backup Graph

Three Copies of Data

In addition to your primary data, keeping at least two additional backups is the guidance. Obviously, the more copies of your data that exist, the less risk you have of losing everything.

One backup is a good start but not nearly ideal or resilient enough for a comprehensive data protection plan. Typically, the first backup copy of data is stored in the same physical location if not the same physical server. Having more copies of your data residing in different physical servers/locations means that you will have less risk of losing data during a emergent even malicious data attack.

Two Different Media Types

It should go without saying that storing several backups of your valuable data in the same server/place is hardly logical. Whether it be Murphy’s Law or wear and tear, or the drives were bought together and have the same mean time between failures (MTBF) rates. It is quite common after a drive failure, to experience failure from another drive in the same storage around the same time.

This portion of the rule suggests keeping two copies of data on different storage media types, such as internal hard disk drives plus removable storage media (tape, external hard drive, USB drive, etc.) Failing that, at least keep copies on two internal hard disk drives in different storage locations. Remember -- your hard drive is cheap, but your data is invaluable.

One Offsite Backup Copy

Physical separation between copies means storing them as far away from each other as possible. During a natural disaster, merely storing the offsite copy across town will not be enough.

Building secondary data centers or private clouds for offsite data backups are options, but expensive to build and maintain. Whether you are an SMB with no remote branch offices (ROBO) or an enterprise with multiple computing sites, storing your backups in the cloud is the most efficient and cost-effective option.

For the modern era of software-defined data centers, partnering with a cloud services provider (CSP) is the simplified way to secure backups offsite and build a holistic DRaaS strategy for continuous availability of virtualized environments. Offsite tapes still exist and can serve some data protection functions, but they cannot provide efficient IT resiliency. Simply having your data protected is a significant step. Being able to use your data is the next step.


The 3-2-1 Rule for Cloud Backups

A key piece to a solid DRaaS strategy is how you will measure success. With DRaaS, it can come down to a couple of essential metrics:

  • RTO - How long can your critical IT resources be down before it affects your company in a significant way?
  • RPO - How much data loss can your organization afford in case of a disaster?

RTO and RPO rules for Cloud Backups

Backup and DR have traditionally taken time and resources to plan, build, manage, test and maintain an offsite location to adhere to the 3-2-1 backup rule. The cloud and more importantly MSPs and CSPs have stepped in to provide an as-a-service model to help organizations save significant time, money and resources on backup and DR. When planning a DR move to the cloud make sure that your CSP can provide an assessment of your needs and meet RTO/RPO objectives.

3-2-1 Rule for Premises Backups

Odds are that you’re already using on-premises data management software for physical and virtual backups. Getting data offsite has become both the need and the challenge when presented with the cost of building and maintaining an offsite infrastructure or the complexity of navigating the on-demand DIY megacloud. KeepItSafe cloud data backup services work seamlessly with on-premises infrastructures to deliver fast and secure cloud backups with managed and monitored services available to benefit from the following:

  • Hosted Offsite Backups. Easily send backups through a secure SSL connection to KeepItSafe enterprise-class data centers to provide offsite protection.
  • Virtual Machines and Physical Servers. Protect both virtual machines and physical servers, consolidating the data protection plan for your entire environment.
  • Complete Visibility and Control. Manage your time with automated backup scheduling, testing, and instant restores.
  • End-to-End Encryption. Protect data in-flight and at-rest with military-level 256-bit AES encryption and additional security with SOC 2 and FIPS 140-2 certifications.
  • Proactive Support. Customized SLAs designed to meet 24/7 data protection standards and stringent compliance regulations provided by thoroughly trained and certified engineers.

Business continuity and disaster recovery strategies need a secure cloud-based 3-2-1 backup plan to be successful. It is critical to implement backup and disaster recovery solutions purpose-built to ensure the proper data restoration. It’s important to note that the 3-2-1 rule for cloud backup doesn’t address data recovery or the ability to restore from a backup swiftly. It’s important to ask yourself or better yet your cloud provider, how does my DRaaS strategy restore my data and can uptime requirements be met with RTPO’s of less than 15 minutes for applications or provide reverse seeding for full environment restores?

Having a custom DRaaS strategy in place gives you the flexibility to achieve IT resiliency and meet thresholds for data protection and uptime availability. Reach out today to review your data protection strategy and ask for a free assessment.


Readers of this blog post are also interested in this webinar:

How to Create a Great Disaster Recovery Plan

Get Your FREE
Market Analysis Brief!


Disaster Recovery Planning

Download a free Planning Guide

“Storage Switzerland details DR Planning from Good to Great”