Arguably, maintaining a good backup of computer data is the most important task of the system administrator. In the early days of business computers, we made sure to label, rotate and verify tapes so that if the worst happened, we could restore from tape and be up and running quickly. It was suggested to have a tape for each day and store in a fire-proof vault preferably offsite. This is where I first heard the rules of the 3-2-1 backup strategy.
A backup strategy has to be robust enough to recover from disaster, but simple enough to give a reliable archive. It is easy to discuss the choices with computer professionals because we understand the technology, but the opinions on how to execute a backup plan are as numerous as the number of experts that you ask. The perfect backup plan is one that is executable and verifiable.
The 3-2-1 plan offers an easy to explain, easy to assemble formula that will have even people who say they are not computer people nodding in understanding and agreement.
3 – Keep three copies of critical data. Any data that you want to protect including bare metal images, databases or files of any type, be sure to have 3 unique copies. For instance, the local RAID or hard drive, external disk, NAS, tape, DVD, flash drive and Cloud all count toward your three copies. Today, most common are disk and Cloud understanding that most Cloud solutions consist of disk backup. These give a robust backup that is easy to test and restore.
2 – Have your data on two types of media. Media could be HDD, flash, DVD or CDrom, tape, floppy or Cloud. This is a bit antiquated as today most backup is done on HDD or solid state drives. So think about it as two unique locations that are under your direct control.
1 – One copy must be offsite and offline. This is the critical copy that can be used to restore your system in case of a disaster where your IT resources are seriously compromised or destroyed. Offsite is essential for contingency and disaster recovery planning. If you use a Cloud or redundant site to meet this requirement, the data also has to be offline so that it is not susceptible to CryptoLocker types of attacks.
Missing from the steps is one specifically for verification. Testing your backup might be implied in the rule but I like to add a zero so that there is no question that the backup will be tested. Images, databases and files are tested differently depending upon configuration and criticality of data.
Solutions don’t have to be expensive. There are several ways to economically protect data. Cloud backup and external drives can be low-cost alternatives for data recovery. Of course, real-time solutions designed for enterprise systems are much more complicated and expensive. But for most clients in the SMB space, a 3-2-1 backup plan will economically safeguard their data understanding that restoration requires labor to get the system up and running.
Backup is an essential part of a Disaster Recovery/Business Continuity Plan. Many are the horror stories of system failures where no backup was available. Even if you question the statistics on the number of companies that fail after a major data loss, there is no question that the loss of critical data can cripple a company. Eliminate or reduce the negative impact by including the modernized 3-2-1 backup strategy for you and your clients.