Read on to learn about the 3, 2, 1 backup strategy and how to use it in your business.
When it comes to IT security, I think we all understand the importance of backups and other measures by now. You’ll have noticed that we can be quite tiresome about it.
However, there are a few important things about backups that everyone should also understand.
What is the 3, 2, 1 backup strategy?
Put simply, the 3, 2, 1, Backup Strategy is an approach to backups that relies on three levels of protection: You want to have at least three copies of your data on at least two types of storage and with at least one backup saved off site.
Let’s try and explain this a little better:
- You should have at least 3 copies of your data: Having three backups will provide extra redundancy. If one of your backups becomes corrupt, you’ll still have another two copies as an insurance policy. Having three copies provides significant protection against data loss. However, it does mean increased maintenance costs.
- You should have your data stored on at least two types of storage: This measure ensures that, in the event of a disaster affecting one type of storage, you still have a copy on another type of storage which you can use. Imagine, for example, that you have one backup on a hard drive in the office (on-premises) and another copy on the cloud (on-cloud). If there’s a problem with the system in the office, you will still have your cloud copy.
- You should have at least one backup stored off site: This means that at least one backup should be stored somewhere other than your head offices. This could be a branch office or a company dedicated to storing backups. That way, if a disaster affects your offices, such as a fire or a flood, you will still be able to access your off-site backup to re-establish your services. However, if you’ll allow me to be a little serious for a second, it’s very important to think carefully about where your off-site backup will be stored. Many companies in the World Trade Center had their backups stored in the opposite tower. In principle it was unthinkable that something would affect both towers, but the unthinkable happened.
This strategy is built on the principle of having well-protected production data so that your company is resilient as possible, whatever might happen. We all know that 100% protection is impossible, but the 3, 2, 1 Backup Strategy puts you in the strongest position to survive any setback.
It’s worth mentioning at this point that whilst it’s all good and well making backups, they need to be properly planned and configured. There’s no point in having loads of backups if they’re not fit for purpose when the unimaginable happens. Take time to plan your backup policy, what will be backed up, how, and how long you will retain your backups for.
Diversifying your storage
We’ve already mentioned this, but we’ll stress it again. Wherever possible, you should make sure that you use various types of storage. This means even using different brands or technologies to ensure that when a problem occurs, it doesn’t affect everything.
For example, if you use different providers of the same technology, it’s highly unlikely that a problem will affect them both. And if it’s a technological failure? Use different technologies and you’ll be much more secure.
Backup scheduling
I’m almost bored of saying it now, but backups are essential. They’re a critical part of your disaster recovery plans and you may come to depend on them for your very survival as a company. This is why it’s important to invest time in planning your backup schedule.
Take time to carefully consider which services are the most important, when services are used, where each department saves its data, etc. Then, use this information to decide:
- How often you will make backups
- Whether backups will be complete or partial
- Whether you will use incremental backups and how often
- How long you will retain your backups
These are all key questions when planning your company’s backup policy.
Monitor your backups
These days, backups tend to be automated so that we don’t have to keep remembering to do them. A typical schedule might be to make a backup of the production servers on Monday, an incremental backup on Wednesday and Friday and a backup of the development server on Fridays.
It would be madness to try and remember all this manually week in week out. And this is before we get to how long each backup should be retained for and how often you need to free up space.
As a result, most companies automate these processes. But how can you be sure that everything is working correctly? One of a sysadmin’s responsibilities is to check that backups are being made correctly. This means spending some time each week to check your backups and check that there are no alerts or errors.
Test your backups
As well as monitoring your backup processes, we highly recommend test that your backups are actually fit for purpose.
For example, I would recommend performing a partial restore of a file or director every fortnight. Then, you could also perform a full restore using a lab machine each month.
There are two reasons to do this: Firstly, you will be able to check that your backups are being made correctly. Secondly, you will be able to ensure that your IT team clearly understands the restore procedure. In an emergency, you don’t want your team to waste valuable time checking documented procedures.
Conclusion
As you can see, the 3, 2, 1 backup strategy is a highly effective way of making sure that your company has the security and protection it deserves against unexpected disasters.
If you would like to learn more about disaster recovery, backups and other related topics, check out these articles:
- The 5 Most Common Causes of Data Loss in SMEs
- Why is Disaster Recovery Planning Such a Headache?
- Disaster Recovery: What Is It and Why Do We Need It?
Thanks for reading!