Backup Strategy: What is the 3-2-1 backup rule?

“Failing to back up your data can have catastrophic consequences, as a single hardware failure, cyberattack or natural disaster can wipe out all your valuable information, leaving you with no way to recover it. This means that years of hard work can all be lost in an instant, with no chance of retrieval. Even the cost of losing just a portion of your important data can be immeasurable, with potential financial, legal and reputational implications that can last for years.” — Carl D’Halluin, Chief Technology Officer (CTO), Datadobi

Having a robust backup strategy is a no-brainer for modern businesses operating in a highly competitive environment where there’s zero tolerance for data loss and downtime. Among the most effective strategies that managed service providers (MSP) can take advantage of is the 3-2-1 backup rule — a simple yet comprehensive approach to data protection.

Read on as we delve into the intricacies of the 3-2-1 backup rule, its benefits, the different variations and how Datto Unified Backup can help enhance your backup strategy to better protect your customers.

What is the 3-2-1 rule of backups?

The 3-2-1 backup rule states that you should have three copies of your data, store backup copies on two different storage media or backup formats and ensure one of the copies is located off-site. U.S. photographer Peter Krogh first established this rule in the early 2000s, which has stood the test of time and is still relevant today. Here’s a breakdown of each of these components:

• Three copies of your data: This includes the production/original data and two backup copies to ensure redundancy.
• Backup copies on two different media: This means you must use 2 different devices, media types or clouds to store backup copies, ensuring data is protected against device or media failure.
• One off-site backup (including a separate cloud): This includes storing one copy of your backups in a separate, off-site location for disaster recovery. Maintaining off-site backup guards against local catastrophes that could destroy data stored at a single location.

Why is the 3-2-1 rule important?

The 3-2-1 backup rule offers a straightforward framework for data protection, ensuring that businesses can recover from data loss incidents with minimal impact. This rule is especially useful in eliminating a single-point-of-failure (SPOF), such as a hard drive failure or device theft. A SPOF refers to a component or element within a system that, if it fails, the entire system will stop functioning. Eliminating SPOFs ensures that the failure of one component does not lead to total system failure, thereby ensuring continuity of operations even in the face of individual component failures.

One of the most important benefits of the 3-2-1 backup rule is the inclusion of one off-site backup (typically in the cloud), offering protection against localized disasters such as fires, floods or theft. However, it is important to note that clouds, including public/hyperscale, are not impenetrable and, therefore, should be treated as “a location,” like on-premises.

What is a 3-2-1 backup rule example?

Let's see a practical example of implementing the 3-2-1 backup rule.

Imagine you are a freelance photographer who relies heavily on digital photos for your livelihood. Here's how you could apply the 3-2-1 backup rule to safeguard your precious work:

Primary data: You store the original copies of all photographs on your computer's internal hard drive. This is the first copy of the data.

First backup (on different mediums): To adhere to the rule of having backups on two different media, you use an external hard drive to make the second copy of all the photos. This external hard drive is connected to the computer only during the backup process to minimize risks of simultaneous failure with the computer’s internal hard drive.

Second backup (off-site): For the third copy, you subscribe to a cloud storage service like Apple iCloud, Google Drive or Microsoft OneDrive, where the third copy of the photos is stored. This not only adheres to the "one backup off-site" principle but also protects against local disasters, such as fire or theft, that could destroy both the original and the on-premises backup.

In this scenario, you have effectively minimized the risk of losing your work. Even if the computer's internal hard drive fails, the external hard drive provides an immediate recovery option. In the case of a physical disaster damaging both the computer and the external hard drive, the cloud storage serves as a remote lifeline, ensuring you can still access and recover all the photographs.

Variations of the 3-2-1 backup strategy

Although the 3-2-1 backup rule has been a key backup and recovery strategy for decades, today, the gold standard is evolving. As businesses develop, most will partner with an MSP to ensure that their IT infrastructure runs smoothly.

One of the key parts of a managed service is to prepare for downtime or a disaster event. The idea of the 3-2-1 backup rule is to protect against a single disaster, such as a fire or flood in the office. In such situations, you would be able to recover from your off-site backup. However, over the years, where the threat landscape has become more aggressive and reliance on IT has grown exponentially, this rule alone is no longer enough.

Over the years, there have been multiple variations of the 3-2-1 rule, such as 3-2-1-0, 3-2-1-1, 3-2-1-1-0 and 4-3-2. However, these have their own range of issues, including costs and time to manage the infrastructure that goes with these strategies.

3-2-1-0

This approach is similar to the 3-2-1 rule with an additional zero, which means you must test your backups to ensure there are no errors. As an MSP, you must make sure your backup vendor supports disaster recovery testing to validate that backups are clean with zero errors.

3-2-1-1

The 3-2-1-1 backup strategy expands upon the original framework by introducing a fourth element, which is ensuring that one copy of your data remains immutable or is kept in an air-gapped environment. Immutable backups cannot be altered or deleted. Backups stored in an air-gapped environment are entirely offline, isolated from any network connections. This adaptation of the strategy aims to enhance defenses against growing cyberthreats, such as ransomware attacks, by providing an extra layer of security.

3-2-1-1-0

The 3-2-1-1-0 backup strategy takes the classic 3-2-1 rule a notch higher. It includes not just an extra "air-gapped" or offline backup but also introduces a verification step to guarantee all backups are free from errors.

4-3-2

The 4-3-2 backup methodology suggests that for businesses being managed by MSPs or IT service providers, you have four copies of your data stored across three locations (on-site as source, on-site with the MSP and one in the cloud), with two of these being off-site.

What are the benefits of the 3-2-1 backup method?

The 3-2-1 backup method has become a cornerstone strategy for data protection, offering multiple benefits, including:

• Localized risk mitigation: Keeping a copy of your clients’ data at an off-site location helps protect against the risk of data loss due to local disasters, such as fires, floods, hardware failures or thefts. This diversification ensures that even if one backup fails or is destroyed, the data remains secure in other locations.
• Multiple recovery options: By spreading data across multiple locations and media like the cloud, this method provides flexibility in how and from where data can be restored. Whether it's a minor data corruption or a significant system-wide failure, having backups on different media and locations allows for tailored recovery strategies that minimize downtime and operational impact.
• Compliance best practice: Compliance with industry regulations and standards is another critical aspect of the 3-2-1 backup method. Many regulations mandate that businesses maintain secure, recoverable copies of their data. By following the 3-2-1 rule, you can help clients meet these requirements, ensuring you protect not only their valuable data but also their reputation and legal standing.
• Peace of mind: With your clients knowing their mission-critical data is backed up securely and recoverable in multiple ways, they can operate with confidence, focusing on core business activities without the constant worry of data loss.

How Datto Unified Backup supports the 3-2-1 backup rule

Datto Unified Backup, our all-in-one family of data protection solutions purpose-built for MSPs like you, covers all business continuity and disaster recovery (BCDR) needs. Our BCDR solutions provide complete protection no matter where your clients’ files and applications are stored — on local servers, end-user PCs, cloud platforms or SaaS applications.

Datto SIRIS is a flexible BCDR solution that enables you to store a copy of your clients’ data locally and in the secure Datto Cloud. It also replicates the backup to a secondary Datto Cloud location for extra resilience. With automated, verified backups stored locally and in the secure Datto Cloud, you can address any recovery scenarios with confidence.

Datto Backup for Microsoft Azure is a full BCDR solution that goes beyond just backup and recovery. Its advanced features, including multicloud replication to the Datto Cloud and screenshot verification, ensure Azure workloads are secure and easily recoverable. Built on Datto’s proven SIRIS technology, Datto Backup for Microsoft Azure delivers consistent management and protection — from endpoint to server to cloud.

Datto Endpoint Backup with Disaster Recovery is a unique BCDR solution, enabling you to protect client workloads effortlessly. It combines direct-to-cloud backup, ransomware protection, powerful DR capabilities and an easy-to-use unified management portal. It offers hourly replication to the secure and private Datto Cloud to provide rapid recovery during downtime, cyberattacks and outages.

Datto Cloud

The Datto Cloud is built on an immutable storage model, providing MSPs and their clients maximum flexibility. It not only provides off-site images of backups but also protects them from harm through multiple layers of security. Our proprietary Cloud Deletion Defense also contributes to the immutability of the Datto Cloud by enabling users to regain access to cloud data that are mistakenly or maliciously deleted. Our patented Screenshot Verification adds another layer of security, virtualizing and test-booting virtualized servers to detect any backup issues, assuring that backups will boot with all data intact and free from ransomware. The Datto Ransomware Detection system checks for suspicious file patterns that resemble ransomware activity. If it detects any suspicious signs of ransomware infection, the Datto device will create an alert, enabling you to take immediate action to determine if there is indeed a problem. Once the ransomware scan and advanced backup verification have been performed, backups are replicated to the secure Datto Cloud via AES 256 encryption.

Protect your clients’ data anytime, anywhere with Datto

The 3-2-1 backup strategy mitigates various risks, including hardware failure, natural disasters and cyberthreats, such as ransomware. Having three copies ensures redundancy, storing them on two different media protects against device or media failure, and maintaining an off-site backup guards against local catastrophes that could destroy data stored at a single location.

Datto Unified Backup takes the 3-2-1 backup methodology to the next level. From backup to cloud recovery, Datto delivers a comprehensive set of data protection and BCDR tools built for MSPs, empowering them to protect clients' critical workloads from anywhere — servers, PCs or SaaS apps — and at any time.

Book a demo today to discover how Datto Unified Backup can be a game changer for your MSP.