What is the 3-2-1 rule

Issue 6 2023 Infrastructure

Emma Mbebe.

Bad things happen. One day, that file you worked on is fine. The next, it is gone, lost in a hard drive failure or perhaps a stolen device. Maybe the version you worked on has been corrupted and you need to recover an earlier file. Someone might have deleted the file, removing it from your systems forever.

Data corruption is a bit like a car accident. It does not happen often to a person, but when it does, even a minor fender bender can create inconvenience, and a major smash can cause months, even years, of problems. Likewise, when a file or database no longer performs as it should, it can lead to severe losses. Is not there anymore," says Emma Mbebe, Account Manager at Sithabile Technology Services. "Hours of work evaporate just like that, and you can spend a lot of time afterwards trying to fix the situation. It is a big inconvenience when this happens to one person. When the data is used by multiple people, the impact is exponential across a business. This is why criminal attacks like ransomware work so well; they hit a business where it hurts the most."

Hence, why data backups are critical. Yet, it is not enough to make one backup. If you want to be thorough, follow the 3-2-1 rule. What is the rule, does it apply to every company, and can they afford it?

The 3-2-1 safety net

The 3-2-1 rule is pretty simple; have 3 copies of data on 2 different media and 1 kept offsite. For example, keep two copies of a file on separate removable flash drives, and a third on cloud storage (offsite). You can also have the file on network storage, and two removable drives, keeping one drive at an offsite location.

You can apply the rule manually or with backup automation. You could even print the file's contents on paper and keep that safe. It is not convenient, but it is a backup. You could maintain two or several copies of a file. The point is to create redundancy through multiple independent backups.

Surprisingly, IT experts did not invent the 3-2-1 rule. It first appeared in a book, Digital Asset Management for Photographers, where author Peter Krogh guided photographers on safeguarding their growing digital photo libraries. Digital photos were one of the first digital mediums that started growing is gone forever. That is, unless they have a copy.

The 3-2-1 rule has since become the baseline for good backup practices, and it has evolved to incorporate many different storage mediums and backup strategies.

Is the 3-2-1 rule for your business?

Applying the 3-2-1 rule makes a lot of sense, but it may also feel excessive. Specifically, paying for different storage options and managing copies across those instances sounds complex and expensive. Smaller businesses might feel they do not qualify, but Mbebe disagrees. "Making multiple backups can sound daunting and costly when you look at the higher-tier options, such as dedicated network storage, but, in principle, you do not need to go that far. The hardest part is to decide what data is important, then balance that with security and compliance. For example, if you are writing a pitch document, that is not very sensitive. You can save a copy to email, to a flash drive, and save a third one on a service such as OneDrive."

At a fundamental level, the 3-2-1 rule works for any situation. It is all relative to what a person or business needs.

"I like to think of the rule as a conversation starter. The question is not whether you use this rule but whether you are concerned about backups at all. If you need to be serious about backups, then the rule provides a good foundation. Now, decide on your priorities and capacity, then establish a backup strategy which can be as simple as telling employees to save copies to the cloud, or involve elaborate management and backup appliances. A healthcare provider or financial institution should never back sensitive data onto removable drives or external emails. So, there we already know what they can and cannot do, projected through the rule."

The 3-2-1 Rule sets a benchmark. Fill in the gaps, and you will see if your backups are sufficient. It is a rule that can apply to every organisation and even individuals.

Without it, you take a massive risk. Bad things happen to data. Beyond the scary stories about ransomware and data theft, it can be a simple case of losing a device or a hard drive failing. Maybe a water pipe bursts and floods your office, now that offsite backup makes sense! So, do not ignore this crucial rule. Consider how it would fit into your organisation, and make your backups as easy as 3-2-1.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Enhanced cellular connectivity is critical for farm safety
Infrastructure Agriculture (Industry)
In South Africa, the safety of our rural communities, particularly on farms, is a pressing concern. Nearly 32% of South Africa’s 60 million people live in these areas, where security challenges are constantly in the spotlight.

All aspects of data protection
Technews Publishing Editor's Choice Information Security Infrastructure AI & Data Analytics
SMART Security Solutions spoke to Kate Mollett, Senior Director, Commvault Africa, about the company and its evolution from a backup specialist to a full data protection specialist, as well as the latest announcements from the company.

Revolutionising networking technology for the future
Infrastructure IoT & Automation
[Sponsored] In the fast-evolving landscape of networking technology, RUCKUS Networks stands out as a trailblazer, offering innovative solutions that redefine connectivity experiences across various industries.

Edge could help transform South Africa’s healthcare
Axis Communications SA Infrastructure
Edge computing has emerged as a game-changing technology for many industries, and the healthcare sector is no exception. In particular, South Africa’s healthcare industry could significantly benefit from the potential of this technology.

Cloud platform for cyber resilience in the hybrid enterprise
The Commvault Cloud brings together data protection, security, intelligence, and recovery on one platform, offering AI capabilities to defeat cyber threats, and includes integration with Microsoft Azure OpenAI Service.

Rapid rise in DNS attacks drives demand for new approach
Infrastructure Risk Management & Resilience
As ransomware grows more sophisticated and DNS attacks become more frequent, businesses are increasingly trying to protect themselves by adopting innovative approaches and technologies to bolster the integrity and security of their backup systems.

Majority of South African companies concerned about cloud security
Information Security Infrastructure
Global and local businesses share a common concern when it comes to cloud security. 95% of global businesses and 89% of local businesses are concerned about the security of public clouds.

Consolidated cybersecurity management
Technews Publishing Editor's Choice Information Security Infrastructure
SMART Security Solutions spoke to Gareth Redelinghuys, Country Managing Director, African Cluster at Trend Micro, to find out what makes Trend stand out from the crowd and also its latest market offerings.

Access to data centre secured
Suprema Access Control & Identity Management Infrastructure
GBM required a modern access control system to increase the security of its facilities in a productive environment without affecting the operation of the offices and the data centre, which are carried out 24/7/365.

Africa’s growth lies on shoulders of renewable energy
News & Events Infrastructure
The Africa Tech Festival from 13 to 16 November in Cape Town will unpack the challenges and discuss the pivotal role of sustainability & renewable energy in advancing technological development in Africa.