Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

What is the 3-2-1 rule

Issue 6 2023 Infrastructure


Emma Mbebe.

Bad things happen. One day, that file you worked on is fine. The next, it is gone, lost in a hard drive failure or perhaps a stolen device. Maybe the version you worked on has been corrupted and you need to recover an earlier file. Someone might have deleted the file, removing it from your systems forever.

Data corruption is a bit like a car accident. It does not happen often to a person, but when it does, even a minor fender bender can create inconvenience, and a major smash can cause months, even years, of problems. Likewise, when a file or database no longer performs as it should, it can lead to severe losses. Is not there anymore," says Emma Mbebe, Account Manager at Sithabile Technology Services. "Hours of work evaporate just like that, and you can spend a lot of time afterwards trying to fix the situation. It is a big inconvenience when this happens to one person. When the data is used by multiple people, the impact is exponential across a business. This is why criminal attacks like ransomware work so well; they hit a business where it hurts the most."

Hence, why data backups are critical. Yet, it is not enough to make one backup. If you want to be thorough, follow the 3-2-1 rule. What is the rule, does it apply to every company, and can they afford it?

The 3-2-1 safety net

The 3-2-1 rule is pretty simple; have 3 copies of data on 2 different media and 1 kept offsite. For example, keep two copies of a file on separate removable flash drives, and a third on cloud storage (offsite). You can also have the file on network storage, and two removable drives, keeping one drive at an offsite location.

You can apply the rule manually or with backup automation. You could even print the file's contents on paper and keep that safe. It is not convenient, but it is a backup. You could maintain two or several copies of a file. The point is to create redundancy through multiple independent backups.

Surprisingly, IT experts did not invent the 3-2-1 rule. It first appeared in a book, Digital Asset Management for Photographers, where author Peter Krogh guided photographers on safeguarding their growing digital photo libraries. Digital photos were one of the first digital mediums that started growing is gone forever. That is, unless they have a copy.

The 3-2-1 rule has since become the baseline for good backup practices, and it has evolved to incorporate many different storage mediums and backup strategies.

Is the 3-2-1 rule for your business?

Applying the 3-2-1 rule makes a lot of sense, but it may also feel excessive. Specifically, paying for different storage options and managing copies across those instances sounds complex and expensive. Smaller businesses might feel they do not qualify, but Mbebe disagrees. "Making multiple backups can sound daunting and costly when you look at the higher-tier options, such as dedicated network storage, but, in principle, you do not need to go that far. The hardest part is to decide what data is important, then balance that with security and compliance. For example, if you are writing a pitch document, that is not very sensitive. You can save a copy to email, to a flash drive, and save a third one on a service such as OneDrive."

At a fundamental level, the 3-2-1 rule works for any situation. It is all relative to what a person or business needs.

"I like to think of the rule as a conversation starter. The question is not whether you use this rule but whether you are concerned about backups at all. If you need to be serious about backups, then the rule provides a good foundation. Now, decide on your priorities and capacity, then establish a backup strategy which can be as simple as telling employees to save copies to the cloud, or involve elaborate management and backup appliances. A healthcare provider or financial institution should never back sensitive data onto removable drives or external emails. So, there we already know what they can and cannot do, projected through the rule."

The 3-2-1 Rule sets a benchmark. Fill in the gaps, and you will see if your backups are sufficient. It is a rule that can apply to every organisation and even individuals.

Without it, you take a massive risk. Bad things happen to data. Beyond the scary stories about ransomware and data theft, it can be a simple case of losing a device or a hard drive failing. Maybe a water pipe bursts and floods your office, now that offsite backup makes sense! So, do not ignore this crucial rule. Consider how it would fit into your organisation, and make your backups as easy as 3-2-1.




Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

What is your ‘real’ security posture?
BlueVision Editor's Choice Information Security Infrastructure AI & Data Analytics
Many businesses operate under the illusion that their security controls, policies, and incident response plans will hold firm when tested by cybercriminals, but does this mean you are really safe?

Read more...
What is your ‘real’ security posture? (Part 2)
BlueVision Editor's Choice Information Security Infrastructure
In the second part of this series of articles from BlueVision, we explore the human element: social engineering and insider threats and how red teaming can expose and remedy them.

Read more...
Onsite AI avoids cloud challenges
SMART Security Solutions Technews Publishing Editor's Choice Infrastructure AI & Data Analytics
Most AI programs today depend on constant cloud connections, which can be a liability for companies operating in secure or high-risk environments. That reliance exposes sensitive data to external networks, but also creates a single point of failure if connectivity drops.

Read more...
Short-range indoor LiDAR sensor
OPTEX Perimeter Security, Alarms & Intruder Detection Infrastructure Products & Solutions
The REDSCAN Lite RLS-1010L has been developed to provide comprehensive coverage and protect high-risk security zones and vulnerable, narrow indoor spaces that are difficult to protect with traditional sensors.

Read more...
Understanding shared responsibility
Infrastructure
Data management is increasingly coming under the governance spotlight, yet a significant vulnerability often goes unnoticed. Many businesses operating on Microsoft 365 assume their data is comprehensively backed up.

Read more...
Direct-to-cloud surveillance platform
Surveillance Infrastructure
Oncam has announced a forthcoming end-to-end, direct-to-cloud video platform that combines AI-enabled cameras, intelligent IoT devices, and cloud-integrated video management software to deliver smarter performance with reduced complexity.

Read more...
Local-first data security is South Africa's new digital fortress
Infrastructure Information Security
With many global conversations taking place about data security and privacy, a distinct and powerful message is emerging from South Africa: the critical importance of a 'local first' approach to data security.

Read more...
Software security is a team sport
Information Security Infrastructure
Building and maintaining secure software is not a one-team effort; it requires the collective strength and collaboration of security, engineering, and operations teams.

Read more...
Data resilience at VeeamON
Technews Publishing SMART Security Solutions Infrastructure Information Security
SMART Security Solutions attended the VeeamON Tour in Johannesburg in August to learn more about data resilience and Veeam’s initiatives to enhance data protection, both on-site and in the cloud.

Read more...
Troye exposes the Entra ID backup blind spot
Information Security Infrastructure
If you trust Microsoft to protect your identity, think again. Many organisations naively believe that Microsoft’s shared responsibility model covers Microsoft Entra?ID – formerly Azure AD – but it does not.

Read more...











SMART Security Business Directory


While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.

Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.