The 3-2-1 rule of data protection – Understanding the threats to an organisation’s data

By Sarah Doherty, Product Marketing Manager, iland.

  • Friday, 7th August 2020 Posted 4 years ago in by Phil Alsop

In today's world, a major challenge for organisations is protecting their data. Whether an organisation is in a regulated industry mandated by law to retain x number of years of data, or one more acutely concerned with employees accidentally deleting files, the first pain point that customers usually have is focused on data protection.    

  

There are several reasons for companies to resort to backing up their data via the cloud. Firstly, with ransomware attacks more frequent than ever before and hardware failure still an issue, organisations traditionally have local backup as their primary means of protecting data. However, local backup is still vulnerable for several reasons such as SAN failure, double disk fault or power loss.   

  

Secondly, backups are necessary and mandatory, but local backups might not save organisations in certain situations. What if the power in the building goes out? How will they restore their data? If the hardware is broken and it takes four weeks for the hardware to recover, that doesn’t help an organisation to get back up and running to continue with ‘business as usual’.   

  

Thirdly, IT resilience is the ability to quickly bring organisations online so they can continue to run their business no matter what the issue. Whatever the situation is, organisations need to be able to quickly get IT infrastructure back in operation, no matter what is going on in their data centre. IT resilience and Disaster Recovery as a Service (DRaaS) has always been a challenge for companies because, in the old days, organisations would have to have a secondary data site, or use old hardware, replicate all data and runbooks and plans, and have to test it, etc. It was just absurd and only the largest enterprise organisations could afford to do it.    

  

With the cloud’s model of ‘pay for what you use’ and ‘pay for what you need’ , companies of any size can replicate their data, infrastructure and entire application stack to the cloud more cost effectively than buying additional data centre space or running on-premise backup and DR.    

  

The 3-2-1 backup rule    

  

The 3-2-1 backup rule is an easy-to-remember shorthand for a common approach to keeping organisations’ data safe in almost any failure scenario. The rule is: keep at least three (3) copies of the organisation’s data, one being the production environment. Then store two (2) backup copies, which is usually initial backup on different storage media such as a tape, snapshot, hard drive etc. Then store one (1) of them located offsite.    

  

There are several reasons why the last stage is important. If you think about ransomware, nowadays it has the ability to find locally attached backups and encrypt them. Or organisations could have a power failure where, if everything is in the same building, they are left with no back up at all. Historically, a lot of companies would resort to trading copies of their tapes, putting them on a truck and sending them somewhere else. That introduces all sorts of challenges with humidity, transportation of the tape, where it is being stored, will they have the same tape type and will we be able to access it in two years? Organisations still want to have that air-gapped copy of their data, but cloud introduces a whole new way of addressing that as it is easily accessible by anyone, anywhere.   

   

How will businesses future proof their infrastructure and their data?   

Cloud is an elegant solution to address these data protection and business continuity issues, and one that is within the capabilities and budgets of every organisation. By using cloud to follow the 3, 2, 1 rule of data availability, organisations gain the confidence that they can have a failure and still be able to recover their data.    

  

Data centre mobility and cloud enable those business-critical workloads to continue no matter what the scenario. It could be a new norm, a global pandemic etc. The cloud allows organisations to meet their business needs whilst protecting their data. It allows organisations to spin up virtual machines and virtual assets, and quickly connect to their infrastructure whether it is on-premises or in another cloud. It also allows companies to continue to work remotely in the middle of a pandemic or other physically disruptive crisis, such as an extreme weather event, at a lower price point.   

  

Retaining protection standards  

  

Organisations can migrate their data to the cloud for cost and continuity purposes.  Once the data is migrated, it is still critical to focus on data protection. The data will be protected with the help of the CSP, but they can’t stop doing backup or IT resilience testing. By supplementing the production environment with backup and DR in the cloud, the organisation can ensure that they have those multiple copies, and air-gapped back-ups, that can be failed over to almost instantaneously should an issue occur with the primary infrastructure.  As an increasing number of organisations want to get out of the business of managing their data and just focus on delivering business value with their IT assets, the cloud is providing the answer for both primary and backup infrastructure.   

  

The 3-2-1 backup rule is a good start in building any data protection system – a way to protect an organisation’s data from loss/corruption and to control risks in all the aforementioned situations. The cloud offers incredibly effective and resource-efficient ways of achieving this and improving business continuity and resilience at a time when events are showing us it has never been more important.