Triple Safe: The 3-2-1 Rule for Backups
Triple Safe: The 3-2-1 Rule for Backups Pixabay

New York-based Sara was pleased to receive a bundle of old family photos after her grandmother passed on. For her, these were rare treasures. Some were black and white images from the late 1940s and 50s, others showed her hippie-looking parents in the 1960s. Wisely, Sara scanned the pics, turning the images into digital copies for posterity. Sara then put her digital images in three places: on a folder in hard drive on her desktop, on an external hard drive, and uploaded them to a cloud storage service, which she pays for to make sure she has more than enough space and that she never gets a “your account has been suspended due to inactivity” email. Not long after, relatives in her home state of Wisconsin rang to tell of a major flood that affected their family home near Grafton. Losses were great; many of them irreplaceable, including every family photo album still in the home.

The name and exact locations of the story above have been modified, but the tale is true. Sara, without knowing it at the time, had followed the famous “ 3-2-1 Backup Rule ,” which breaks down to this advice: have three versions of your data on two different storage platforms with one of them off-site. Photos are of course important and valuable, but for a business, the loss of data can be much more than just a sad event. With great cloud storage options available, there's no reason for anything getting lost in the digital age, but there are many who have yet to grasp the necessity of the “3-2-1” rule.

In March 2021, a major fire destroyed a good portion of the SBG2 data center in Strasbourg, eastern France, owned by Europe’s largest cloud storage provider, OVHcloud. Clients who had heeded warnings to have a “disaster plan” by paying for “triple redundant” backups were barely affected. Others, who apparently did not consider the possibility of the “unthinkable,” suffered. Rust, a survival game from Facepunch Studios had the unhappy task of informing players over Twitter that it was “expecting a large amount of data loss across the affected servers.” This later was confirmed. The data was irretrievably lost – not a winning marketing strategy for any company.

The “3-2-1” Rule sounds simple enough, but it needs to be followed properly – and in the correct way for your business or organization. Let’s start with the “three copies” part: Three is a good number, but many experts say the number should be prefaced with “at least.” Also, at least three copies should be from various points in time. Multiple versions from multiple times ensure recovery from a wide array of possible disasters.

Second, is the: “on two different media” edict. Some might split a hard drive into two virtual volumes, if the primary fails, however, the backup will likewise fail. Always have the backup on different media than the original. Again, with so many cloud services to choose from, it’s hardly a burden to subscribe to more than one service. External hard drives are cheap. Knowing you have copies of copies is reassuring and, well, simply smart.

On to the last number in the set: One of your backups should be off-site. For some, cloud services cover this, but make sure you know the provider’s backup policies, and don’t be too cheap to pay for “redundant backups.” A somewhat funny anecdote from the early days of computing tells of a programmer complaining about the uselessness of backup floppy discs, as they melted after a server caught fire. The programmer became red-faced after being asked where the discs were kept and admitted they were placed on top of the server. –Duh. The rule is worth repeating: a backup copy – at least one version – must be stored at a separate physical location from what you’re backing up.

These “common sense” rules can save your company or organization – or your private family photos and files – but too many forget to think each element through. If, for example, you use a public cloud vendor, “snapshot images” as backups are useless should a hacker get into the primary system. The bad guy can simply delete the primary and secondary copies. Ask your vendor – be they for cloud storage or an email server, what they would do in the event of a third-party hack on your account.

Finally, some other ideas well worth considering include signing up for a service that offers “immutable storage,” which is a backup that cannot be deleted and changed, even by you, unless very specifically laid-out rules and times are followed. Unfortunately, most ransomware attacks of late have been against Windows . Using a separate operating service (OS) for a backup might be a lifesaver. Spread backups over accounts – using completely different credentials for a disaster-recovery system means a compromised account remains only one compromised account.

Fires, floods, or hacks – anything is possible, but there isn’t an excuse for permanent data loss. Take some time as soon as possible to review your personal or corporate backup plans. The adage is true: “Better Safe Than Sorry.”