The 3-2-1 rule for data backup is a long-running industry standard that has proven effective, but it's not immune from rising costs.
The 3-2-1 backup rule is a proven approach and serves as a starting point for crafting an appropriate data protection strategy. The time-tested data protection method requires that organizations store multiple backup copies in different locations.
Traditionally, it requires organizations to make three copies of the data, store the copies using two different types of storage media and send one copy of the data off site. As storage media and data backup methods evolve, backup admins can adapt this formula to suit different strategies.
The multiple copies, while cost-inducing, provide necessary protection against system failures -- and an isolated copy to protect against natural disasters and the rising threat of ransomware. To reduce the growing cost over time, organizations should consider the necessary retention period for long-term retention and what licensing model is best suited for their data.
While the cost constraints are not a reason to toss the 3-2-1 method to the wayside, it is critical to understand the rise in costs and what it means for organizations, as well as how they can change their approach to the rule while still keeping data safe.
Why does cost increase over time?
There are many factors that determine the overall cost of data protection, but the main drivers are raw storage cost and backup software licenses. Both factors are drastically affected as primary data grows. For most organizations, data is growing and will continue to grow over time.
The raw storage cost involved with the 3-2-1 method is relatively straightforward. Price is driven by the cost per gigabyte of the media involved and the total capacity required. This is determined by the amount of primary storage protected, backup frequency, retention periods and the change rate of data. Data reduction techniques, such as deduplication and compression, can reduce the required capacity and lower the price.
Over time, the off-site copy that the organization uses for long-term retention becomes by far the largest storage cost. By definition, this copy is intended to be held long term, and in some cases, the organization might retain the data indefinitely, depending on compliance regulations or industry requirements. This data set is capable of growing significantly, leading to high costs even when using budget-friendly storage such as tape. Cloud storage can also be a cost-effective option for long-term retention, but egress fees can add significant cost if the data is accessed.
The biggest cost factor of a 3-2-1 backup strategy, however, is backup software licensing. Typically, software companies charge these licenses by capacity, so they are heavily influenced by data growth. Capacity can be calculated by the source capacity protected or the target capacity stored.
For data capable of high data reduction ratios, target-based licensing that includes data reduction can be advantageous. In other scenarios, source data calculations that avoid calculating the capacity of multiple backup copies are more cost-effective. Other licensing models, including subscriptions and licenses based on the number of systems protected, are also available and might help reduce the cost effect of data growth.
To determine what this growth looks like for different organizations, IT analyst firm Evaluator Group created a calculator that shows the cost of the 3-2-1 rule over time. The calculator includes many variables, but the general outcome remains the same: The cost of data protection increases over time.
Is 3-2-1 data protection worth the expense?
As costs continue to rise, upper management might want to know if the 3-2-1 method is worth it. The answer to this question breaks down into two separate questions: "Is data protection worth the cost?" and if so, "Is 3-2-1 the best method for data protection?"
When considering the myriad ways that businesses can lose data -- from hardware malfunction to natural disasters to cyber attacks -- and the increasing value placed on data, it is difficult to imagine any answer to the first question besides yes. Data loss can be catastrophic to businesses when considering the storage of mission-critical data, and it can severely interrupt business operations. There will inevitably be costs associated with any data protection method, but sufficiently protecting data is a crucial task for every organization.
When considering the 3-2-1 method specifically, the answer could be more personal to the organization and its data. Certain variations of the traditional 3-2-1 method can be used to suit specific needs, reduce cost or even add additional protection. This might include moving an on-premises copy to the cloud to reduce cost, or using a more robust 3-2-2 strategy with an additional remote copy.