Getty Images/iStockphoto


How the 3-2-1-1-0 backup rule reflects modern needs

The 3-2-1-1-0 backup rule addresses modern data protection requirements, such as ransomware protection and cloud backup. Find out how it builds on the 3-2-1 rule in this tip.

The 3-2-1 rule is easily one of the most longstanding practices of data backup. Despite its longevity, the rule can be difficult to apply in today's world.

The 3-2-1 rule states that in order to be fully protected, organizations must have three copies of their data on two different types of media, with one copy off site. The rule was created when tape was the backup media of choice and predates cloud backups, which explains why it might be due for an upgrade.

Recently, backup professionals have created a modernized variation of the 3-2-1 rule to reflect current data protection best practices. This updated method is the 3-2-1-1-0 backup rule.

3-2-1-1-0 rule by the numbers

The 3 in the 3-2-1-1-0 backup rule indicates that for data to be fully protected, there need to be at least three copies of the data. While the original 3-2-1 rule reflects the same recommendation, there is a key difference between the two: When the 3-2-1 rule became standard, the recommendation was to have three copies of data including the original data. The modern 3-2-1-1-0 rule stipulates that backup admins need at least three copies of data in addition to the original data.

The 2 in the 3-2-1-1-0 rule directs organizations to back up data on two different types of media. The original 3-2-1 rule made the same recommendation, which often meant creating one backup on disk and another on tape. Today, there are other options, such as cloud storage and SSDs.

The two backup media types should also differ from where the primary backup resides. This might be difficult for an organization that already uses a certain type of storage media, such as disk, for backups. However, there are other ways to incorporate different backup hardware. For instance, an organization might use one vendor's array to store primary data and an array from a different vendor to store backups.

An air-gapped backup cannot become compromised during a ransomware attack, so it is critical to have at least one.

As in the original 3-2-1 rule, the first 1 in the 3-2-1-1-0 backup rule directs an organization to keep at least one copy of the data off site. The easiest way to accomplish this is, of course, to store a backup copy in the cloud. Keep in mind, however, much of the original data probably already exists in the cloud. Consider storing backups in an alternative cloud so that primary data and backups do not reside in the same cloud.

The second 1 in the 3-2-1-1-0 rule reflects the idea that at least one backup copy needs to be kept offline. Simply put, ransomware cannot infect a backup that is not physically connected to the network. An air-gapped backup cannot become compromised during a ransomware attack, so it is critical to have at least one.

The 0 in the 3-2-1-1-0 is a critical addition to the original standard. This final step directs organizations to verify that the backup contains zero errors. A backup that contains errors might fail to restore properly, so it's important to seek out and resolve errors early.

Next Steps

Use geo-redundant backups for long-distance data protection

Dig Deeper on Data backup security

Disaster Recovery