The backup strategy plays a crucial role when it comes to business continuity.

Accidents do happen. Prevention and recovery plans are the best allies to get everything back on track as quickly as possible.

An effective backup means that, if any incident occurs, your data can be recovered quickly, easily, and (perhaps most important) without any errors.

Many factors can lead to data loss and compromise your business:

  • Hard Drive damage
  • Computer failure
  • Cyberattacks (e.g., Ransomware)
  • Natural disasters
  • Theft/robbery
  • Human error

The main question about this topic is when will these events happen, not if!

One of the most well-known strategies for backup is the 3-2-1 rule, which Peter Krogh crafted on a series of best practices and workflows for digital photography. He starts with a very compelling sentence:

“There are two kinds of people in the world – those who have had a hard drive failure, and those who will.”


So, what is the 3-2-1 backup strategy?

We can summarise it as follows:

  • Keep 3 copies of your data (1 primary copy and 2 backups), ensuring that at least one of them is accessible for quick retrieval
  • Store the copies on 2 different storage media types (e.g., local drive, NAS, magnetic tape, cloud, etc.)
  • Place 1 copy offsite (e.g., outside your company, in the cloud)

Let’s detail a bit more on each point.


Keep three copies of your data.

The big question is, “Why isn’t just a backup enough?”

First of all, availability. Imagine a situation that directly affects your primary data and your company has only one backup; you need to rely on that backup to recover all your data. However, the risk is high for the backup being corrupted, meaning that if you need it, it won’t be there.

Secondly, risk mitigation and recovery. We mentioned that one of the copies should be accessible for quick retrieval. However, there is one type of risk that we have to consider: events that occur on-premise.

Let’s imagine the following scenario: your company has a server on-premise, and you perform backups regularly to it. Unfortunately, your data gets lost if a fire occurs in the building.

Although these reasons support the idea of having at least two backups, there’s still one thing to assess. No matter how many copies we do, if they all are in the same physical location (or area), we will lose the data in case of a wide variety of incidents (e.g., fire, robbery, natural disaster).

Of course, we could solve this situation by using that single backup in the cloud, but this would result in not having one copy near our infrastructure for fast recovery.

Given this, we need at least 3 copies of your data to provide the previously pointed requirements:

  • the primary copy of your data;
  • a second copy that should be accessible for a quick recovery;
  • the third copy offsite to avoid data loss in case of site-level disaster.


Store these copies on two different storage media types.

The 3-2-1 rule suggests that you keep copies of your data on at least two different types of storage like internal disks (e.g. internal HDD or NAS), removable media (e.g. memory cards, optical disks, magnetic tape), or the cloud.

This rule prevents the risk of data loss or corruption due to having your backup in the same storage type. Imagine this scenario: you perform backups on two separate external disks, but of the same model and specs.

If the hardware is exposed to the same daily stress and has the same life span, it is not that uncommon that if one breaks down, the other fails as well within a short time.

Firmware failures are also an issue that could affect external drives with the same model. Another example: your company has two backups on separated hard drives but on the same server. Any event like a technical malfunction or a disaster could compromise your server’s integrity.

All these situations could compromise your backup availability.


Keep a backup copy offsite.

This rule prevents disasters that can compromise any data mediums in the same physical location.

Tape storage in offsite locations is a popular solution for companies of various sizes. Today, this storage medium is used for system backup and long-term data archiving, and due to its low price, it has remained a viable option.

However, tape libraries have some challenges, such as:

  • the high initial investment in complex robot systems;
  • limited lifetime;
  • logistics, like transporting physical tapes to offsite locations;
  • tapes require human interaction to archive them correctly;
  • both tape and robot systems need periodic maintenance and replacement, done by expert staff;
  • costs with infrastructure maintenance – electricity, space, air conditioning, etc.

Cloud solutions can be more cost-effective for backup and long-term archive storage than tape because they are more agile and easy to set up.

If you work for a small or medium-sized company without a remote office or branch office, storing your backups in the cloud may be an option to consider.


3-2-1 has evolved.

The 3-2-1 rule is still valid, especially for organizations with no alternative strategy in this regard. However, nowadays, the paradigm has changed, especially with the rise of threats like Ransomware.

Although the principles of the 3-2-1 strategy remain:

  • Keep multiple data copies – at least three,
  • Data copies should be geographically separate,
  • At least one of the copies should be easily accessible for quick retrieval,

another layer of protection should be taken into consideration:

At least one of your copies should be immutable or be isolated (physically or virtually) in case of a ransomware attack targets all your data, including your backups.

Let’s review some of those variations.


3-1-2: two copies in the cloud.

This strategy consists of the following:

  • 3 data copies:
  • 1 production copy in your disk,
  • 2 geographically separated backups in the cloud.

As cloud-backed backup solutions appeared, the second media type was discarded in favor of the cloud. However, just a copy in the cloud at a specific location is not immune to a data center (or even the entire provider) outage, for example.

Although it may be redundant, even having two copies in two different data centers at the same provider does not eliminate the risk for companies. Working with just one cloud provider can expose organizations to the so-called vendor lock-in: what if the cloud provider stops functioning or ceases to exist?

Having two copies in the cloud also increases costs for your organization because you need to purchase and configure two provider instances.


3-2-1-1-0: adding immutability and resiliency.

A well-known variation is 3-2-1-1-0, with two additional rules:

  • Keep one copy of the data in an immutable or air-gapped media,
  • Ensure zero errors in recovery.

This strategy recycled the idea of an offline (or air-gapped) copy of your data – one copy that is disconnected or inaccessible from the network. The “air gap” represents the physical distance that makes it impossible for hackers to access your information.

In the cloud, immutability can replace this concept, which means that the storage medium actively blocks data edition or modification.

These mechanisms gained traction due to the rise of ransomware attacks and help actively to mitigate them:

  • Being air-gapped prevents ransomware attacks from propagating to that specific media since your data is offline;
  • Immutability prevents your data to be encrypted and therefore changed by Ransomware.


Last but not least, this 3-2-1-1-0 strategy requires that all backups be error-free.

For this to happen, you must implement some procedures in your team schedule, such as:

  • Permanent monitoring of the success of the execution of the backups,
  • Correcting any errors as soon as they are identified,
  • Performing regular recovery tests using the different copies.


Choose your flavor.

If you want to simplify all these strategies, one basic rule is that the more copies of your data, the better – each copy lowers the risk of data loss.

But as an IT Administrator, manually maintaining all these pieces running can be a management nightmare. Nowadays, many backup solutions have tools that help you implement these strategies by providing automation processes to store data in different storage mediums.

A valid approach may also involve delegating the backup strategy to specialized companies that set up and maintain all the infrastructure, but although reliable, this can be costly.

In any case, it’s always important to find the perfect balance between cost-effectiveness, manageability, and data security.

Here is where Vawlt steps in.


One cloud? Go multicloud!

With the progressive transition to the cloud, companies face increasing challenges regarding security and reliability.

There are often reported cases of cloud services being offline or compromised due to outages in data centers, which lead to situations where the backup in the cloud can’t be retrievable or even is lost. These events are even worst for cloud-first companies because they entirely rely on the cloud, not only for their backups but also for other crucial areas.

Vawlt’s core concept lies in the idea of a cloud-of-clouds for self-managed data storage.

What does this mean?

Well, instead of having several copies of your data in different cloud instances for redundancy, your data is encrypted, signed, and scattered among several cloud providers.

How can this concept add resiliency to the backup strategy of your company? Because it tolerates the failure of any of the cloud providers.

It’s possible to rebuild the original data using only a subset of the data pieces, which means that even if any of the cloud providers is compromised or unavailable, you can still retrieve your data altogether. Vawlt can even tolerate its failure: if our servers are down or compromised, all users’ data is still accessible. Business as usual.

This fault-tolerant feature of Vawlt is a crucial factor that adds a layer of resiliency to your backup strategy in the cloud.


How to implement a bullet-proof backup strategy for your company with Vawlt?

Vawlt’s managing unit is the creation of virtual storage volumes – virtual containers where you’re going to store data – in our Dynamic Storage Platform.

Depending on the usage, you can configure the volume type, either for hot data (which changes and is accessed often) or cold data (which is less accessed or altered). In any backup strategy, Vawlt’s storage volumes cover the different stages of the data lifecycle.

For backups offsite, if your company uses a backup software like Veeam, you can create a backup on-prem and then implement a job that replicates the backup for a Vawlt’s Warm Volume. This volume allows data edition and has file versioning, storing two versions per file. Therefore, you can roll back your data if needed.

To ensure the immutability of your data, you can schedule jobs to copy the backups to an Immutable Volume, which provides enhanced backup protection guarantees by preventing data modification.

You can also use the Archival Volume for cold data for replacing your “tape-like” storage solutions and benefit from the lower price of this storage tier while being resilient and secure.

In all volumes, you can select the cloud providers you want to work with, the geographical locations where your data is stored, and the size to be provisioned for the volume. This configuration is adaptable to your needs and is done through a straightforward web interface in a couple of clicks.


It also guarantees data privacy: Vawlt’s zero-knowledge end-to-end encryption and its Data-Centric Architecture ensures all data travels encrypted directly from the users’ appliance to the clouds. Only the owner of the data can access it.

At the end of the day, no matter the strategy, backups are great, but recovery is a crucial topic for your business continuity.

Vawlt can be your perfect ally to a resilient backup strategy in the cloud because it integrates seamlessly with your favorite backup software while being cost-effective and agile.


And you, what strategy do you apply in your company?

Follow us and join our Reddit community.
We’d love to hear from you on this topic!

Deixe um comentário

O seu endereço de e-mail não será publicado. Campos obrigatórios são marcados com *