There are many concepts or approaches that have naturally changed over the years when it comes to data storage and backups, but also some that have remained somewhat constant. An example of the latter here, one that remains viable in many settings even as the data backup world changes around it, is known as the 3-2-1 strategy.
At Storage Whale, we’re proud to offer the very best in both personal and business data backup services, featuring high-quality, secure cloud storage and other forms of both offline and online storage. We assist clients with a variety of different approaches to their file storage needs, whether for individual purposes or even for large, multi-faceted businesses. While the 3-2-1 approach is not the only strategy some may take in this industry, and variations of it exist that might be ideal for certain settings, there are major themes within this approach that are valuable for the data backup world as a whole. Here’s a primer on how the 3-2-1 strategy works, plus some of the important concepts it hits on that are valuable even if you’re not using precisely this strategy.
Basics of the 3-2-1 Backup Approach
The 3-2-1 rule is relatively easy to follow once you understand each element, which are laid out as follows:
- 3 copies or versions: There should be at least three different versions of your data that are created over three separate periods of time. This ensures that if any disaster or data loss takes place, you can recover even if one or more versions are affected. In fact, many backup systems create far more than three copies, but this is the minimum threshold generally.
- 2 different media: Copies of your data should exist on at least two different mediums, if not more. There are some drives or volumes that are connected in the way they work, and function as the same kind of media – if the primary drive fails here, the backup drive will as well. For this reason, backups need to be on different media than the original files.
- 1 off-site backup: In addition to the above, there should be at least one copy of backup files stored in a completely different physical location than the item being backed up. These are also referred to as offline forms of backup, and they’re vital in case major disaster takes place that impacts online storage formats.
Air Gap Themes
Within this and other data storage methods is the theme of the air gap, which quite literally describes the air between the primary files and the backups. The primary value of an air gap, as you may have guessed, is protecting data in each location from being compromised if one of the others is hacked or otherwise invaded.
For instance, if all your backups can be accessed using the same group of computers under a single server, a hacker could compromise just that one server and attack all your backups at once. But by separating them using air gaps, this process becomes much harder or even nearly impossible.
Now, the key question here is how to achieve an air gap. There are a few different formats often used, from off-site storage drives to various cloud setups, but the ability to utilize physical forms of storage greatly reduces the chances of hackers attempting an invasion. Physical attacks are just too high-risk, which is why the “1” in the 3-2-1 rule – the use of offline storage – is so important.
Electronic Air Gaps
Now, while the ideal air gap for file storage is a physical one, the industry has also accepted that certain forms of electronic air gap can also be achieved. These don’t make it impossible for hackers to gain access, necessarily, but they do allow for far greater security, especially if you use the 3-2-1 approach or something similar and layer in multiple forms of protection.
Here are some basic ways you can achieve electronic air gaps:
- Varying storage: Use different storage types than your primary storage, as attacks for one are less likely to work on another.
- Varying OS: In many cases, businesses will use a backup or service that runs on some OS other than Windows. This is because Windows is the most common victim of ransomware attacks, but these attacks generally won’t be viable for other OS types.
- Environment: If possible, use a backup system that isn’t reachable via your LAN. This prevents compromised servers on the premises from attacking your backups.
- Varied accounts: However you can, use varied credentials and logins for backup systems. If one account becomes compromised, those same credentials can’t be used to attack other backups.
- Immutable storage: This is a term for a setup where backups cannot be changed or deleted until a specified time, even by you.
Improper Applications of the 3-2-1 Approach
As we noted above, the 3-2-1 approach is not the only robust strategy for data backups, nor is it universally applied well. Some cloud-based services, for instance, store backups on the same servers as their primary data, which ignores both the 2 and the 1 in the 3-2-1 rule.
In other cases, there just isn’t enough consideration to data security by the client in question. Areas like email, filesharing or other vendor services are often backed up using only additional copies of data in the same location, which is not robust and will not protect your data fully in case of attack. If you work with vendors regularly, be sure to ask them about data security and how your account would be recovered if it was hacked.
For more on the 3-2-1 approach to data security, or to learn about any of our cloud backup or other data storage solutions, speak to the staff at Storage Whale Today.