What is the 3-2-1 backup rule?

In the realm of data protection and Veeam, the 3-2-1 Rule has long served as a foundational guideline. This rule outlines the importance of maintaining multiple copies of your data, but as technology continues to evolve, the notion of data redundancy has taken on new dimensions, particularly with the introduction of cloud-based solutions. In this article, we’ll explore how you can enhance your data backup strategy with it.

What is the 3-2-1 Rule?

The 3-2-1 Rule is a data protection strategy that recommends having three copies of your data, stored on two different types of media, with one copy kept off-site.

As a widely embraced data backup strategy, the 3-2-1 Rule prescribes:

  • Maintain three copies of your data: This includes the original data and at least two copies.
  • Use two different types of media for storage: Store your data on two distinct forms of media to enhance redundancy.
  • Keep at least one copy off-site: To ensure data safety, have one backup copy stored in an off-site location, separate from your primary data and on-site backups.

This rule is a robust guideline for data protection, ensuring redundancy, resilience, and the ability to recover data even in the face of unexpected events or disasters.

By mitigating single points of failure, enhancing data availability, and protecting against corruption, redundancy ensures the safety of critical information. It plays a pivotal role in disaster recovery, adapting to evolving technologies, and meeting compliance requirements. Diversified storage and off-site backups, as recommended by the rule, effectively mitigate various risks, contributing to the overall security and reliability of critical data.

Origin and Evolution of the Rule

The 3-2-1 Rule was first conceived by U.S. photographer Peter Krogh. This was a rather important innovation for the photography world and has deep implications for other technology disciplines and stays timeless to this day. Even though this rule is flexible and timeless, I reached out to Peter for a quote on the 3-2-1 Rule nowadays and he offered this:

  • 3 copies of data
  • On 2 different media
  • With 1 copy being off-site

The 3-2-1 Rule was first concepted by U.S. photographer Peter Krogh. This was a rather important innovation for the photography world and has deep implications into other technology disciplines and stays timeless to this day. Even though this rule is flexible and timeless, I reached out to Peter for a quote on the 3-2-1 Rule nowadays and he offered this:

While my focus has been primarily on digital media, the 3-2-1 principles are pretty universal. In fact, the “rule” itself was simply a synopsis of the practices that I found among IT professionals, as I was writing my first book. I just gave it a catchy name.

Over nearly 20 years, 3-2-1 has been a great tool to evaluate data risk exposure. It started in an era of 30GB hard drives and CD backups and has scaled nicely to a world of 18TB drives and ubiquitous cloud storage. With so much of our life and livelihood stored in digital form, and with the threats of malware increasing, it’s important for everyone to have a framework for assessing vulnerabilities.

Peter Krogh

While the 3-2-1 backup strategy (three copies, two media types, one off-site) remains a pillar of data protection, evolving storage needs demand a nuanced approach. Daily full backups might no longer be the most efficient choice. Implementing alternative methods like incremental/differential backups or continuous data protection (CDP) can offer significant storage and performance benefits but require closer management for data consistency and accessibility.

Modern Trends and Considerations

  • Deduplication: Modern organizations leverage deduplication to minimize storage footprints, but its intricate nature can extend recovery times compared to full backups. Weighing space savings against potential delays is crucial.
  • Cloud Storage: Cloud storage offers convenient off-site accessibility but scrutinizes data protection costs and redundancy models. Doubling up with another cloud service adds security but remember bandwidth limitations. Planning for disaster recovery must include communication time and costs.
  • Moving Beyond Legacy Tech: Maintaining aging tape or optical libraries can be cumbersome and expensive. Exploring modern alternatives like object storage for long-term archiving and off-site copies is recommended.

Disaster Recovery Solutions

Beyond mere data recovery, Disaster Recovery as a Service (DRaaS) expands the 3-2-1 concept by safeguarding server OSes, environments, applications, and more. DRaaS, leveraging server virtualization, can seamlessly restore entire IT operations after an outage, minimizing downtime and maximizing business continuity.

Adapting, Not Abandoning

The 3-2-1 rule remains a fundamental framework, but adapting to modern technologies and threats is crucial. Explore solutions that seamlessly integrate with modern approaches like CDP and deduplication while offering intelligent data management and comprehensive DRaaS capabilities. By embracing these advancements, organizations can ensure their data is not just backed up, but readily recoverable and resilient in the face of any disruption.

Modern Applications of the 3-2-1 Rule

With this base rule outline, now we can upgrade it to work with modern critical data. However, let’s not forget the base rule’s best attributes:

  • It does not have any specific technology or hardware requirement.
  • It can address nearly any failure scenario.

In today’s digital age, the 3-2-1 Rule has evolved and expanded. Add content with bullet point formatting to explore how organizations now implement this rule with modern technologies.

  • More Than Three Copies: Understand why, in some cases, organizations have more than three copies of critical data, ensuring enhanced recoverability.

We have spoken to several organizations that have had more than three copies in flight for some of their critical collections of backup data or disaster recovery (DR) infrastructure. One of the surprise use cases is the ability to have additional analytics on the data. This can be tested with SureBackup or a more specific line of business analytics with the data in the backup or DR infrastructure. Additional use cases like this bolster the value of a backup solution in organizations.

Even more attributes of this rule include:

  • Versatile Implementations: Discover the diverse ways organizations apply the 3-2-1 Rule, including various storage methods and combinations.
  • Ransomware Protection
    • An Offline, Air-Gapped, or Immutable Copy: In the context of ransomware protection, learn why it’s vital to have at least one copy of your data offline, air-gapped, or immutable.
  • Data Resilience and Recovery Testing
  • Ensuring Error-Free Backups: Explore the importance of recovery testing to ensure that your data is error-free and ready for restoration.

Embracing Cloud Backups

In the past, relying on physical media such as tapes and hard drives was the norm. Today, we can achieve a higher level of efficiency and reliability through cloud backups.

Cloud backups not only simplify and modernize data protection but also open new avenues for data security and resilience, ultimately safeguarding your critical information in an ever-evolving digital landscape.

Cloud backups provide several benefits, including:

  1. Instant Availability: With cloud backups, your data is not only offsite but instantly available reducing recovery time. There’s no longer a need for the manual process of transferring, cataloging, and tracking physical tapes.
  2. Data Redundancy: Cloud-to-cloud storage ensures that your backups are stored securely on robust cloud infrastructure, reducing the risk of data loss due to hardware failures or other disasters. Leading cloud providers offer multiple availability zones, guaranteeing uninterrupted data access even if one data center experiences downtime.
  3. Streamlined Data Protection: Cloud backups simplify the backup process, eliminating the need for physical transportation of hardware. This saves valuable time and resources.
  4. Immutability: With the help of native APIs such as the Amazon S3 Object Lock API and Immutable Storage for Azure Blob, you can further enhance data security by making your backups immutable and placing them in a WORM (Write Once, Read Many) state. This level of immutability is crucial for maintaining data integrity, ensuring compliance, and safeguarding against potential data breaches.

You can define immutability periods in alignment with your data retention policies, achieving and sustaining the highest standards of security and compliance without incurring unnecessary costs. In essence, these immutability features fortify your data against tampering or accidental alterations, making it an essential component of your comprehensive data protection strategy.

The 3-2-1-1-0 Rule with Veeam

Veeam can configure numerous combinations following the 3-2-1 Rule. This versatility is evident in the following implementations, each contributing to adherence to this guideline:

  • Backups on disk (DAS, SAN, NAS, and appliances)
  • Backups on tape
  • Backups on removable storage
  • Storage snapshots (caution on separate media from production)
  • Backups in object storage such as in the public cloud with the Scale-out Backup Repository’s capacity tier
  • Backups in cold archive storage in the public cloud with the Scale-out Backup Repository’s archive tier
  • Backups hosted or managed by a service provider, including Veeam Cloud Connect
  • Replication to another host or site with Veeam replication
  • Backup copy jobs to another storage location

The Veeam difference is that we have added an extra 1 and 0 at the end, helping ensure recovery with the many types of incidents that can occur. This upgraded rule gives incredible versatility by going the extra mile.

The figure below is our 3-2-1-1-0 Rule visualized:

  • Three Copies of Data: Ensure that you have three copies of your data, adhering to the traditional aspect of the rule.
  • Two Different Media Types: Maintain data redundancy by using two distinct media types, but now, consider cloud storage as one of those options (i.e., snapshots on volumes and backups on object storage).
  • One Copy Offsite: Have one copy of your data stored offsite, which can be effortlessly achieved with cloud backup solutions (i.e., alternate AZ, region, or cloud provider).
  • One Copy Offline, Air-gapped, or Immutable: Acknowledge the importance of having one copy that is either offline, air-gapped, or immutable. This aspect is critical, especially in the context of ransomware protection, where an offline, air-gapped, or immutable copy can be a lifesaver.
  • Zero Errors with SureBackup Recovery Verification: Finally, ensure that your data is error-free by employing SureBackup recovery verification, which can proactively identify and address potential issues with your backups.

These two additions are critically important today. Having a copy of backup data that is either offline, air-gapped, or immutable is an incredibly resilient specimen to help ensure data recovery in a ransomware event. There are some scenarios where a copy can have multiple characteristics, such as WORM tape media removed from the tape library device. This would be offline, immutable, and air-gapped all at once. I collectively refer to the phrase “ultra-resilient” for a copy of data that is either offline, air-gapped, or immutable.

Backing up your data is not enough – you must ensure that each backup is recoverable, complete, and uncorrupted. Recovery testing is critical because it ensures that you really are protected against disasters and ransomware attacks. SureBackup recovery verification by Veeam is a great way to confidently know that you can restore data. This isn’t because a Veeam backup isn’t “good” it is just that certain behaviors are only manifested on restores or reboots that may inhibit a restore going as planned.

At Veeam, we believe Cybersecurity is better as a team sport. We have storage partners for the data center and cloud that provide immutable backup copies managed by our software, from snapshots, flash disks, appliances, object storage. It is supported at every copy perhaps one in the data center, two in the cloud, which makes sure it is too difficult to compromise all copies. If all your eggs are in one basket – perhaps a former employee knows how to unlock immutable, but if it’s distributed across three vendors, then the chances are impossible.

Leveraging multiple vendors also proves advantageous in situations where data portability is crucial, such as the need to restore backups from one location to another due to supply chain issues. Veeam not only supports this functionality but also increases your likelihood of achieving successful data recovery when multiple vendors are involved.

The 3-2-1-1-0 Rule, as endorsed by Veeam, is the modern approach to data protection. We have nothing but evidence in the form of customer stories at the Veeam website that bad things happen to good servers, storage, and data. Now, more than ever, you need to be able to have control over your data to ensure recoverability.  Ready to evolve your 3-2-1 strategy? Let Veeam be your guide. Explore our Cloud Backup Solutions and discover how we can help you achieve data resilience in the modern era.


Veeam Data Platform 23H2 Update
Free trial
Veeam Data Platform
23H2 Update
We Keep Your Business Running

Similar Blog Posts
Business | July 1, 2024
Business | June 27, 2024
Business | June 18, 2024
Stay up to date on the latest tips and news
By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam’s Privacy Policy
You're all set!
Watch your inbox for our weekly blog updates.