It's time for better data protection: Why the 3-2-1 rule isn't enough
With reports showing that 90 percent of organizations were impacted by ransomware over the past twelve months, policies ensuring that data is both safeguarded and recoverable have become a necessity rather than an option.
However, changes to the data security landscape in the intervening years since methods such as the 3-2-1 backup rule were first adopted means these approaches may no longer be fit for purpose when it comes to mitigating against data loss.
The unfortunate reality is that for today’s digitally enabled organizations, data has become a critical resource that’s central to keeping operations running. So, when ransomware causes a business to lose access to its data, operations can become paralyzed for days or weeks. It’s at this point that many organizations that are still reliant on 3-2-1 approaches discover that their recovery isn’t fast and won’t necessarily be guaranteed.
Let’s take a look at how cybersecurity risks like ransomware have changed the rules of the game where data protection is concerned.
The 3-2-1 rule of data backup
First postulated back in 2005, the 3-2-1 rule of data backup aims to help ensure organizations can recover data following an event such as accidental data deletion, data corruption, physical device failure or loss, and even issues like a flood or fire at an office location.
Providing a simple but effective form of disaster recovery, the 3-2-1 rule has become an industry standard for data protection and disaster recovery. Back in 2005, the recommendation was to maintain one primary backup and two copies of data (3), ensure backups are saved on two different types of media (2) and keep at least one backup file offsite (1).
The key strength of the 3-2-1 rule is that it’s framed around the concept of redundancy. By keeping multiple copies of data in disparate locations, organizations will bolster their resilience. So if something impacts one copy, the others will still be safely available on another storage medium or location.
While IT environments have evolved significantly, today’s organizations still utilize much the same methodology when implementing a data backup strategy. For most, the application of the 3-2-1 rule will look something like this:
- Keep 3 copies of data, including all production data and two backup copies
- Store data on 2 different types of storage -- any combination of on-premises, cloud and offline options
- Ensure 1 backup copy is stored at an off-site location -- such as a public cloud server
However, this legacy data protection approach is no longer robust enough to appropriately counter modern day cyber challenges like ransomware.
The problem with the 3-2-1 rule
Traditional backup strategies based on the 3-2-1 rule use periodic snapshots to protect data. But when a user inadvertently lets malware into the system that compromises the entire network, near instant recovery can prove particularly challenging.
For example, if an organization experiences a ransomware attack that affects its file server, it may find all its point-in-time snapshots and local backups are also compromised if these were held on the same fileserver that was hit.
That leaves the organization with the next available data backup copy -- but this is held remotely and fewer points in time are available remotely which means that the recovery point could leave them with significant data gaps. In some cases this could be hours or days. Added to which, low bandwidth to the remote site makes the data recovery process painfully slow. Since today’s organizations now generate significant volumes of data on a daily basis, this may prove a massive undertaking that is strung out over several days or more. During which time operational productivity takes a nose dive.
The reason why ransomware is so effective is that it often targets recovery mechanisms like snapshots and backups to prevent recovery. Which means that organizations will need to consider another backup option -- one that enables them to recover fast and comprehensively in the face of modern day threats like ransomware.
Disaster Recovery as a Service (DRaaS)
Organizations looking to build on their traditional 3-2-1 strategy are now turning to DRaaS providers that offer the hosted infrastructure resources, data replication and continuous data protection technologies they need to maintain critical data resilience and recoverability across all their environments -- on-premises, hybrid and multi-cloud.
Utilizing a DRaaS provider enables them to quickly take advantage of powerful always on and near synchronous replication technologies that make it fast and easy to recover data and applications within seconds of an attack. With the added certainty that they will be utilizing data copies that have not been compromised by malware because they have been held in a safe and tested environment
In the event of a disaster at a primary site, the organization is able to immediately fail over to their DR site with the help of their DRaaS provider, who does all the heavy lifting where infrastructure is concerned; for example, they operate the data center, keep hardware up to date, and perform all the essential daily troubleshooting tasks. When an organization needs to call on their backed-up data, they’ve also got access to people with the experience and focus to make the process as effective as possible.
When it comes to selecting a DRaaS provider, organizations need to ensure that the partner they select offers a non-disruptive solution that features fast near-synchronous replication and is scalable enough to deliver against fast changing needs. Also key will be ensuring that workloads can be seamlessly moved to the cloud and that the service offers a clear cost advantage compared to developing an on-premises private cloud.
Meeting today’s data protection challenges head-on now depends on building on 3-2-1 strategies that deliver fully orchestrated disaster recovery with minimal data loss and downtime in the event of a malware attack.
Christopher Rogers is Technology Evangelist at Zerto, a Hewlett-Packard Enterprise company