TimurD - Fotolia


Modernizing the 3-2-1 backup strategy for SMB customers

The old 3-2-1 backup strategy is a good rule of thumb for protection of your SMB customers' data. We take a look at what the strategy looks like in the current state of technology.

Maintaining a good backup of computer data is arguably the most important task of system administration -- whether that task is performed by an on-staff backup admin or by a managed services company paid a monthly fee to handle the work. In the early days of business computers, we made sure to label, rotate and verify tapes so that if the worst happened, we could restore from tape and be up and running quickly. Experts recommended having a tape for each day, stored in a fire-proof vault preferably offsite.

A backup strategy has to be robust enough to recover from disaster, but simple enough to give a reliable copy to work from when a user's file is corrupted. It is easy to discuss the choices with computer professionals because we understand the technology, but the opinions on how to execute a backup plan are as numerous as the number of experts that you ask. The perfect backup plan is one that is executable and verifiable.

The long-standing 3-2-1 backup strategy plan is an easy-to-explain, easy-to-assemble formula that even your least technically oriented customer can understand. I've fleshed it out with detail that reflects the current state of technology.

3: Keep three copies of critical data. Be sure to have three unique copies stored in three different places of any data that you want to protect, including bare metal images, databases or files of any type. Three different locations is important because it mitigates the risk that a disaster would destroy more than one copy of your data. Local RAID or hard drive, external disk, NAS, tape, DVD, flash drive and cloud can each be considered a repository for one of your three copies. The local RAID or hard drive is onsite and external disk or tape stored offsite, preferably in a fire-proof location. Cloud backup has built-in redundancy by the provider but should only be counted as one of your three copies. It is important that the data is under your control and easily accessible.

2: Have your data on two types of media. Today that primarily means on disk and on tape (tape's popularity for backup is waning, but it's still being used). And know that if you're backing up to the cloud, you're most likely backing up to disk.

1: One copy must be offsite and offline. This is the critical copy that can be used to restore your system in case of a disaster where your IT resources are seriously compromised or destroyed. A tape backup that's offsite at a remote site, such as at Iron Mountain, will meet this criteria. But remote, cloud-based backup will not, unless it is also offline.

Missing from the steps is one specifically for verification. Testing your backup might be implied in the rule, but I like to add a zero to the 3-2-1 list of tasks that I do for clients so that they have no question that the backup will be tested. Images, databases and files are tested differently depending upon configuration and criticality of data. To verify your tape backup, at a minimum make sure the tape is readable by verifying the contents. Verify a disk backup with a file structure or checksum confirmation. For cloud, it is easy to check the structure and restore a file for verification. But the only way to really tell if you have a good backup is to restore the entire backup and test.

Solutions for the 3-2-1 backup strategy don't have to be expensive. There are several ways to economically protect data. Cloud backup and external drives can be low-cost alternatives for data recovery as part of a disaster recovery plan. For most clients in the SMB space, a 3-2-1 backup plan will adequately safeguard their data so that if the worst happens, the system can be rebuilt and the data restored.

Backup is an essential part of a disaster recovery/business continuity plan. Many are the horror stories of system failures where no backup was available. It is common to see statements like, "80% of businesses affected by a major incident close within 18 months" or "43% do not re-open after catastrophic data loss." Several experts have claimed that the authenticity of these statistics cannot be verified. But even if you question the statistics on the number of companies that fail after a major data loss, there is no question that the loss of critical data can cripple a company. Eliminate or reduce the negative impact by including the modernized 3-2-1 backup strategy for you and your clients.

About the author:
Mary Hester is CEO at LAN Systems, an Atlanta-area IT solutions provider.

Next Steps

How do IT solution providers sell cloud backup to SMBs?

Storage expert George Crump on the top use cases of hybrid cloud

Dig Deeper on Storage Backup and Disaster Recovery Services