The question about whether one backup copy is not a new one. The original concept of having a backup copy is so that an organization can quickly recover in the event of a problem or disaster. Most organizations today have adopted what is known as the 3-2-1 backup strategy. It isn’t a new concept, but has it changed and are new market dynamics, policies, or laws mandating organizations to maintain more than one backup copy?
What is the 3-2-1 rule for backup copies?
The rule is that you should maintain three copies of your data, leverage two different types of media to store the data, and ensure one copy of your data is offsite. The three copies of data include your production copy with essentially 2 other copies with one of them being remote or offsite. The concept is to ensure a point of failure such as a ransomware attack, natural disaster, system failure, or human error doesn’t affect an organization’s ability to maintain their business continuity and recovery capabilities. So, this means a minimum of 3 copies of your data and at least two backup copies. So, one backup copy is not enough!
Perhaps one of the biggest differences in recent years for the 3-2-1 rule has been the adoption of leveraging the cloud for backups. Tape backups are still being leveraged as a separate media and for remote backup purposes, so establishing the capability to manage backups on disk, cloud, and tape are essential. Even your cloud data should be protected, and organizations should ensure backup copies are made to keep that data safe as well.
Ransomware attacks are all too common in today’s economy, so that is an added reason that organizations need to ensure they have adopted more than one backup copy and have, at a minimum, adopted the 3-2-1 rule backup strategy. New EU regulations such as DORA (Digital Operational Resilience Act) for financial institutions have enforced new laws for organizations to be more vigilant in terms of their security measures and ransomware attacks. The new ruling includes enforcing financial institutions in the EU to ensure one copy of data is remote from the source. Additionally, backup data needs to be safely secured and must provide immutable backup capabilities. And we can’t forget new rules for obtaining cybersecurity insurance.
With new challenges in today’s economy, new laws and policies are driving the adoption of extended backup operations. Organizations are being driven to adopt more rigorous backup operations that extend the 3-2-1 backup rule. So yes, organizations today need to definitely have more than one backup copy!