Aug
22

Be Ready Before Disaster Strikes: The 3-2-2 Backup Rule and Beyond

Be Ready Before Disaster Strikes: The 3-2-2 Backup Rule and Beyond

August 22
By

Last year, technical failures due to defects and cyberattacks were so widespread that ZDNet termed it “miserable,” and MIT Technology Review called it a “bumper year” for misfires. The hope was that 2019 would be much better.

Unfortunately, that’s not been the case.

From various cities being held for ransom by cyberattacks to IT outages in both public and private arenas, 2019 isn’t showing great improvement. That’s why it’s wise to embrace a strategy that prepares for disaster before it strikes.

Such a strategy used to be based on the 3-2-1 backup rule, broken down this way: keep at least three copies of your data, store two backup copies on different storage media, and make sure one of them is stored offsite.

But as technology attacks and failures have increased and safeguards have improved, the 3-2-1 rule has evolved into the 3-2-2 rule, which means you need to: keep three copies of your data; store two backup copies locally but on different mediums (devices); and send one offsite and one to the cloud. Another option is 3-2-3: one production copy with two backup copies; one backup is disk while the other is rotational or fixed tape; and two geographically separated copies in the cloud with an offsite copy in something like a car trunk or storage unit.computer monitor with data backup to cloud showing

“Most often, if the two devices you have as your local copies are attached, they’ll both be affected if the unfortunate should happen. A rotated and a continuously updated copy of your data in the cloud that’s not in the same physical location as the other two is paramount in protecting your files,” Techtality reports.

Another reason that the 3-2-2 or 3-2-3 rules provide stronger protection is that, while you may believe you’ll never get hit by a natural disaster like a hurricane (for example, because your home operation is in Minnesota), you might experience a fire, flood, theft, voltage surges or malicious attacks from cybercriminals. It’s estimated that 43 percent of all cyberattacks are aimed at small businesses, and in most cases, it takes at least six months for a business to detect a data breach.

It used to be that if an organization wanted to plan for disaster, that meant devoting time and resources to planning and testing data recovery at an offsite location. But with the cloud now offering security and data protection, organizations don’t need to devote as much time and money since such services can work easily with onsite infrastructures.

In today’s data threat landscape, it’s not a matter of if, but when disaster will strike an organization. Whether it’s Mother Nature unleashing a natural disaster or cybercriminals wreaking havoc on your data, no organization can afford to wait until after a problem exists to take action.

“At the end of the day, it’s all about peace of mind—not just for the IT and cybersecurity teams but your users as well. To truly deliver digital transformation, users should be comfortable that their data and privacy are not at risk when they connect to your services,” TechTarget reports.