Interestingly, we have a professional photographer to thank for the 3-2-1 backup strategy that many companies employ today. Peter Krogh originally shared the concept in his 2009 book The DAM Book: Digital Asset Management for Photographers. This backup strategy has helped prevent data losses for an untold number of organizations. But in the digital world 11 years is a very long time, and just like any technology (or technology process in this case), it’s ripe for an update.
Ransomware is the driving force behind our reasoning. If you get hit by a successful attack, every second that your systems are down is painful. Costly, too, to the tune of $5,600 a minute according to Gartner. That may be enough motivation for most IT pros. But the most glaring problem with the traditional 3-2-1 backup rule is that your backups could become compromised, too, and you might not be able to recover your data at all. That might also force you to turn to slow backup systems for recovery, which may make it impossible for you to meet your recovery time objective (RTO) and recovery point objective (RPO).
Traditional 3-2-1: Impeding Recovery
Let’s take a look at what the traditional 3-2-1 rule entails. In essence, it recommends that you keep at least three copies of your data. Store two of those copies on separate media and store at least one additional copy at an offsite location. While it sounds like having two copies onsite means you automatically have quick access to your backup if your primary storage fails, that may not be always the case. What happens when disaster strikes and takes both of your onsite devices down? And if ransomware gets into an admin’s system it can spread like wildfire and even infect your secondary storage. These scenarios happen all the time.
Say both of your data copies are compromised, so you shut your systems down and put your backup and disaster recovery plan into motion. That’s when you turn to your offsite backups. And that’s where the problems start. With secondary storage primarily built for backup security and scale at a relatively low cost, these systems can bog down your recovery if they can't quickly transfer the huge amount of data that typically needs to be recovered. That could add a ton of time for your applications and data to come back online after a disaster. Very costly time.
Two Plus One Equals Added Security
As mentioned above, in the traditional 3-2-1 rule the “2” refers to the number of media types (or devices) you should use onsite. That’s because it’s important to keep your backups as close to your endpoints as possible so your data can be retrieved as quickly as possible if disaster strikes. The last thing you want to worry about is latency or access. As an added layer of security, the "1" in 3-2-1 says that one of those backup locations should be in the cloud or secure storage.
3-2-1-1: Immutable Storage Locks Your Data Down
Unfortunately, to some degree, all of your backups are vulnerable to a ransomware attack. That's why IDC recommends a new take on the traditional backup rule: 3-2-1-1, with the extra "1" representing immutable storage. In computing, the dictionary defines immutable as "an object with a fixed structure and properties whose values cannot be changed." Immutability is the key to successful ransomware protection because your data is converted to a write-once, read many times format that can't be altered. Unlike data encryption, there is no key, so there should be no way to "read" or reverse the immutability. Immutability is also key when paired with other data protections, such as continuous data protection, which can capture data on each write at very quick intervals measured in seconds. If that data is then stored in immutable form, with the right technology and good restore and recovery practices, you can access unaltered data within minutes of a breach.
Focus On Business Continuity
A continuum of solutions that covers the whole range of customer needs is hard to find. Arcserve’s recent merger with StorageCraft offers a portfolio of solutions that gives you a clear path to business continuity. Whether it’s an appliance-based solution that combines immutability such as the OneXafe 4400 series, or intrusion detection that uses neural net technology such as Sophos Intercept X Advanced included with Arcserve Unified Data Protection (UDP), these are the kind of solutions needed to meet today’s changing and evolving threats.
One thing is certain: the ransomware threat to data backups is not going away. By focusing on business continuity and following the 3-2-1-1 rule you can be more confident that you can recover your data if an attack is successful. StorageCraft can help you implement a modern approach to 3-2-1-1 for storage, backup, and disaster recovery. Schedule a custom demo today.
