You are currently viewing The Golden 3-2-1 Backup Rule – A Resilient Backup Strategy
The 3-2-1 Backup Rule

The Golden 3-2-1 Backup Rule – A Resilient Backup Strategy

1. Introduction

Backup ensures that your critical business data will survive any eventuality that could lead to its loss.

Many companies have suffered from having their hardware – servers/PCs/laptops/tablets/phones) – lost or stolen, destroyed by fires or floods, infected with malware or corrupted by targeted hacker attacks (viruses, worms, ransomware).

Statistics dictate that you most likely will one day lose a crucial part of your business data; the question is whether or not you are prepared for this eventuality.

2. So What is the 3-2-1 Backup Rule?

You may already know that backup is important. However, it is just as important to remember that having one backup copy is often not enough.

Let’s assume that you backup your server to an external drive or tape, which you keep in your office. If your server crashes, you have the backup copy. However, if a fire breaks out in your office, it will destroy both your server and the external drive/tape.

For a one-server user, a backup strategy may be as simple as copying all important files to another device(s) – and keeping them in a safe place, away from the primary source. However, for multiple servers or computer systems, things are usually more complex.

A comprehensive data protection strategy should include the 3-2-1 backup rule.

The 3-2-1 backup rule was established to address hard-drive failures thanks to Peter Krogh. Peter Krogh is a well-known photographer who was obsessed with protecting data.

The 3-2-1 backup strategy is a revered and time-honored backup strategy.

The 3-2-1 backup rule is an easy-to-remember acronym for a common approach to keeping your data safe in almost any data failure scenario. The rule is:

  • Keep at least three (3) copies of your data
  • Store your copies in at least two (2) different storage media          
  • Store at least one (1) of them in an offsite location.

To clarify, let’s take a look at each point of this rule.

Keep at least three copies of your data

Even a trivial event such as a fire alarm triggering the sprinkler system could literally wipe out all your data. Countless other incidents could bring about the same outcome – for instance: theft, a fire, a disgruntled employee with a vendetta, or vandalism by a rioting mob. So, having one backup copy isn’t enough, especially if it is stored in the same location as the primary data and on the same type of media.

Theoretically, the more backup copies you have, the less chance you have to lose all of them at once. This is the premise of the 3-2-1 backup rule –             that you need at least three copies of your data, meaning the primary data and two backups of this data.

Store two backup copies on different devices or storage media

We must remember that any storage device will fail sooner or later. Hard drives fail over time, whether because of a defect or simply wearing out. Two identical devices have a higher risk of failing around the same time than two devices of different types.

Additionally, storing several backups of your valuable data in the same server/location is hardly logical. Whether it is Murphy’s Law or wear and tear or the drives were bought at the same time and have the same mean time between failures (MTBF) rates, it is quite common after a drive failure to experience failure form another drive in the same storage around the same time.

Thus, the 3-2-1 backup rule suggests that if you keep your primary data on an internal hard drive, store your backup copies a different way – for example, on an external hard drive, USB flash drive, or tape. Failing that, at least keep copies on two internal hard disk drives in different storage locations. Remember – your hard drive is cheap, but your data is invaluable.

Keep at least one backup copy offsite

It is obvious that a local disaster can damage all copies of data stored in one place. Therefore, it makes sense to physically separate backup copies. The 3-2-1 backup rule says: keep at least one copy of your data in a remote location. This could be in offsite storage or the cloud. If you want to protect your data from disasters that might strike large areas, merely storing the offsite copy across town is not enough. “Remote” should mean as far away as possible – for instance, in another city, county, state, country, or even continent.

Building secondary data centers or private clouds for offsite data backups are options. However, these would be expensive undertakings for many organizations. Whether you are a small business or a large enterprise, storing backups in the cloud is the most efficient and cost-effective option.

Offsite tapes still exist and can serve some data protection functions. However, in this era of software-defined data centers, partnering with third-party cloud backup providers is a better approach. It provides a simplified way to secure backups offsite and ensure continued availability. Backing up your data is good, but being able to use it when disaster strikes is a crucial step in building a resilient data protection strategy.


Multiple copies stipulated by the 3-2-1 backup rule protect you from losing your primary data together with its only backup copy, whereas storing copies of data in multiple locations ensures that there is no single point of failure and that your data is safe, should something happen to any of these locations.

The 3-2-1 backup rule is a good start in building any data protection system – a way to protect your data from loss/corruption and to control risks in all of the aforementioned situations. Being well prepared in advance is the best data protection policy.

For peace of mind, choose a backup solution that automatically backs up your system and files in the implementation of the 3-2-1.