Data Backup and the 3 2 1 1 Backup Rule

Why is a backup strategy important?  According to the University of Texas 94% of companies that suffer a catastrophic data loss do not survive.  43% of businesses do not reopen and 51% are out of business within two years.  What's your company's backup strategy?  Make sure your company follows the best backup practices to protect your valuable data.  We suggest following the core strategy of the 3 2 1 1 backup rule.  What is the 3 2 1 1 backup rule?

  1. 3 copies of your data.
  2. 2 copies on separate media.
  3. 1 copy off-site
  4. 1 copy off-line.


3 copies of your data

In addition to the copy of your data that runs on production storage you should have at least two additional backup copies.  This gives you a much greater chance of successful data recovery with three copies of your data.  If there's a 1/1000 chance of errors on each copy of your data then the probability of each copy having errors simultaneously is

1/1000*1/1000*1/1000 = 1,000,000,000

That's a one in a billion chance that all three copies of your data will be unreadable – a very small percentage.

2 copies on separate media

It's important to have at least two copies of your data on separate media like disk AND tape.  If all of your backups reside on the same physical hardware and the hardware fails, you will not be able to restore from backup. 

1 copy off-site

You should keep one copy off-site to protect against disasters like fire, earthquakes and floods.  This copy of your data should be stored far enough away to avoid the impact of any local disaster. 

1 copy off-line

It's important to have at least one copy off-line.  This off-line copy protects you against ransomware.  Even if you have a copy off-site but still online, ransomware could encrypt all of your on-line backups and you will not be able to recover.  Tape is still one of the most cost effective ways to keep your data off-line.  An LTO8 tape can natively store 11 TB of data.

Auditing your Backup

It's a good idea to regularly audit your backup environment before you have to perform a restore.  Here are items to consider when auditing your backup.

  1. Is all necessary data backed up?  Verify that all production data is backed up.  If a server exists it should be backed up.  Be sure that any new servers are added to the backup rotation and any retired servers are taken out of the backup rotation.
  2. What is the backup schedule?  How often does the backup run?  It should be run at least once a day or more often for critical servers.
  3. What were the results of the last backup jobs?  Verify that the last backup was successful.  If not, why are they failing?  How long have they failed?  What was done to correct the backup failures?
  4. How long is disk backup data retained?  We suggest at least two weeks of backup history on disk.  The longer the better.  Your back up disk repository should be at least three times larger than your production data usage.
  5. How long is tape backup data retained? We suggest eight or more weeks for backup tape rotation.  The longer the better.  Make sure you are compliant with any backup retention requirements for your company. 
  6. How are off-line backups stored?  Make sure that off-line backups are securely stored.  Are the backups encrypted?  Are the off-line backups stored in a data approved fire safe? 
  7. What were the results of the last data restore request? Was the company able to successfully restore data when requested?  If you were unable to restore data, what was the cause?  What steps were taken to ensure this doesn't happen again?
  8. Do you run Full Backups?  We recommend full backups at least monthly, just in case a differential/incremental backup gets corrupted.
  9. Do you use Differential Backups?  Differential backups, backup all data that was changed since the last full backup.
  10. Do you use Incremental Backups?  Incremental backups only backup changed data since the last backup.
  11. If you're backing up Virtual Machines (VMs) is your backup software Virtualization aware?  We recommend using a virtualization specific backup solution like Veeam Backup and Replication.
  12. If you're backing up a Virtual Machines (VMs) are you getting Image backups of the VMs?  We suggest obtaining image backups of VMs. This significantly simplifies the VM recovery process.
  13. Are VMs that have transaction log data like Exchange and SQL Server Quiesced?  Quiescing temporarily stops the transaction flow of the database so no partial transactions are included in the backup.  Make sure that your backup solution properly truncates transaction logs after a successful backup.
  14. Are the backups following the 3 2 1 1 backup rule?

Backup Verification

We recommend regular restores of your test environment to ensure your data is properly backed up.  You don't want to find out that your backups are corrupted when you need to perform a data restore. Veeam's SureBackup Feature in their Enterprise and Enterprise Plus versions automatically verifies the integrity of the backup.  It runs a malware scan on VM data, verifies it can start the VM in a protected environment and optionally runs a Cyclic Redundancy Check (CRC) on the data to ensure the backup data is valid.  



In our opinion you can never be too careful with backups.  Having a robust backup strategy ensures you can recover from a data disaster.  For more information on creating a customized backup strategy for your company please send an email to 

BackupCybersecurityIt training

Get updated on the latest Information Technology news, Cybersecurity, Information Technology Trends, and recent real-world troubleshooting experiences.