The quick answer? There are far better alternatives for the cloud.
The 3-2-1 backup method is like beepers and fax machines: It was once a powerful solution, but its heyday is behind it.
This is not to say that no one anywhere should ever adopt a 3-2-1 backup strategy. But it does mean that, in most cases, organizations should base their backup and data protection strategies on other methods that are more efficient, reliable and cloud-friendly than the traditional 3-2-1 approach.
Here’s why, along with guidance on how to move past 3-2-1 backup strategies by adopting better alternatives.
What is the 3-2-1 backup method?
The 3-2-1 backup method is an approach to data protection that entails the following:
- Maintaining 3 copies of your data. One of the copies can be your production data; the other two are backups.
- Storing backups on two distinct storage systems, such as different public cloudson-prem storage and cloud storage.
- Ensuring that at least one of the copies of your backup data is stored in a separate location from your production systems. For example, if your production environment runs in Amazon Web Services, you’d store a copy of your backups in a different cloud or in a private data center.
The goal behind the 3-2-1 approach to data backup is to maximize an organization’s ability to restore data successfully from backups. The method aims to minimize the risk that recovery will fail because backup data is wiped out by the same disaster that brings down production systems, or because you only have one set of backup data and the storage system that hosts it fails.
Limitations of the 3-2-1 backup method in the cloud era
The 3-2-1 backup method made good sense in the days when most production data and workloads lived on-prem. In that era, spreading backups across different storage systems, and ensuring that at least one copy of backups existed off-site, helped minimize the risk of backup data becoming destroyed during a disaster that affected the business’s on-prem infrastructure.
But we no longer live in that world. The cloud, rather than on-prem, has become the go-to location for hosting data and workloads. By 2028, 70 percent of workloads will run in the cloud, according to Gartner.
In the cloud era, the 3-2-1 backup strategy no longer works well, for several reasons.
#1. Inherent resilience of cloud data centers
Compared to on-prem hosting, public clouds have a very good track record when it comes to avoiding disasters that permanently wipe out an entire data center. Theoretically, this could happen, but the chance are slim.
On top of this, many public cloud services automatically store data across multiple availability zones, which in most cases means separate data centers. This approach guarantees a certain level of data redundancy by default – and businesses can gain even more if they want by adding availability zones or replicating workloads across cloud regions.
This means that, when your assets live in the cloud, you face a lower overall risk of losing all of your data to a disaster that renders an entire hosting facility inoperable. The specter of an earthquake or flood destroying your data in the cloud is less of a concern than it would be if your production environment existed in a single facility, with no built-in cross-site replication.
#2. Changes to cloud data threat models
That said, the fact that data in the cloud is more resilient against threats that could wipe out a data center doesn’t mean that cloud-based assets are immune to other types of risks.
For example, a malicious employee could delete an organization’s cloud data. In that case, the fact that the data was spread across availability zones won’t help because the cloud provider will have removed the data upon the malicious insider’s request. Likewise, an employee could simply delete cloud data by accident. Ransomware, too, remains a persistent and growing threat against cloud-based workloads due to low entrance barriers through Ransomware-as-a-Service (RaaS) and AI – both of which make it easy for malicious parties without extensive technical resources to carry out attacks.
due to low entrance barriers through RaaS and AI.
These types of risks can affect on-prem workloads, not just those based in the cloud. However, given that other types of risks are no longer as prominent in the era of the cloud, the focus of cloud backup and recovery has shifted toward mitigating issues like accidental or intentional deletion of data, as opposed to data center failure.
#3. Scalability and speed limitations
Another limitation of the 3-2-1 backup method is that creating three copies of data and spreading them across multiple storage systems and sites can be a slow process – and it grows more challenging the more data you have to back up and restore.
This is largely because, in most cases, you can only move data between sites using the Internet, and Internet connections tend not to be especially fast. Moving just ten terabytes might take an entire day on a 1 gigabit connection.
3-2-1 backups might have worked when the volume of data that businesses need to back up was relatively small. But it doesn’t scale well in the present era of massive data volumes.
#4. Security risks
The 3-2-1 backup method can also present some security risks. The more copies of your data you have floating around different storage systems and locations, the harder it is to protect against both physical and virtual security risks.
For example, a malicious employee of a data center that you use to store an off-site copy of your data could potentially access your information by physically breaching local storage systems. Or, if you were to copy data between Linux-based and Windows-based servers in order to ensure that you store copies of your data on two separate systems, you might find that differences in the way Linux and Windows enforce file access controls make it possible for people who shouldn’t be able to view your data to do so.
This isn’t to say that the security risks of maintaining multiple copies of your data always outweigh the benefits. But this is an important consideration to weigh when deciding whether the 3-2-1 backup method makes sense for your organization.
Alternatives to 3-2-1 backup
If 3-2-1 backups are “obsolete,” to quote TechRadar, or “flawed,” as folks on Reddit put it, which alternatives are available that deliver better results for the cloud era?
The answer depends on factors like which types of data you’re backing up, how many clouds you use and what your RTO and RPO goals are. There is no one-size-fits-all approach to modern cloud backup; indeed, for organizations with small-scale backup needs, the 3-2-1 approach might still be variable.
But in general, organizations whose workloads run mainly in the cloud should consider the following strategies as alternatives to traditional, 3-2-1 backup techniques. These strategies help to maximize the reliability of backups without the cost or hassle of having to make at least three copies of your data and spread backups across multiple locations. Instead, the methods below effectively protect backup data and optimize recovery even in cases where a business retains just one copy of its production data.
Cross-cloud backup
While public cloud data centers rarely fail permanently, they can go down for a period of time. And until they come back up, your workloads will remain unavailable.
To protect against this risk, consider cross-cloud backup and recovery. This approach to data backup allows you to back up data on one cloud and recover it to a different cloud – so if one cloud goes down, you can automatically recover your workloads in a different cloud that has not failed.
Cross-region backup
Cross-region backup is another way to mitigate the impact of outages that affect a cloud data center. Cross-region backup makes it possible to recover data to a different cloud region within the same cloud platform. Since each cloud region uses its own data centers, restoring workloads to a different region is usually feasible, even if one region fails.
Immutable backup storage
Immutable backups are configured to prevent the deletion or modification of data. As such, immutable backups provide a powerful safeguard against the risk that employees might accidentally delete cloud data, or that malicious insiders or ransomware threat actors could tamper with it.
Continuous data protection
Continuous data protection, or CDP, enables near-instant backup of data as soon as the data is generated. Thus, with CDP, your data is backed up virtually in real time, rather than on a periodic basis. If you need to restore using backups, the backup data will be almost identical to the data within your production systems at the time they went down.
In this sense, CDP beats the 3-2-1 backup method because it minimizes the risk of data loss due to differences between the state of your backups and the state of production systems.
Modernizing cloud backup with N2WS
N2WS was founded in 2012 with a simple mission: Simplifying backup and recovery on public cloud platforms. Our solution was designed from the start to protect cloud-based data and workloads, which is why we include a variety of advanced capabilities designed to streamline cloud backup and recovery – such as support for backing up cloud network settings, backing up and restoring data across cloud accounts and cross-cloud recovery.
By pairing these features with classic data backup and recovery functionality, N2WS brings efficient, reliable, cost-effective backup to virtually any type of workload. Whether you follow the 3-2-1 backup methodology or opt for a more modern approach, N2WS provides the tools you need to keep your data safe.
See for yourself by requesting a free trial.
Chris Tozzi
Chris, who has worked as a journalist and Linux systems administrator, is a freelance writer specializing in areas such as DevOps, cybersecurity, cloud computing, and AI and machine learning. He is also an adviser for Fixate IO, an adjunct research adviser for IDC, and a professor of IT and society at a polytechnic university in upstate New York.