Simplifying the 3-2-1 Rule for Data Protection in the Age of the Cloud

The 3-2-1 rule has historically been the industry’s golden rule for managing backups. IT teams, however, are beginning to wonder whether those legacy practices are overkill in the age of cloud and SaaS applications. In this blog, we’ll take a look at the origins of that rule, hear what Spanning’s Director of Products has to say about it, and explore ways to streamline the 3-2-1 rule while minimizing data loss risks.

3-2-1 Rule for Data Protection

The 3-2-1 Rule: History and Origins

Increased access to compute power via minicomputers and PCs, combined with the development of the first commercially-available databases in the late 1970s-80s, brought the power of data to millions. It also brought associated data loss risks to millions, giving rise to best practices in backup. The 3-2-1 rule (a term coined in 2009 by digital photographer Peter Krough) should be familiar to all IT pros and sysadmins.

The rule typically means an IT pro should:

3 – Keep 3 copies of any important data (1 primary and 2 backups).

2 – Keep the data on 2 different media types to protect against different types of risks.

1 – Store 1 copy offsite (e.g., outside your business facility or other local, physical site).

Before the pervasiveness of the cloud and cloud-to-cloud backup, IT departments wanting to protect their data had to manage and store tapes and hard drives. Today, cloud backup services help make the 3-2-1 rule an easier win for the IT department by providing a separate, seamless and off-site backup location for your organization’s vital data — all at a much lower cost.

It’s important to note, however, that the 3-2-1 rule doesn’t cover being able to restore from a backup; and that’s an important consideration as we examine its relevance in the age of cloud computing.

Backup is One Thing; Restore is Everything

At Spanning, we focus on making data disasters a non-event for Office 365, Google Workspace, and Salesforce data. Here’s what our Director of Products, Daivat Dholakia, has to say about how Spanning Backup fits within the 3-2-1 Rule.

Q: How would you describe Spanning Backup within the paradigm of the 3-2-1 rule?

A:  We definitely fit within each part of the rule. “Keep 3 copies of any important data” — with Spanning automatically backing up your Office 365 Mail, Calendars, OneDrive and SharePoint files (in Team Sites, Groups and Microsoft Teams) you’ve got one complete copy every day, and you can take a backup manually at any time.

“Keep the data on two different media types” — since we back up data to our instance on the Amazon cloud, even if you back up to your own storage or cloud, you now have two different locations, ensuring redundancy.

In regards to storing a copy offsite — you can’t get much more offsite than a location in the cloud — separate from your primary data location provided by the SaaS vendor.

Q: It looks like Spanning provides a simple way to meet the 3-2-1 paradigm — is that correct?

A: Yes and no. While we do help organizations meet that paradigm, it’s a legacy approach to data management. Because we automate so much of what had been manual, we could rethink the paradigm for Office 365, Google Workspace, and Salesforce data as “3-in-1” — you’d want different copies, different media, offsite storage, all in one automated service.

With Spanning, IT teams get daily backups, encrypted at rest and in transit — one copy of the whole set and incremental backups covering what has changed; backups to secure sites in the cloud; and secure, scalable storage at no extra cost. Spanning also allows you to choose the region where your backup data is stored so you can choose to have your data backed up close to you or in an entirely different continent based on your requirements.

Q: So, organizations using Office 365, Google Workspace or Salesforce no longer need to follow the 3-2-1 rule exactly?

A: Yes, with Spanning, it’s 3-in-1 — no need for legacy processes. When organizations develop security and compliance best practices for cloud-based applications, many of the foundations of traditional, on-premises infrastructure policies can be useful, but they need to evolve to fit the new reality of having an outsourced infrastructure managed by the SaaS vendor.

Stay Safe with 3-in-1 and Spanning

The benefits of cloud-based applications are many, but it’s not a silver bullet solution for everything, especially when it comes to protecting your organization’s critical data in SaaS applications. Consider the new paradigm of the 3-in-1 to stay safe.

Start Your Free Trial