Blog Articles
Read MSP360’s latest news and expert articles about MSP business and technology
3-2-1-0 Backup

The 3-2-1-1-0 Backup Rule: Extend Your Backup Security

The 3-2-1-1-0 Backup Rule: Extend Your Backup Security

The number of cyberattacks is constantly growing; they happen more and more often, and hackers are inventing more and more methods to reach companies’ sensitive data in order to make profit from it. The Gartner experts predict that by 2025, up to 75% of IT companies will become the target of one or more ransomware attacks. Most likely, these attacks will affect backups, as intruders prefer to make sure that you can’t just restore your data without paying the ransom.

This means that even gold standards of data protection might be not enough to actually protect the data. New methods of keeping your data secure should be implemented. One such method is the 3-2-1-1-0 backup rule.

What Is the 3-2-1-1-0 Backup Rule?

The 3-2-1-1-0 backup rule calls for five conditions to be met:

  • You should have at least 3 copies of your data, including the production copy.
  • At least 2 different storage media should be used; for instance, a tape and a cloud storage.
  • At least 1 of the copies should be kept off-site, in case your machines are physically damaged.
  • At least 1 copy should be kept offline or, if you prefer to use clouds, be immutable (immutability means that this copy cannot be modified in any way, under any circumstances).
  • Your backups should have completed with 0 errors.

This strategy provides you with the highest data recoverability and, thus, offers the best protection from ransomware. If your backups have zero errors, you can restore your data and continue working. If one copy is offline, no malware can reach it via the Internet. If one copy is off-site, then you can use it in the event of any disaster in your office. Two different storages and three copies guarantee that at least one will be available somewhere to help you to get back to work. The 3-2-1-1-0 rule is about not keeping all your eggs in one basket, so that in any case you are able to make your omelette.

The Difference Between the 3-2-1 and 3-2-1-1-0 Backup Rules

Until recently, the 3-2-1 rule was the industry standard; companies who cared about their data were following this rule and considered themselves to be fine. But taking into account the increasing frequency of ransomware attacks and their tendency to become more backup-oriented, backups require additional protection.

The difference between the 3-2-1 and the 3-2-1-1-0 backup rules is that the former helps you to save your production data, and the latter provides you with everything its competitor has, but also adds an extra backup-saving mechanism. The 3-2-1-1-0 rule significantly increases your chances of getting your data back, no matter what happens to your main dataset: malware, physical damage, or human error. This is the highest level of protection available.

MSP360's Approach to the 3-2-1-1-0 Strategy

In MSP360, we keep pace. We followed the 3-2-1 rule while it was sufficient, and now we’ve implemented the 3-2-1-1-0 one as well.

As for the 3-2-1 rule, with our Managed Backup, you can create backup plans for any number of datasets of different kinds: file-level, image-based, server, SQL database, virtual machine, or G Suite/O365 workspace. These backups can be kept in local or cloud storage, depending on your choice.

  New call-to-action

To support the extra 1-0 and make your data even more secure, MSP360 Managed Backup comes with an immutability feature powered by Amazon Web Services and Wasabi. This feature ensures that no one except people you trust can modify, overwrite, or delete data in the immutable backup dataset within a period of time you set. The immutable backup is protected by the WORM (write-once-read-many) mechanism that places a lock on the backup dataset object. This lock blocks the alteration of data. When the retention period expires, the lock fades. This is the “1” of the additional 1-0.

Amazon offers two modes of immutability: Governance, where you can grant some trusted users permissions to modify the data in storage; and Compliance, where the dataset is entirely locked against modification. By default, MSP360 Managed Backup works in Governance mode, but you can upgrade it to Compliance.

As for the “0” part, the immutability feature in MSP360 Managed Backup is only available for backups with the Grandfather-Father-Son (or GFS) mark. A GFS backup is an additional full backup with a particular period of retention that you define separately from your regular retention policy. Only a backup completed with zero errors can become a GFS backup – and this is the last “0”. The 3-2-1-1-0 rule is set.

MSP360 values the security of your data above all, and we do our best to protect your data from ransomware and other threats, making it recoverable under any circumstances. Should you have more questions, please contact us.

MSP360 Managed Backup.
Simple. Reliable.
Powerful cross-platform backup and disaster recovery that leverages the public cloud to enable a comprehensive data protection strategy.
New call-to-action
MBS CTA image