“3-2-1” backup for Cloud

Written By charlie butterworth

This “best practice” rule had to evolve for Cloud.

The traditional 3-2-1 backup rule states that you should:

  • Keep 3 copies of your data (1 primary + 2 backups).

  • Store the copies on 2 different media types (e.g., local disk & external drive).

  • Keep 1 copy offsite (e.g., cloud or another physical location).

However, with the rise of cloud storage and encryption-based attacks (ransomware, cyber threats), the rule has evolved into a more modern 3-2-1-1-0 backup strategy:

3-2-1-1-0 Rule: The Modern Best Practice

  • 3 Copies of Data (primary + 2 backups).

  • 2 Different Media Types (local NAS, external HDD, cloud storage, or tape).

  • 1 Offsite Copy (cloud or geographically separate location).

  • 1 Air-Gapped or Immutable Backup

    • Air-gapped: Physically disconnected from networks (e.g., offline tape backups).

    • Immutable: Cloud or local storage that cannot be modified/deleted (e.g., AWS S3 Object Lock, immutable snapshots).

  • 0 Unverified Backups

    • Ensure backups are tested for integrity & recovery (regular restores, checksum validation).

New Technolgy has provided more choice to solve the challenge of protecting your data and some additional Best Practices.

  • Encryption & Zero Trust Access Controls

    • Encrypt backups before sending them to the cloud.

    • Restrict access using MFA and role-based permissions.

  • Backup Diversification

    • Use different vendors for cloud backup (e.g., Microsoft 365, AWS, EPITS).

  • Continuous Data Protection (CDP)

    • Real-time backup instead of scheduled backups to minimize data loss.

  • Compliance monitoring

    • Continuous checks that requirements are met for standards (e.g. SMB1001, Essential 8, ISO 27002)

We can help you make a plan that meets the compliance requirement to reduce risk and insurance.

charlie butterworth