The 3-2-1 backup rule is a time-tested data protection strategy that has been the industry standard for decades. It provides a simple framework that protects against virtually all common data loss scenarios. The rule states: • 3 copies of your data (the original plus two backups) • 2 different storage media types (to protect against media-specific failures) • 1 copy stored offsite (to protect against physical disasters) This strategy was originally developed for professional photography and video production, where losing footage was catastrophic. It has since been adopted across all industries because of its simplicity and effectiveness. Why three copies? With one backup, you have a single point of failure. If your original fails while your backup is corrupted (which you might not discover until you need it), you lose everything. With two backups, the probability of all three copies failing simultaneously is astronomically low. Why two media types? Different storage technologies fail in different ways. HDDs fail mechanically, SSDs can lose data if unpowered for extended periods, tapes degrade over time, and optical media can rot. Using two different types ensures that a flaw specific to one technology does not destroy all your copies. Why one offsite? Fire, flood, theft, and natural disasters can destroy everything in one location simultaneously. An offsite copy ensures survival even in worst-case physical scenarios.

Here are concrete implementations of the 3-2-1 rule for different scenarios: For Individual Users / Home Office: • Copy 1 (Original): Data on your computer's internal SSD • Copy 2 (Local backup): External USB hard drive with automated daily backups (Time Machine on Mac, File History on Windows, or rsync on Linux) • Copy 3 (Offsite): Cloud backup service (Backblaze, iDrive, or Arq + cloud storage) For Small Business (5-20 employees): • Copy 1 (Original): Data on workstations and file server • Copy 2 (Local backup): NAS device with nightly backup jobs (Synology, QNAP) • Copy 3 (Offsite): Cloud backup (Backblaze B2, Wasabi, or Azure Blob Storage) or rotating external drives stored at another location For Enterprise: • Copy 1 (Original): Production storage (SAN/NAS) • Copy 2 (Local backup): Dedicated backup appliance (Veeam, Commvault, Rubrik) with local storage • Copy 3 (Offsite): Replicated to a secondary data center or cloud (AWS S3 Glacier, Azure Archive) Key implementation principles: • Automate everything — manual backups are forgotten backups • Test restores regularly — a backup you cannot restore is worthless • Monitor backup jobs — set up alerts for failures • Document the process — someone else should be able to restore if you are unavailable • Encrypt offsite backups — protect sensitive data in transit and at rest

Local backup storage provides fast backup and restore speeds, making it ideal for the second copy in your 3-2-1 strategy: External USB Hard Drives: • Cost: $20-30 per TB • Speed: 100-200 MB/s (USB 3.0 HDD) • Capacity: Up to 24 TB per drive • Pros: Cheap, portable, no network required • Cons: Single point of failure, must be manually connected (unless permanently attached) • Best for: Individual users, small offices with limited data NAS (Network Attached Storage): • Cost: $300-2,000+ for device, plus drives • Speed: 100-1,000 MB/s depending on network and RAID configuration • Capacity: 4-100+ TB depending on bay count • Pros: Centralized, automated, RAID protection, accessible from all devices • Cons: Higher upfront cost, requires network infrastructure • Best for: Small to medium businesses, power users with multiple devices • Popular options: Synology DS series, QNAP TS series, TrueNAS Dedicated Backup Appliances: • Cost: $5,000-100,000+ • Speed: Multi-gigabit with deduplication • Capacity: 10-500+ TB • Pros: Enterprise features (deduplication, compression, instant VM recovery) • Cons: Expensive, requires expertise to manage • Best for: Enterprise environments with strict RPO/RTO requirements • Popular options: Veeam + storage, Rubrik, Cohesity Tape Storage (LTO): • Cost: $5-10 per TB (media only, drives are expensive) • Speed: 300-400 MB/s (LTO-9) • Capacity: 18 TB native per tape (LTO-9) • Pros: Cheapest per-TB for large archives, 30+ year media lifespan, air-gapped • Cons: Sequential access only, high drive cost ($3,000-7,000), requires management • Best for: Large archives, compliance requirements, air-gapped ransomware protection

Cloud backup provides the offsite component of 3-2-1 without maintaining physical infrastructure at a remote location: Consumer Cloud Backup Services: • Backblaze Personal ($9/month): Unlimited backup for one computer, simple setup • iDrive ($80/year for 5 TB): Multiple devices, file sync included • Carbonite ($75-150/year): Automatic continuous backup Business Cloud Storage (pay-per-GB): • Backblaze B2: $6/TB/month storage, $10/TB egress • Wasabi: $7/TB/month, no egress fees • AWS S3 Glacier: $4/TB/month, higher retrieval costs • Azure Archive: $2/TB/month, highest retrieval costs • Google Cloud Archive: $1.2/TB/month, highest retrieval costs Key considerations for cloud backup: Initial upload time: Uploading large datasets can take weeks or months. A 10 TB backup at 50 Mbps upload speed takes approximately 18 days of continuous uploading. Some providers offer physical drive shipping for initial seeding. Restore time: Downloading large restores is also slow. Consider how long you can afford to wait. Some providers offer physical drive shipping for large restores. Encryption: Always encrypt before uploading. Use client-side encryption where you control the keys. Never rely solely on the provider's server-side encryption. Retention policies: Configure how long deleted files and old versions are retained. Balance storage costs against the ability to recover from delayed-discovery data loss. Bandwidth costs: Some providers charge for data retrieval (egress). Factor this into your disaster recovery budget. Wasabi's no-egress-fee model can be significantly cheaper for frequent restores.

Modern ransomware specifically targets backups to maximize damage. Your backup strategy must account for this threat: How ransomware attacks backups: • Encrypts network-accessible backup shares • Deletes Volume Shadow Copies (Windows) • Targets NAS devices accessible from compromised machines • Some variants specifically seek and destroy backup software databases • Advanced variants wait weeks before activating, corrupting recent backups Protection strategies: Air-gapped backups: At least one backup copy should be physically disconnected from the network. Options include: • Rotating external drives (connect only during backup, then disconnect) • Tape backups stored in a safe • Cloud backups with object lock (immutable storage) Immutable storage: Many cloud providers and modern backup solutions offer immutable storage where data cannot be modified or deleted for a specified retention period: • AWS S3 Object Lock • Backblaze B2 Object Lock • Veeam Hardened Repository • Immutable snapshots on enterprise NAS The 3-2-1-1-0 rule (modern extension): • 3 copies of data • 2 different media types • 1 offsite copy • 1 air-gapped or immutable copy • 0 errors (verified through regular restore testing) Backup verification: Ransomware can silently corrupt backup files. Implement: • Automated restore testing (restore random files and verify integrity) • Checksum verification of backup archives • Regular full restore drills (at least quarterly) • Monitoring for unusual backup size changes (could indicate encrypted/corrupted source data)

A backup that has never been tested is not a backup — it is a hope. Regular restore testing is the most important and most neglected part of any backup strategy. What to test: File-level restore: Can you restore individual files from different dates? Test restoring files from last night, last week, and last month. Full system restore: Can you restore an entire system from scratch? Time how long it takes. This is your actual Recovery Time Objective (RTO). Application consistency: After restoring a database server, does the database start cleanly? Are there corruption errors? Application-aware backups handle this, but verify. Boot testing: If you restore a VM or system image, does it actually boot? Missing drivers, changed hardware, or corrupted boot records can prevent successful boots. How often to test: • File-level restore: Monthly (quick, easy, catches most issues) • Full system restore: Quarterly (time-consuming but essential) • Disaster recovery drill: Annually (full simulation of a disaster scenario) Document everything: • How long does a full restore take? (This is your actual RTO) • What is the oldest data you can recover? (This is your actual RPO) • Are there any systems or data not covered by backups? • Who knows how to perform a restore if you are unavailable? • Where are the encryption keys stored? (If lost, encrypted backups are useless) Common testing failures that reveal real problems: • Backup software license expired — cannot restore without valid license • Encryption key stored only on the backed-up system — chicken-and-egg problem • Backup drive has bad sectors — partial data loss discovered only during restore • Cloud restore takes 3 days — unacceptable for business continuity • Database backup is crash-consistent but not application-consistent — corruption after restore