Data backup is a core pillar of resilience. In the event of an incident, it is critical to have a copy that is intact, accessible and usable in order to restore data and resume operations within acceptable timeframes. To achieve this objective, and where applicable to meet regulatory or contractual requirements, the 3-2-1 backup strategy provides a proven foundation.
A single backup is an operational risk
A single backup creates a direct operational risk. Hardware failure, human error, accidental deletion, logical corruption or ransomware can all result in a total or lasting loss of information.
Without a usable backup, an organization may face:
- extended business interruption;
- the permanent loss of critical data;
- disruption to teams and processes;
- production or service delays;
- significant financial impact;
- erosion of trust among customers, partners or regulators.
A single backup is often exposed to the same risks as the rest of the information system: shared environment, identical administrative privileges, similar attack surface. As a result, it too may be deleted, encrypted or altered at the same time as the data it is supposed to protect.
The 3-2-1 strategy: a foundation for resilience
To reduce this risk, the 3-2-1 backup strategy remains a simple and effective reference model.
3 copies of the data
The principle is to keep the production data along with at least two backup copies. The objective is to avoid a single incident leading to irreversible data loss.
Operational example: a company keeps its data on the production server, performs a daily backup to a dedicated backup appliance, and also replicates a copy to offsite storage.
2 different media or environments
Backups should not all rely on the same technology, equipment or logical environment. By diversifying media or environments, the organization reduces the risk of a common point of failure.
Operational example: one backup is stored on a dedicated internal NAS, while a second is sent to a digital vault or a separate cloud infrastructure.
1 offline or offsite copy
One copy should be isolated from the primary system, either because it is offline or because it is stored in a separate site or environment. This precaution preserves a recovery point even if the production system is compromised.
Operational example: a weekly backup is exported to a medium that is disconnected after writing, or stored in an external environment that cannot be accessed using the usual administrative accounts.
The 3-2-1 rule does not, on its own, guarantee recovery, but it significantly reduces the risk of data loss, common-mode failure and simultaneous compromise of production data and backups.
Backup, recovery and business continuity
Backup should not be confused with recovery or business continuity. Backup consists of keeping copies of data or systems. Recovery is about bringing the applications, equipment, flows and services required for operations back online. Business continuity is about maintaining or restoring operations under acceptable conditions despite the incident.
Two concepts are particularly important when designing a backup strategy:
RTO: Recovery Time Objective
RTO is the maximum acceptable downtime. It answers a simple question: how long can the organization remain unavailable before the impact becomes critical?
Operational example: if the RTO for an ERP system is set at 4 hours, recovery must allow the system to be brought back into service within that timeframe.
RPO: Recovery Point Objective
RPO is the maximum acceptable data loss between the last usable backup and the incident. It therefore determines how frequently data needs to be backed up.
Operational example: if the RPO for a customer database is 1 hour, a daily backup is not sufficient. The backup frequency must match that level of requirement.
In other words, having backups is not enough. You also need to know what to restore, in what order, with what dependencies and within what timeframe.
The right questions to ask
- Which data, applications and services are truly critical?
- What RTO is acceptable for each essential service?
- What RPO is acceptable in the event of an incident?
- Are backups isolated from the primary system?
- Is one copy genuinely offline or offsite?
- Are backups protected against alteration, deletion and encryption?
- Are restore procedures tested regularly under real conditions?
- Is the recovery procedure documented, understood and assigned to clearly identified owners?
Conclusion
Backup remains one of the most fundamental measures in cybersecurity and operational resilience. But its effectiveness does not depend on simply having a tool or an additional copy. It depends on the real ability to rely on data that is intact, available, protected and restorable.
When it comes to backup, the real question is therefore not whether copies exist, but whether the organization is able to restore critical data and services quickly when an incident occurs.
