In the battle against ransomware, it's crucial to have a robust protection strategy in place. With the 3-2-1-1 approach, you can fortify your defences and safeguard your data more effectively than ever before.
So, what does the 3-2-1-1 strategy entail? Let's break it down:
Three Copies of Data: First and foremost, make three copies of your data. This ensures that you have multiple backups at your disposal, so even if one becomes compromised, you still have two others as a safety net.
Two Different Media Types: Store your backups on two separate media types. For example, use both cloud storage and external hard drives. Please don't consider the combination of an internal disk and a USB disk to be different media types. A USB drive is just as vulnerable as the internal disks. Multiple disk-based copies are only using one type of media. Consider Cloud and Tape solutions for the second backup media. This diversification adds an extra layer of protection, as attackers find it more difficult to target multiple storage mediums simultaneously.
One Copy of Data in an Off-site Location: Keep one of your backups off-site. This means that even if your primary location falls victim to a ransomware attack or other disaster, your data remains safe and accessible. Consider using a secure, remote backup service for optimal protection.
For instance, a large corporation with multiple data centres might be able to store backups at different locations. This geographical redundancy ensures that even if a disaster strikes one data centre, the data can be recovered from others.
In contrast, small businesses may not have the luxury of multiple data centres. In such cases, cloud services come into the picture. By leveraging a trusted cloud service, small businesses can store their data off-site on remote servers, which can be accessed over the Internet when needed. Not only does this provide an off-site backup solution, but also adds an additional layer of protection as reputable cloud providers employ their own robust security measures to protect the data stored on their servers.
One Air-Gapped Backup OR one copy of backup stored on Immutable Media:
An air-gapped backup is a wholly isolated storage solution disconnected from any network or internet connection. The obvious form of media is Backup Tape. Tape may be considered old school in these cloud-connected days; however, the old process of backing up to Tape, ejecting said tape & placing it in a Vault is still a valid (and cost-effective) manner of air-gaping backups.
A modern alternative of Tape is Virtual Tape, and the modern alternative of the Vault is Cloud Based Object Storage. StarWind VTL enables businesses to leverage disk storage to house "Virtual Tapes" for backup targets. Then StarWind VTL handles archiving complete tapes by copying them to a secure cloud location.
Some Backup Vendors offer immutable storage as part of the solution. Veeam touts "Hardened Repositories" - though they do not supply one. StarWind SAN & NAS offers a Veeam Certifed Hardened Repository. Nakivo Backup & Replication offers an Immutable Backup Repository by default and options to copy incremental backups to Immutable Cloud Storage such as Amazon S3 and Wasabi.
Storing Backups on Immutable Media guarantees that your data is entirely immune to online threats, making it an invaluable asset in the fight against ransomware. Immutable Media can be used as a convenient alternative to isolated media.
Examples of a 3-2-1-1 Backup Strategy for Enterprise & Small Business
Following the 3-2-1-1 strategy can significantly enhance your defences against ransomware attacks. Don't wait until it's too late – take proactive measures to protect your valuable data today.
Let's delve into some examples of the 3-2-1-1 backup strategy:
Enterprise Scenario using Arcserve Solutions:
multiple data centres, the 3-2-1-1 strategy might look like this:
Arcserve UDP for its ability to manage, protect, and recover data workloads effectively across all environments.
By implementing Arcserve UDP, the company can ensure quick data recovery, minimizing downtime in the event of a cyber attack or data corruption.
The IT department conducts regular drills to test the recovery process, confirming that they can restore operations swiftly and avoid the high costs associated with ransomware attacks.
.To prevent accidental or intentional deletion of backup data, the company enables Amazon S3 Object Lock through Arcserve UDP.
This ensures that locked object versions are protected, with S3 Versioning automatically enabled. Thus, even if a user tries to delete or overwrite a backup, the immutable copies remain secure, ensuring data integrity.
Small Business Scenario using Nakivo:
In a small business with limited resources, the approach might be slightly different:
Three copies of vital data are maintained – the original data, a primary backup on a Nakvio Backup Repository, and a 2nd Backup stored a Nakivo Backup Repository in a cloud-based service like Wasabi Hot Cloud Storage.
The data is stored on two different media – the Nakivo internal disk and cloud storage.
One of these copies is off-site – the cloud storage solution.
Both backups are immutable – the Nakivo VA's internal repository is Immutable by default, and data stored in Wasabi can be set to be immutable, ensuring that it cannot be edited or deleted.
Small Business Scenario using Veeam:
A small business using Veeam might employ some StarWind Software solutions such as StarWind SAN & NAS & StarWind VTL
Three copies of vital data are maintained – the original data, a Primary Backup StarWind SAN & NAS Veeam Harded Repository, and a third in on Starwind VTL - with copies being synchronised to a cloud-based service like S3/Glacier/Azure Blob etc.
The data is stored on two different media – the StarWind SAN & NAS and VTL.
One of these copies is off-site – the Virtual Tapes are copied to the cloud storage solution.
One backup is made immutable – the StarWind SAN & NAS's internal repository offers immutability for Veeam Backups.
These examples demonstrate how the 3-2-1-1 strategy can adapt to different situations, always keeping data security at the forefront.
For more information on:
Arcserve - see https://www.cloudreadysolutions.com.au/arcserve-distributor
StarWind - see https://www.cloudreadysolutions.com.au/starwind-distributor
Veeam - see https://www.veeam.com
Cloud Ready Solutions is your trusted partner for comprehensive technical resources, support, and data storage management.
Contact us today to fortify your data protection strategy and build a technology roadmap aligned with your business goals!