The 3-2-1 Backup Strategy, Explained

An old rule that earned its keep

The 3-2-1 backup strategy is one of the few pieces of IT advice that has survived decades of change, and for good reason. It is memorable and it covers the failure modes that actually destroy data. The rule is simple: keep three copies of your data, on two different types of media, with at least one copy offsite. The discipline is in following it honestly, because most organisations think they do and actually do not.

Cloud and ransomware have not made 3-2-1 obsolete. They have made the details matter more, so it is worth unpacking each number.

Three copies: the original plus two backups

The first "3" means your production data plus two backups. The reasoning is statistical: one backup can fail, get corrupted, or turn out to be incomplete exactly when you need it. Two independent backups make simultaneous failure far less likely. The copies must be genuinely independent, though — two backups on the same server are really one copy wearing a disguise.

Two media types: avoid a shared failure mode

The "2" guards against an entire class of storage failing at once. If every copy lives on the same kind of system, one firmware bug, one ransomware variant, or one provider outage can take all of them. In modern practice this often means local disk plus cloud object storage, or two different cloud services. The principle is what counts: your copies should not share a single point of failure.

• Local backup gives you fast restores for everyday mishaps like a deleted folder.
• Cloud or remote storage protects against site-level disasters.
• Different systems mean a flaw in one does not silently corrupt them all.

One offsite: survive losing the building

The "1" ensures at least one copy is physically elsewhere. Fire, flood, theft, or a serious power event can take out everything in one location, on-site backups included. Cloud storage makes offsite trivial today, which removes the old excuse of driving tapes to a bank vault. The point stands regardless of medium: if losing your premises also loses your data, you do not have a backup, you have a convenience copy.

The question that exposes most backup setups is simple: if the building burned down tonight, what would you actually have tomorrow morning?

The modern addition: immutability against ransomware

Ransomware changed the threat model in one important way — attackers now hunt for and delete backups before triggering encryption, knowing that an organisation with good backups will not pay. So a sensible update to 3-2-1 is to make at least one copy immutable or air-gapped: write-once storage the attacker cannot alter or delete, or an offline copy disconnected from the network. This is the difference between a bad week and an existential event.

Test restores, not just backups

Following 3-2-1 perfectly still fails if the restore does not work. Backups can complete successfully for months while quietly missing a critical database, and nobody notices until the worst possible moment. Schedule real restore tests, time them against your tolerance for downtime, and document the steps so recovery does not depend on one person's memory.

Match retention to reality

Finally, decide how long you keep backups and how often you take them, based on how much data you can afford to lose and any regulatory duty to retain records. More frequent backups shrink potential data loss; longer retention helps when a problem is discovered weeks later. Both cost storage, so set them deliberately rather than by default.

Do not forget the cloud-native data

A modern blind spot deserves a mention: plenty of critical data no longer lives on servers you control at all. It lives in software-as-a-service — your email, your shared documents, your CRM, your code repositories. Many teams assume the provider backs all of this up for them, and to a point they keep it available. But their job is uptime, not protecting you from an accidental mass deletion, a malicious insider, or a compromised account that purges data. The same 3-2-1 thinking applies: an independent backup of your important SaaS data, held somewhere the provider does not control, closes a gap most organisations do not realise they have.

Backups are a security control, not just an ops chore

It is tempting to file backups under routine maintenance and stop thinking about them. The ransomware era reframes them as a frontline security control. The single biggest factor in whether an organisation pays a ransom is whether it has clean, recent, recoverable backups the attacker could not reach. That makes immutability, offsite copies, and tested restores less of a hygiene checklist and more of a decision about how much leverage you are willing to hand an attacker. Resilient backups turn a potential catastrophe into an expensive inconvenience.

How BSH can help

BSH Technologies designs and runs 3-2-1 backup strategies with immutability and tested restores built in, so your recovery is something you have proven rather than something you assume. If you are not certain your current backups would survive a ransomware hit, we can help you find out before an attacker does.