A friend sent me this article from Backblaze on backup strategies. He asked me what I thought, since I do write on DR and backup strategies. I’ve also blogged at times on my personal strategy, which is Backblaze and cloud services. I have a subscription, that I just renewed, to ensure that my two primary desktops are backed up outside of my house.
The article talks about the 3-2-1 backup strategy and then some more modern evolutions of this. If you don’t know, 3-2-1 means 3 copies of your data on 2 types of media with 1 copy offsite. That’s a strategy I’ve followed for years in enterprise environments. We usually had a local current copy of databases on disk, a second copy on tape, and multiple tapes offsite.
These days there are some other variations, with 3-2-1-1-0 and 4-3-2. These might include adding air-gaps between items and verifying there aren’t errors in your backups. They also include the idea that for cloud providers, you include multiple regions or countries in case your vendor has issues.
Being slightly paranoid is a good thing, especially in today’s environment when ransomware is such a huge issue. While some companies might choose to pay a ransom and decrypt data quickly, many start recovery efforts, with the pressure on IT staff to quickly restore backups, and hopefully not bring in another copy of the ransomware that is time activated.
No matter what strategy you choose, and there are pros and cons to all of these, you need to be sure you can execute on this strategy quickly. I’ve run test restores from Backblaze, just to see if I can get back a random file or folder that was backed up. I’ve also wanted to ensure I understood how this works in the event of a disaster. I’ve been able to bring back a file to a different machine, which is likely the strategy I’d employ in my personal life.
At work, the same idea applies. You need to test your restores, and with a large staff and constantly changing environment, you should do this more often. The tolerance for delays (RTO) and lost data (RPO) is lower at most organizations, and clients expect recovery to be sooner rather than later. I’ve also seen upper management (directors, VPs), show up and watch technical staff try to recover data. They don’t like to see you fumbling through documentation or googling how to restore certain applications. They do expect you quickly and efficiently get the process moving.
A disaster is stressful, and they will likely occur at inconvenient times, like when you’re on vacation or in the middle of a big project. Having some knowledge, and some confidence in your skills, will help ensure that you can function under stress. The more confidence you have in yourself, the more others will have in you, so make time to build that confidence on a regular basis.