All three components of the rule are based on the principle of resilience through data storage redundancy.

“Three different backups” means “three backups stored in three different physical locations” (Two different folders located on one physical disk are deemed to be located in one location). We won’t go deep into the mathematics, but when you increase the number of copies, then (on assumption that physical features of storage devices are the same and threats to such devices are statistically independent) the probability of failure will increase linearly and data security will increase in accordance with power function. It means that when you make three backups instead of one, you triple the probability of failure of backups upon cubical increase of security. In real life it makes data stored in three copies practically undestroyable, although, probably, you will have to replace failing disks more often just because you have more of them.

However, unfortunately, in real life statistical dependence of threats is very common. For example, when there is an electromagnetic impulse in office’s power supply circuit, it equally affects all disks. And, if one disk fails, then, most probably, two others will fail as well (due to uniform nature of impulse affect on typical, serially produced disks that have identical electricity quality requirements).

Why three backups instead of two? Because in real life threats to two backups are very often statistically dependent due to logical organization of backup procedure. For example, lets look at RAID1 (or disk array with mirroring). If a virus infects a file on one disk in array, second copy on mirror disk is infected too. Similarly, if replication is set, replica will immediately be infected by virus as well. Even if a daily backup is done, it will also be infected if administrator won’t notice infected source data within a day. Generally speaking: two backups is not enough to recover information in all cases, when time of detecting data damage and reaction of administrator exceeds the period between contiguous copy/replicate/mirror tasks of these data.

In order to ensure even higher statistical dependence of threats it is recommended to write data on at least two different physical formats. For example, if you save data on DVD (optical data recording), it won’t get damaged due to above mentioned electromagnetic impulse. Even if DVD drive fails, optical data carriers will save your data. Other examples of statistically dependent threat can be continuous temperature increase caused by failed air conditioner in the server room or fire in the office that, of course, affects all backups equally.

Therefore, keeping backups on different physical formats is aimed at reducing a chance of simultaneous data loss from all backups due to uniform impact.

The third point about keeping one backup offsite solves the same issue (reducing statistical dependence of threats to different data backups), with only difference in geographical distribution of storage locations. Theft or fire in the office can lead to loss of all backups kept there, however, fire or theft in one office won’t lead to fire or theft in another geographically isolated office which makes such threats in different offices statistically independent.

What about storing data in the cloud? Can it be considered as replacement for backup? Apparently, no. It is just an alternative place of storing data or its backups, and, by the way, a good candidate for offsite storage of backups. However, you need to keep in mind that data can be lost in the cloud same way as in any other place.

At the same time, an advantage of cloud providers is that the backup process becomes considerable easier. Administrator does not have to buy and adjust a complex data storage system or bother with tape replacement. Often, cloud storage is transparently expanded upon client’s request, i.e. it does not have physical limitation in terms of size (client in limited only in his funds), which also has its own pros as compared to data storage system, in which free space can ‘all of a sudden’ come to an end.

In fact, cloud storage of backups is an alternative to tape, since data can be retrieved from it with a certain delay (which depends on the channel width and provider’s tariff, like, the lower the tariff, the slower will be the speed of data retrieval)as compared to local disk storage.

Do I always рфму to follow the “321” rule? No, all depends on the cost of your data, on the one side, and criticality (cost of potential damage) and probability of data threats, on the other side. Any protection should not exceed the cost of protected object. Therefore, if your data is not very valuable and threats are of low criticality or hardly probable – you can implement the “321” rule partially. Main thing is to prepare a list of all probable threats, assess their probability and criticality and carry out the process of deactualization of each threat. Having done that you will get full picture concerning the extent to which you should implement the “321” rule and its final budget.