Is Your Business Following the 321 Backup Rule? (And Does The Cloud Make It Obsolete?)

321 Backup Rule

Executive Summary

  • The 321 Backup Rule is a battle-tested strategy which businesses have been using for decades to ensure their mission-critical files are kept safely backed up in multiple places at all times.

  • The 321 Backup Rule, in short, recommends that businesses keep two copies of their critical data on-site using different mediums, and another third copy off-site and physically separated from the others.

  • At Get Support, our team of IT support experts can help you implement the 321 Backup Rule in your business – just as us about our IT support agreements.


Do you know how many individual files and records were compromised via cyber security breaches between January and July 2021 alone?

The answer might come as something of a surprise. 3.9 billion.

That’s right: almost 4 billion files were made accessible to cyber criminals in just seven months. While all companies will deploy whichever measures they have to hand to prevent such attacks, attackers are getting more sophisticated all the time.

So, along with technological solutions (like the IT support agreements we offer at Get Support) what else can your business do? Well, there are some more strategic tactics you might want to try, too. And one of our favourites is called the 321 Backup Rule.

Here’s how it works.

The origin of the 321 Backup Rule

Originally devised in the mid-2000s by US-based photographer Peter Krogh for his book The DAM Book: Digital Asset Management for Photographers, the 321 Backup Rule was originally created as an asset management tool for photographers.

Naturally, photographers handle many gigabytes worth of precious photographs all the time. For them, these files are their living and their artform – so they need a reliable method to ensure these files aren’t lost or damaged. It’s here that Peter suggests what equates to a real-world insurance policy for digital files: the 321 Backup Rule.

And the very same logic applies to businesses, too.

What is the 321 Backup Rule?

The 321 Backup Rule is a digital file backup framework which ensures that a company’s most essential files are at reduced risk of deletion or erasure.

It does this by creating three copies of the files and storing them on different forms of physical media and in different geographical locations.

Did you know that KFC’s secret “11 herbs & spices” Original Recipe is manufactured by two different companies, then the two halves mixed separately to avoid the secret slipping out? The 321 concept is a bit like that… only slightly less delicious.

Here’s the most common understanding of the 321 Backup Rule broken down to its bare essentials:

  1. Create three copies of the files. One of these will be the local primary production file, (essentially your live data), while the other two are backups which serve as a sort of insurance policy for the first – as we’ll see in a moment.

  2. Save the first backup in the same physical location, but on a different storage format. For example, you might be storing your production files on your local server, so you’ll need to copy your first backup to something else – like a backup server, NAS, or USB drive.

  3. The final copy of the files should be stored offsite. This used to be by way of physical portable media, like zip drives, but the more common option today is to use remote cloud storage like that offered by the Veeam Cloud Connect solution, available from Get Support.

While it’s certainly more laborious to back up files in this way, there’s no question that it’s the most safe and secure means of protecting business-critical files. Not only are the files protected in case of physical media being stolen or corrupted, they’re then further protected by a geographical distance – which could be thousands of miles in today’s cloud-enabled world.

Should you use the 321 Backup Rule if you’re also using cloud storage?

Of course, when Krogh first came up with the 321 Backup Rule back in the noughties, the world was a far less digital place than it is today.

The idea of a chunky zip file backup being tucked in a briefcase before leaving the office is now a thing of the past, and cloud storage – with world-class security – is available to every business.

So… does the 321 Backup Rule really matter anymore?

In our humble opinion, yes it does – for the most part anyway. It’s simply a matter of structuring your backup setup in a different way.

For the most part, any large-scale remote storage service, like the options offered as part of Microsoft 365, will include built-in backup solutions for any files you host there. Even as you move files to and from these services, those files remain secure. For example, Microsoft Exchange uses employs TLS 1.2 with a 256-bit cipher strength to protect emails as they flow to and from the server.

Most cloud service providers, including Microsoft, will actually include a version of the 321 Backup Rule as part of many of their products. This means you’re able to use these services as the primary storage location for sensitive files (the “3”) and the provider will store other local copies and offsite copies, too. However, no service is perfect, so to mitigate some of the limitations of their in-house backups, we recommend also using a cloud backup service as one of your “2, 1” backups to add a layer of isolation to an entirely separate system.

Here at Get Support, we can provide comprehensive cloud backup services – and you might just be surprised at how extensive cloud backups can be today. We work with leading data backup partners such as Veeam and Datto to make your cloud-enabled 321 setup as straightforward as possible.

So, to summarise, yes, using cloud services and cloud backup solutions are a good choice for storing your business-critical files securely day-to-day, with other backup options (including at least one cloud backup service) playing the role of the additional backups in line with the 321 methodology.

Back your business up better with Get Support

We hope our deep-dive into the 321 backup rule will help you (and your IT support team) improve your backup and recovery processes. Of course, implementing a system like this is really just the start.

For the ultimate protection of your business-critical files, why not take a look at our IT support agreements? Among many other core services, each of our low-cost agreements also includes expert backup and disaster recovery support, meaning you’ll know that your company’s digital assets are safe and sound at all times.

To talk about how an IT support agreement from Get Support could benefit your company, call us today on 01865 594 000 or simply fill in the form below with your contact details and we’ll get back to you.

Latest From The Blog

Microsoft NCE

What Businesses Need to Know About Microsoft's New Commerce Experience (NCE)

The New Commerce Experience (NCE) is an effort by Microsoft to simplify the way Microsoft 365 Business subscriptions are managed – but what do you need to know?
Frequently Asked Questions About IT Support

Frequently Asked Questions About IT Support (And How We Answer Them)

As an IT support provider with decades of experience, we’ve heard every question in the book when it comes to technology. Here’s how we answer some of the most common.
IT Onboarding

IT Onboarding Made Easy: A Checklist for Small Business

A formalised IT onboarding process can help a business ensure new starters hit the ground running. Here’s a checklist to help you build yours.