The 3-2-1 Backup Rule Is Dead. Long Live 3-2-1-1-0.

For years, the 3-2-1 backup rule was gospel:

3 copies of your data
2 different storage media types
1 offsite copy

This worked great—until ransomware became epidemic.

The Problem

Modern ransomware doesn't just encrypt your production data. It hunts for backups and destroys them too.

The Modern Backup Rule: 3-2-1-1-0

The modern backup rule adds two critical requirements:

Your production data plus two backups. If one backup fails or gets corrupted, you have another.

Don't keep all backups on the same type of storage. Use a mix of:

Disk (NAS, SAN)
Tape
Cloud storage

This protects against media-specific failures (disk controller failure, tape degradation).

Keep at least one backup in a different physical location. If your building burns down, floods, or gets hit by a tornado, your offsite backup survives.

At least one backup must be:

Offline — Physically disconnected from the network (air-gapped)
Immutable — Cannot be modified or deleted for a set retention period

Ransomware Protection

This ensures ransomware cannot reach and encrypt your backups.

Backups are useless if you can't restore from them. Regularly test your backups to ensure:

Backup jobs complete successfully
Data is not corrupted
Restoration procedures work
Recovery time objectives (RTO) are met

The Zero Means

Zero failures in your verification process. Test everything.

Implementing Air-Gapped Backups

An air-gapped backup is physically disconnected from your network—ransomware can't reach what isn't connected.

Option 1: Removable Media (Manual)

Pros: Simple, complete air gap
Cons: Manual process, risk of human error

Option 2: Tape Libraries (Automated)

Modern tape (LTO-9) offers massive capacity and true offline storage.

Pros: High capacity, long-term retention, offline by default
Cons: Higher upfront cost, slower restore times

Option 3: Cloud Immutable Storage

Cloud storage with immutability protection provides a virtual air gap:

AWS S3 Object Lock
Azure Blob Immutable Storage
Google Cloud Storage Bucket Lock

How It Works

Once written, objects cannot be modified or deleted until the retention period expires—even by administrators.

Building Your 3-2-1-1-0 Strategy

Here's a practical implementation for most organizations:

Copy 1: Production Data

Live data on servers, databases, and file shares
Snapshots (hourly or daily) for quick recovery

Copy 2: Local Backup

Disk-based backup to NAS or backup appliance
Fast restore for day-to-day needs

Copy 3: Offsite Cloud Backup

Replicate backups to cloud storage
Protects against site-wide disasters

+1: Immutable Copy

Cloud storage with immutability enabled
Retention period: 30-90 days minimum
Cannot be deleted even by administrators

+0: Verification Process

Automated backup verification after each job
Weekly test restores of random files
Monthly full VM restore tests
Quarterly DR drill exercises

Start Simple, Build Up

You don't need to implement everything at once. Start with the basics and add layers as you grow.

Common Backup Mistakes

Mistake #1

Never testing restores — "We have backups" means nothing if you can't restore.

Mistake #2

Keeping all backups online — Ransomware will encrypt them.

Mistake #3

No offsite backups — Site-wide disasters destroy local-only backups.

The Bottom Line

The classic 3-2-1 backup rule served us well, but ransomware changed the game.

3-2-1-1-0 Is The Modern Standard

3 copies of data, 2 different media types, 1 offsite copy, 1 offline or immutable copy, 0 errors in verification.

Implement this strategy, test it regularly, and sleep better knowing your data can survive even the worst attacks.

Because in 2026, it's not if you'll face a data loss event—it's when.