Did You Back Up? When, Where, and Why the “3, 2, 1” Rule Works March 31st is “Backup Day,” and beyond being a marketing tool, it’s a great reminder to review what supports and technologies are currently available for backing up information. JUAN BRODERSEN MARCH 27th
Brodersen Dark News is a weekly roundup of cybersecurity news. Topics are selected and produced by Juan Brodersen based on editorial criteria.
⚡ TL;DR This week, we’re breaking from the traditional Dark News publication schedule (Friday) due to the number of non-working days in Argentina.
The most critical metric for this publication – and arguably any newsletter – is the open rate: how many recipients open and read it. On holidays, and more so if they are public holidays, this metric significantly drops, which is unsurprising as we’re all usually focusing on other things rather than current events.
In these cases, it’s always good to publish “evergreen” content, as journalists say: topics that are relevant at any time and don’t lose their timeliness. And March, it seems, is the month for backups.
Strictly speaking, there’s one day, March 31st. Why this date? It appears to be because it’s the last day of the first quarter, and before the year moves on, it’s better to backup than to regret later.
Ultimately, beyond being a commercial opportunity for companies that make disks and memories to shine their products, it’s a good time to revisit the question: when was the last time you backed up your most valuable information?
Backup is a central issue in the world of systems and cybersecurity. From a journalistic standpoint, the first rumor to circulate when there’s an incident is whether there was a backup or not. And it’s more common than you might think: often, there’s no backup of the information.
There’s even an iconic T-shirt worn by Jon Maddog Hall, one of the fathers of free software and a regular visitor to Argentina, that jokes about the issue:
Jon Maddog Hall In this context, there’s a tension between the industry and planned obsolescence: who would have thought, 20 years ago when buying a Verbatim blank CD that was supposed to last 100 years, that they would no longer have the means to play them (a “CD player”)?
In this light, I decided to revisit an interview I published in Clarín and add some more technical information by bringing together two perspectives: Juan Ignacio Do Porto, from Kingston (which, you’ll have seen, sponsors this publication – and it’s worth noting they had no influence on the focus of this piece) and Nicolás Wolovick, from the National University of Córdoba. There are agreements (not putting all your eggs in one basket) and disagreements (on which medium to back up?). There will likely be a synthesis for each user on what to do with their data. But it seemed important to have a voice from the industry and one from academia.
It’s an interesting topic because, in a way, the internet shapes the world we live in, we shape the internet, and sooner rather than later, the immense amount of information produced today will become a problem for the future.
Make a backup 😉
Reading this will take you 10 minutes
💾 Backup Month: How to Back Up Information and Why the 3, 2, 1 Rule Is the Safest Method to Avoid Data Loss
March 31st is World Backup Day or information backup day. Backups are a method of safeguarding against potential losses due to system failures, and generally, the average user tends not to make them. Therefore, it’s always good to remember not just why to make them, but also what are the best current options.
The means for storing data have changed over time. Nowadays, the most common for end-users is to have removable USB drives, from external mechanical disks (HDDs), flash drives, to the more recent SSDs which are much faster than the former. There’s also “the cloud,” which is nothing more than someone else’s computer (or, more accurately, company).
In the corporate world and on a larger scale, tapes are used, similar to those of old videocassettes. There are even slides that store QR codes with information: GitHub has a project in the Svalbard archipelago, in Norway, where the world’s largest seed vault is located. There, open-source code is also stored in a very Get Smart style:
Aside from curiosities, such projects help us grasp the importance of backup as a concept. Today there’s a tendency to overtrust the cloud, which is why it’s worth rethinking our own information backup practices.
“For an end-user, the solution is always to have multiple copies. You can’t put all
your eggs in one basket: disk, or cloud. I recommend both. But the main thing is that the backup is alive, refreshed at least every 3 years,” says Nicolás Wolovick, Ph.D. in Computer Science from the National University of Córdoba.
☁ The 3, 2, 1 Backup Rule There’s a well-known rule called “3, 2, 1”. “It states that there should be at least 3 copies of the data, stored on 2 different types of storage media, and 1 copy should be kept offsite, in a remote location,” explains the rule stemming from a book called The DAM Book: Digital Asset Management for Photographers. Wolovick explains:
It originated from a user dedicated to digital photography, thinking about their capital, the digital photos. It appeared in a book, it’s a very simple rule that is very good: there should be at least 3 copies of the data, stored on 2 different types of storage media, and one copy should be kept offsite, in a remote location. To give an example, it would mean storing videos from an old 2007 camera on our PC’s hard drive (copy 1). Then having a copy on a flash drive (copy 2) and also having a copy on a hard drive not in our house (copy 3).
However, like any rule, it has its virtues and limitations, explains the specialist in High-Performance Computing (HPC): “The problem is that this idea is static and assumes that the passage of time does not increasingly complicate access to storage media, their storage format, and their disk format. Something that, in reality, happens.”
In this regard, nowadays, there are many alternatives for backing up: external disks, flash drives, online storage (“the cloud”), other computers, and more. Where is it advisable to make backups today? What options are there?
💿 Media, Supports, and Options for Backing Up Commercial brands usually have an answer that aligns with the products they promote. Not long ago, Kingston, a leading company in memories and storage disks, began to push solid-state drives as an alternative for backups [the sponsor of this newsletter, mentioned above] due to their impressive data transfer speed.
“There are mainly two backup mediums currently: cloud and own offline hardware. And within offline, the most used medium today are still external mechanical disks (HDD),” explains Juan Ignacio Do Porto, general manager for Argentina, Bolivia, and Uruguay at Kingston. That is, traditional hard disks. According to the company executive, they are gradually encouraging a migration to SSD, which is faster:
This is where we are witnessing a support migration, as users increasingly begin to invest in external solid-state drives instead of HDDs either because of the price drops in cost per Gigabyte or the more useful and evident superior performance of an SSD over an HDD. Nowadays, there are very affordable solutions, which are smart investments when one thinks not only about the price but starts to value the time it takes to perform a task. The best example for backing up for a home or semi-professional user is undoubtedly Kingston’s XS1000, which offers a speed of more than 1000Mb per second, 5 years warranty, and capacities of 1 and 2TB in a size that fits in the palm of your hand.
“While many people opt for cloud backup, the most robust way to keep a backup of important files is both in the cloud and physically. And if possible, have it tripled, two on different devices (either in the cloud or on external storage) and a physical copy in a safe location, like a vault,” adds Do Porto.
However, Wolovick’s limitation about the “static” nature of backup rules remains: even if a medium promises to last 100 years, like the blank CDs from brands like Verbatim, Teltron, or Basf, the technology to use them may become obsolete.
In the end, who has a CD player at hand today?
“Consideration must be given to prevention in 3 layers: Connection interface (where will you connect the disk?), storage format (where are the data stored?), and rewriting on a new medium (how do you move from one format to another?),” Wolovick points out.
The problem is that the commercial side always offers definitive solutions when, after all, nothing is permanent. Whether due to format changes or degradation, all storage mediums are subject to certain problems. This is why the 3, 2, 1 rule is good because it reminds us that problems can arise at any point in the process and that we must be prepared.
Regarding frequency, it’s possible to automate backups with specific software for that task.
“When we talk about the frequency of backup, there are no wrong answers. Obviously, automating the backup is an important help that allows us to increase the level of peace of mind with which we take care of our memories or important information; but how often we do it will depend on the dynamic of that information’s use and the level of importance it holds for the user,” adds the Kingston executive.
“A user who generates little information (like photos or videos) on a weekly/monthly/yearly basis might afford to do it more sporadically, while at the same time, for a professional or a company, backup could be a daily process since the amount of information generated daily is significantly higher,” he concludes.
There’s a problem related to data retention. How long does a backup last on a disk? How much on a solid-state drive and on a tape? Wolovick explains:
After all, they are all leaky abstractions, presented as permanent mediums, but they’re not. You can’t just sit on a chair and not think about what it’s made of, and whether it’s going to collapse in 5 minutes. There’s a paper from 2022 discussing “retention failure.” NAND cells in Flash memory lose charge over time, and eventually… poof!
In this context, the academic reminds us of spinning rust, how Linus Torvalds derogatorily refers to rotational disks: How long does information last?
- SSD: up to 2 years, needs to be powered
- Mechanical disks (spinning rust): 9-20 years
- Tape: about 30 years
- CD/DVD: up to 25 years
- Hieroglyphics: more than 2,000 years 🙂
The important thing, after all, is to be aware that some information can’t be recovered and, to avoid personal disappointments or work problems, making backups periodically (and checking them) is the best way to be prepared.
Juan Brodersen
Enjoyed this? Leave a like, comment, or share to spread the word.
© 2024 Juan Brodersen