The Growing Need for Robust Data Protection
With Malware and Ransomware growing into existential threats, enterprises around the globe are rushing to protect themselves. Cybercrime Magazine states, “Global cybercrime damages are projected to reach $9.5 trillion USD in 2024, rising to $10.5 trillion by 2025” (2025). Protect your business by following the 3-2-1-1 best practice for protecting mission-critical data.[/vc_column_text][/vc_column][/vc_row]
“1,900 total Ransomware attacks occurred within just 4 countries – The U.S., Germany, France, and the U.K.”
-Malwarebytes, 2023
“On average, only 66% of affected data was recoverable.”
-Veeam, 2024
“Global cybercrime damages are projected to reach $9.5 trillion USD in 2024, rising to $10.5 trillion by 2025”
-Cybercrime magazine, 2025
Understanding the 3-2-1-1 Backup Strategy
Most business leaders agree that data is a critical asset that must be protected. Over time, the 3-2-1-1 rule has evolved as a best practice to help companies achieve comprehensive, multi-layered data protection. Data and cybersecurity experts alike recommend saving at least:
- 3 copies of your data,
- on 2 different media,
- 1 copy being air-gapped, and
- 1 copy being immutable (or offsite)
Emerging Regulation
As governments and regulators react to increasing cyber threats and the rising dependence on digital infrastructure, policies pertaining to digital resilience are taking shape globally. A leading example of this regulation is the European Union’s Digital Operational Resilience Act (DORA). DORA took effect in January 2025, and unifies and enforces strict digital resilience standards for the EU financial sector and related 3rd-party Information Communications Technology (ICT) providers to ensure organizations can recover from cyber-attacks and other ICT disruptions.
While DORA may be one of the first regulations of its kind, many countries and regions are proposing and creating similar laws. Some examples include U.S. Executive Orders, Canada’s Office of the Superintendent of Financial Institutions, the UK’s Financial Conduct Authority, Saudi Central Bank’s SAMA, the Ministry of Science, the Australian Government’s Department of Home Affairs, and many more.
Where Should Customers Start?
Satisfying the 3-2-1-1 Rule
| Solution | Usage |
| 3 Copies of Your Data |
Every customer has at least one Production system. Almost all have a Disaster Recovery (DR) system as well. Existing DR systems are not suitable for meeting Digital Resilience requirements since Production and DR are connected via active communications, and they are designed to very quickly synchronize to improve overall availability should there need to be a failover. If Ransomware were to occur on Production, it could propagate across the network to DR very quickly. Worse, many attacks focus on infecting the DR environment, including its ability to takeover, first.
At least a third copy is needed, but how? |
| 2 Different Storage Media | At least two copies must be on different storage media.
That way, if Ransomware were to encrypt the customer’s data, a second storage media could be accessed to recover the data. |
| 1 Copy Offsite |
Storing a copy of data at a second site (or more) protects against local disaster or incidents that could affect all local copies. This is a key aspect of traditional disaster recovery plans that leverage data backups and data replication solutions. |
| 1 Copy Offline or Immutable |
At least one of the copies must be offline (i.e., air gapped) or Immutable.
Regulations such as DORA mandate an unchangeable log of data that can be used for recovery. Write Once, Read Many (WORM) technologies exist on various types of Immutable Storage to meet this need. This storage technology may exist onsite (local, risky, but easier and faster), the cloud (remote, typically expensive, easier but slower), or a third site (typically remote, more complex, often the most expensive option, yet providing the highest level of resilience). The air-gapping methodology disables Ransomware from propagating across a network to other systems. New hardware and network technologies also are enabling “logical air-gapping,” meaning a port can be closed and only opened briefly, using secure and encrypting protocols, when needed. |
Hewlett Packard Enterprise globally sells and supports Shadowbase solutions under the name HPE Shadowbase. Contact your local HPE representative for further information about how HPE Shadowbase software can assist you in protecting and increasing the availability of your data.
For more information, please contact us or visit our website. For additional information, please view our Shadowbase solution videos: https://vimeo.com/shadowbasesoftware, or follow us on LinkedIn.
Specifications subject to change without notice. Trademarks mentioned are the property of their respective owners. Copyright © Gravic, Inc. 2025.
Be the first to comment