Science Magazine

The 3 – 2 – 1 Principle for Keeping Your Data Safe

Posted on the 06 May 2020 by Betchaboy @betchaboy

I was cleaning out a drawer in my home office this morning and found this collection of old USB memory sticks dating back quite a few years. Remember those days when you thought you were so cool because you had this little storage drive full of all your stuff in your pocket? I recall working in a school back in those days where we actually mandated that every student had to have a "USB", such was the apparent importance of these things. The intention was for students to keep their personal data safe and secure, but we used to constantly find them left behind in the USB ports of the classroom computers after a lesson. Or they would sometimes mysteriously just stop working. Or the kids would lose them. USBs may have been cool, portable and handy, but they were about the most insecure method for managing data I can think of.

(Side note: I've never quite known what to call these things. Calling them simply a "USB" seems stupid to me, because USB - or Universal Serial Bus - is a data interface standard, not a name for a device. Lots of devices might use a USB plug as the connection interface but that's not the name of the actual device. I've owned microphones and printers and cameras and all kinds of things that connect using a USB interface, but we don't call all these devices "USBs". That would be silly. If you must use the term USB for these portable memory devices, at least call them a USB memory stick)

Some people seem to feel like their data is perfectly safe and secure if they have it stored on one of these little memory sticks. Let me tell you, for the vast, vast majority of people, letting them manage their own data storage is a really bad idea. The only real explanation I hear for why people feel memory sticks are a secure way to store data is that they "know where their data is". People actually say that they won't put their data anywhere that they don't know where it stored. It might sound good to say that your data is safe as long as you know where your data is stored, but trust me, just knowing where your data is stored has nothing to do with it actually being secure.

As for relying on memory sticks, those things are the least secure way to store your data I can think of. They can get lost, fall out of your pocket, go through the wash, get eaten by the dog, or you leave them in the back of another computer and forget about them, or they simply just stop working for no apparent reason. If you have a few of them it is near impossible to keep track of what's stored on them. Other than for absolute emergencies or moving a file as a last resort, USB memory sticks, or whatever you want to call them, are probably a really bad idea.

So when it comes to storing data, what IS a good idea then? For most people who never really think much about boring things like secure data storage, the answer is the cloud. Whether it's Google Drive, DropBox, OneDrive or some other cloud service, it will be infinitely more secure than any storage "system" you could come up with by yourself. Once your data is in the cloud it gets securely stored, safely backed up and is accessible from anywhere, on any device.

I know what you're thinking. "Yes, but I don't trust the cloud, I don't know where my data is stored." Well, you probably have a bank account but you don't know where your money is stored either, so I'm not sure what your point is. Claiming your data is more secure on a memory stick would be like putting your money in a shoebox under your bed and claiming it is more secure than the bank. Just like money, data is secured by the processes and infrastructure that store it, not from simply knowing where it is. I'll say it again. For the average person - yes, you - the safest place to store your data, by far, is in the cloud.

But what if the internet goes away? But what if the cloud loses it? But what if the data centre burns down? Or what if I do store it in the cloud, and that free storage they give me now becomes something I have to pay for one day? (How terrible that you might one day get asked to pay for a service you're using!)

If you really don't trust the cloud, then at least get a portable hard drive, so you're not dealing with these dinky little memory stick things. In fact, while you're at it, buy a second portable hard drive, because you're going to need to make a backup of the backup, because what if you lose the first one?

Which brings me to my main point. Data security - or keeping your important data safe - is a big deal. The truth is most people wouldn't really care if they lost that Word file of a resume for a job they applied for 10 years ago. But losing your entire photo collection? Or all your music? Or videos of the kids when they were little? Or letters from your deceased parents? This is the stuff that's a big deal. This is the stuff that you don't want to put at risk. This is the stuff that you don't ever, ever, ever want to have just stored on a memory stick.

So how should you store it? There's a general principle of keeping data safe. The 3-2-1 rule. Three copies of the data. Stored in at least two different mediums. One of which is in a different physical location. Let me elaborate...

Three - you need to have three copies of important data. One is clearly not enough because if you lose it or it gets destroyed, that's it. It's gone for good. A second copy - a backup - is important. But if the data is really critical, the I-really-cannot-lose-this kind of stuff, then a third copy gives you peace of mind.

Two - you need to store the data in at least two mediums. There would be no sense having three copies of your data if each copy was on floppy disks. I don't know about you, but it's been a while since I've seen a floppy disk reader, so having everything stored in one now-obsolete format means you can't read any of the copies. You might think floppy disks are a silly example. Well how about this? I own a number of computers - mostly Macs and Chromebooks - and not one of them has a port that can read those USB memory sticks in my drawer. Those old memory sticks use a standard called USB-A, but all modern computers use the newer USB-C format, rendering all those old memory sticks now obsolete. Sure I could use an adapter, but the fact is those old memory sticks are yesterday's technology. You should keep the three copies of your data in at least two different formats because you never know how technology will change and you want to make sure that you're always using formats that will still be readable.

One - you need at least one of those copies to be stored offsite. There's no sense having your three copies in two different formats if they are all stored in your house and the house burns down. At least one of them needs to be kept in a completely different physical location. Offsite. Your parents' house. A friends' place. Or in the cloud. Somewhere. Just not in the same place as the others.

As it turns out, having your important stuff stored in the cloud addresses every one of these requirements - it's another copy, it's in a different format, and it's offsite. And regardless of how well you think you can manage your own data on those portable drives, putting your data in the cloud puts it into a real data centre which stores it in real time, with real backup processes, real biometric security, real disaster management plans, and real data management processes. I don't care how well you think you can manage your own data, you're an amateur compared to the way the data centre looks after it.

If you're still not sure convinced that the cloud is a safer alternative than that old SCSI Zip drive you can't seem to find right now, take a look at this video tour of a Google data center.

Should you have all your data only in the cloud? Of course not! 3-2-1! Weren't you paying attention? Go get yourself a couple of hard drives and set up Time Machine or SuperDuper with a regular scheduled backup. Then after you've done that, go upload everything to a reputable cloud service.

But stop relying on those stupid USB memory sticks!

The 3 – 2 – 1 Principle for keeping your data safe
The 3 - 2 - 1 Principle for keeping your data safe by Chris Betcher is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.


Back to Featured Articles on Logo Paperblog