Recent Breaches
Breaches
2026PowerSchool62.4M stolen62.4M records stolen2026DISA Global Solutions3.3M stolen3.3M records stolen2026Globe Life850K stolen850K records stolen2026HertzUndisclosed stolenUndisclosed records stolen2026NHS ScotlandUndisclosed stolenUndisclosed records stolen2025Marks & Spencer9.4M stolen9.4M records stolen2025PayPal35K stolen35K records stolen2025Co-operative GroupUndisclosed stolenUndisclosed records stolen2025Jaguar Land RoverUndisclosed stolenUndisclosed records stolen2024National Public Data2.9B stolen2.9B records stolen2026HertzUndisclosed stolenUndisclosed records stolen2026NHS ScotlandUndisclosed stolenUndisclosed records stolen2025Marks & Spencer9.4M stolen9.4M records stolen2025PayPal35K stolen35K records stolen2025Co-operative GroupUndisclosed stolenUndisclosed records stolen2025Jaguar Land RoverUndisclosed stolenUndisclosed records stolen2024National Public Data2.9B stolen2.9B records stolen2026PowerSchool62.4M stolen62.4M records stolen2026DISA Global Solutions3.3M stolen3.3M records stolen2026Globe Life850K stolen850K records stolen
View All →
Why OSS

The 3-2-1-1-0
Backup Rule

Three copies, two media, one offsite, one offline, zero recovery errors. The modern reading of the backup rule, and where a physical air gap sits inside it.

R4
The five numbers

What Each Number Actually Requires

Plain definitions for each digit in the rule, and what a modern ransomware resistant estate needs to satisfy them.

01
Production plus two backups

3 copies of your data

Keep at least three copies of every important dataset. The live production copy counts as one. Two independent backup copies protect against the failure of any single storage system, and against the ransomware playbook that targets a single backup platform first.

Production is copy oneTwo independent backupsNo single storage dependency
02
Diverse failure and attack modes

2 different media

Spread the copies across at least two different storage media. Disk and object storage. Object and tape. Cloud and physically disconnected disk. Different media fail differently and are targeted differently, so a single class of failure or exploit cannot take every copy at once.

Diverse storage typesDiverse vendors and firmwareDiverse attack surfaces
03
Protection against site loss

1 copy offsite

At least one copy lives away from the primary site, whether that is another data centre, another region or a Firevault Bunker. Fire, flood and localised destructive attacks stop at the site boundary, and the offsite copy remains available to rebuild from.

Different site or regionIndependent power and networkSurvives physical disaster
04
The physical air gap Firevault provides

1 copy offline

One copy is offline and out of reach of the production network. This is the modern addition to the classic 3-2-1 rule and the one that ransomware operators cannot defeat remotely. Firevault Offline Secure Storage is designed specifically to be this copy, with Layer 1 disconnection and a tamper evident audit trail.

No network path when offlineOut of band switching onlyTamper evident connection log
05
Verified restores, not hopeful ones

0 errors on recovery

A backup that has never been restored is not a backup, it is a belief. The zero on the end of the rule requires regular, verified test restores that prove the copies are readable and consistent. A gold copy that cannot be restored on demand is worse than no plan at all.

Scheduled test restoresIntegrity verified end to endRunbooks proven, not written

Read the pillar guide, or continue with the comparison against immutable backup.

The 3-2-1-1-0 Backup Rule, Common Questions

Mark Fermor
David Bailey
Kenny Phipps
Online Now
Concierge

Add the offline 1 to your backup strategy

Talk to the Firevault team about adding a Layer 1 offline gold copy so your estate satisfies the modern 3-2-1-1-0 rule.

Takes about 2 minutes. No account needed.

Free2 minsNo sign-up
    Get started

    Your privacy matters

    We use cookies to keep the site running smoothly and to understand how you use it. You are in control. Privacy Charter · Cookie Policy