Backup best practices: A NAS is not enough

Losing your data can suck. If you have the right backup strategy, though, recovery of lost data can be nearly painless. You do have the right backup strategy, right?
Written by David Gewirtz, Senior Contributing Editor

I feel bad for this guy. I really do. Losing your data, even part of it, is not a fun experience. It can ruin your whole week.

It's not supposed to be this way, though. There's a best practice that should be followed, and if you do, you won't be this guy.

Let's start off by meeting Steve Burke, a YouTuber with glorious seventies hair, from a channel called Gamers Nexus. If you want to watch his troubled cry of pain, here it is.

Here's his story. He has a NAS made by Synology, a company we've reviewed very highly. At some point, his NAS stopped working and would not power on. In his video he says he has B-roll, finished videos, product designs, logos, and software on his inaccessible machine.

Burke says he has a remote backup service and "Some of it is backed up." But, he's stuck, because some of what was on the NAS hasn't been backed up because it's, "new, this week."

Uh. Oh.

So he goes on to say that because the NAS is a proprietary design (rather than a home-built PC), parts are inaccessible. If he had built his own NAS from PC parts, he could fix them right away, but because this is a packaged storage appliance, that option isn't really available to him, unless he orders some spare parts "from China," which could take three or four weeks to be delivered.

Then, in a move considerably braver (and possibly more foolish) than I'd ever be, he hooks up what he thinks might be a matching PC power supply to the NAS's internal circuitry and it boots.

So let's talk best practices

This YouTuber seems to know his stuff. He has a cool mat he sells that shows power supply pinouts, so I'm guessing he's pretty knowledgeable. But best practices? I think not.

When I advise folks on backup, I recommend going above and beyond what's called the 3-2-1 strategy to what I call the 3-2-1-off-and-away strategy. The idea is simple.

The idea of 3-2-1 is to have three copies of every file, two of which are on different physical devices, and one of which is located off-site. Our guy didn't have that. He counted entirely on one NAS for all his backups. He has an offsite backup, but it hadn't been updated.

The "off" part of my strategy is to have at least one full backup air-gapped from the Internet. I do this for my stuff by keeping one backup server shut down, except for a once a week quick incremental backup nibble. That way, if there's some sort of malware running loose, the "off" machine is still safe.

The "away" part is making sure your offsite backup is out of your geographic region. My away strategy used to be rotating drives in and out of my local bank's safe deposit box. But when I lived in Florida, I realized my bank could be blown into the Atlantic by a hurricane as easily as my home, and started backing up remotely, to a remote cloud location.

The realities of storage life

The fact is, hardware fails. Whether it is a NAS with a bad power supply, or a home-built PC with a bad motherboard, or a couple of hard drives that die during a cross-country move, hardware will fail. Period.

Battle of the NAS appliances

Burke isn't the only one guilty of less than perfect best-practices. As I detailed in my article about how RAID saved my bacon, I had an entire, mission critical RAID that was completely not backed up. That was very my bad, but it has since been rectified.

In other words, smart people can make dumb backup decisions.

The point of this article, though, is to remind you of the 3-2-1-off-and-away strategy and to not be dumb. A single NAS as your backup strategy is not enough.

As a rule, I have two NAS boxes running all the time. One is my hot, live working environment. Another is an offline backup. In my case, I was fortunate that the ioSafe folks sent me their flood-and-fire-proof ioSafe 1515+, so my backup NAS isn't just a second NAS, it's an armored bomb-proof bunker of a backup NAS.

At some point in the future, I'll take you through my whole storage architecture. But for now, the key thing you need to take away is this: one NAS is not enough.

Hardware will fail. Make sure you have a second backup locally of everything. Make sure your remote backups are up to date. Do it now, before you have a very bad week when you discover your most critical information isn't backed up. Go. Now.


Western Digital adds NVMe, flash heft to data center storage lineup

Western Digital is going after big and fast data workloads.

Apricorn USB 3.0 Aegis Padlock DT drive: Up to 12TB of hardware-based encrypted storage

Securing sensitive data stored on external hard drives is usually a minefield, especially if you are looking for cross-platform compatibility. The Apricorn USB 3.0 Aegis Padlock DT drive is the solution to this problem.

Why a hard drive RAID array can save your bacon

When real life intrudes, having layers of protection can help you safeguard your data, and recover when disaster strikes.

Cloud sync vs backup: Which disaster recovery works better for business continuity?

David Gewirtz shares a real-world example of how a cloud-based disaster recovery strategy can help sustain business continuity, even for small businesses and families.

You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV.

Editorial standards