One morning you arrive at the office and the main server won't come up: a disk has failed, a power surge has fried the hardware, or ransomware has encrypted every file. At that moment there is only one question: how recent is our last reliable copy, and how quickly can we bring it back? The answer depends entirely on a backup strategy you built beforehand. This article explains how data backup, disaster recovery and business continuity differ, walks through the 3-2-1 backup rule, covers RTO and RPO as concepts, and shows how ONYX builds resilient systems around centralized servers.
Backup, Disaster Recovery and Business Continuity Are Not the Same Thing
These three terms are often confused, yet they are three distinct layers stacked on top of one another. You cannot substitute one for another.
Backup means keeping a reliable copy of your data somewhere separate. It answers only one question: "does a copy exist?" Disaster recovery is broader: a copy exists, but how, in what order, and within what timeframe do we bring it back into working condition? Business continuity is the top layer: keeping critical processes running — at least partially — so the business doesn't stop entirely while systems are restored. A company that has backups but no recovery plan is "storing" files, yet cannot get them back in time when disaster strikes.
The 3-2-1 Backup Rule
The internationally accepted foundation of a sound backup strategy is the 3-2-1 rule. It rests on a simple but powerful principle: never trust a single copy.
3 Copies
Keep at least three copies of your data: one working copy (the live data on the server) and at least two backups. When the only copy is lost, there is no way back.
2 Different Media
Store the copies on at least two different types of media — for example a server disk plus a separate storage system (NAS) or tape. Identical hardware can fail for identical reasons.
1 Copy Off-Site
Keep at least one copy physically elsewhere — the cloud or a separate branch. Even if fire, water or theft takes out the whole room, the off-site copy survives.
This rule is not arbitrary: it removes the chance that a single event destroys every copy at once. A disk in the office and the USB drive sitting next to it are both lost in the same fire — an off-site copy is not.
RTO and RPO: Two Concepts That Measure Recovery
A disaster recovery plan is built on the answers to two questions. These are not fixed numbers — they are targets each business must define for itself.
RPO — How Much Data Can We Afford to Lose?
RPO (Recovery Point Objective) is the gap between your last backup and the moment of disaster. If you back up once a day, in the worst case you can lose a full day's work. For critical accounting or sales data that may be too much — so backups must run more frequently.
RTO — How Quickly Must We Recover?
RTO (Recovery Time Objective) is the allowable time from disaster until the system is running again. The difference between an hour of downtime and a day of downtime is large, and it translates directly into money. The shorter the required RTO, the more seriously the infrastructure must be built.
An important point: ONYX does not invent these targets for you. We first determine with you which data is how critical, then design a real solution that matches your RTO and RPO goals.
On-Site vs Cloud Copies: Why You Need Both
The question is not "office or cloud" — in a well-built system the two complement each other.
An on-site copy is for fast recovery: on the local network, large volumes of data come back far faster than downloading them from the cloud. An off-site (cloud) copy is insurance against a local disaster — fire, water, theft, ransomware. Handling everyday restores from the fast local copy and the major disaster scenario from the off-site copy is the sound approach. One extra layer is immutable copies: backups that cannot be deleted or encrypted for a defined period, which prevents ransomware from destroying the backups too.
How ONYX Builds Resilient Systems: Real Projects
A backup strategy delivers real value when it is built around centralized servers. ONYX's delivered projects show this:
- Aselsan Azerbaijan — a Dell PowerEdge server rack in a data-center room, file and mail server with Active Directory, and a Checkpoint firewall. Here all corporate data — user accounts, files, mail — is centralized; which means those very servers must be backed up on a schedule and be genuinely recoverable.
- MobilGroup — 120 users, 5 branches; a domain (AD), mail, a server room and server, and site-to-site VPN between branches. Central data and branches are linked by VPN — a structure that naturally lays the groundwork for an off-site copy as well.
In both cases the principle is the same: centralize the critical data first, then back it up with 3-2-1 logic and document the recovery plan. ONYX's CTO was also the lead architect of the passive network infrastructure for COP29 — the UN Climate Conference (Baku, 2024) — real engineering experience standing behind our team.
Is your data one disk failure away from disappearing?
ONYX builds backup and disaster recovery solutions from audit to full integration — centralized servers, 3-2-1 copies and a documented recovery plan. Explore our business solutions or get in touch with us directly.