Backup in 2026 is no longer a single tool — it is a layered discipline. Understand the modern landscape, the 3-2-1-1-0 rule, and the maturity ladder.
Definition
Modern backup — a layered, defence-in-depth discipline of agents, policies, deduplication, encryption, immutability, air gaps, and cloud tiers — engineered against ransomware, regulators, insurers and customer expectations of minute-level recovery.
In 2005, backup meant a scheduled job that wrote data to tape and a junior IT administrator who swapped the tapes every Friday. In 2026, backup is a complex ecosystem of agents, policies, deduplication engines, encryption keys, immutability layers, air-gapped copies, and cloud tiers — and the consequences of getting it wrong have never been more severe. The threat model has changed beyond recognition. Adversaries actively target backup infrastructure before they encrypt production. Regulators demand evidence that data can be recovered, not just that it has been copied.
The modern backup landscape
Agents and policies
Agents capture data; policies define what gets protected, how often, with what retention, to which targets. Policy-driven backup matters because human-managed schedules drift and produce coverage gaps.
Deduplication
Stores each unique block once across backup sets. In environments with similar VMs it cuts storage by 20–80 per cent — but badly designed dedup creates single points of failure.
Encryption & key management
Backup data must be encrypted at rest and in transit. A backup encrypted with a key you cannot retrieve is not a backup.
Immutability
Write-once-read-many storage refuses alteration or deletion within a retention window — even by administrators with full credentials. The single most important technical defence against ransomware.
Air gaps
Physical or logical separation between backup copy and live network. A backup reachable by ransomware is not a backup.
Cloud tiering
Hot, warm and cold tiers at progressively lower cost and slower retrieval. Tiering policies that move data automatically can halve backup storage cost.
"The 3-2-1 rule was sufficient in 2010. The 3-2-1-1-0 rule is the minimum for 2026."
The 3-2-1-1-0 rule explained
Three copies of data — the original plus two backups. On two different media types — preventing a single technology failure. With one copy offsite — protecting against site-level disaster. With one copy offline or immutable — protecting against ransomware. And zero errors confirmed by a completed recovery test. The zero means your backup has been proven, not assumed, to work.
Closing
Backup is your last line of defence against data loss and your first line of capability for recovery. It deserves investment, strategy, and regular testing — not a set-and-forget configuration from five years ago. Modern threats demand modern backup, and modern backup is no longer a simple tool. It is a layered discipline, and the organisations that treat it that way will be the ones still operating after the rest have spent a fortnight rebuilding from scratch.
Want a complete picture of your resilience posture?
The Reach Data Resilience Assessment evaluates your backup maturity alongside your broader resilience posture.
Start your free assessment →