UK’s trusted IT infrastructure partner since 2003
sales@servnetuk.com
0800 987 4111
Servnet
ConfiguratorGet in Touch
RAID is not a backup: the myth that costs businesses their data — networkRAID is not a backup: the myth that costs businesses their data — reach
Storage & Hardware

RAID is not a backup: the myth that costs businesses their data

Daniel Mercer · Hardware Specialist, Servnet9 min read

It is one of the most expensive misunderstandings in small business IT, and it sounds entirely reasonable: 'our storage uses RAID, so if a drive fails we are protected - that is our backup'. The first half is true. The conclusion is dangerously wrong, and businesses lose everything to it every year. RAID and backup solve completely different problems, and confusing the two leaves a gap exactly where your data is most at risk. Let us bust the myth properly.

What RAID protects vs what a backup protects
The threatRAIDBackupOne drive failsCommonProtectedProtectedAccidental deleteCommonNoProtectedRansomwareFrequentNoProtectedFire / theftPossibleNoProtectedCorruptionPossibleNoProtected

The myth, stated plainly

The belief goes like this: my NAS or server has several drives in a RAID array, RAID survives a drive failure, therefore my data is backed up. Every link in that chain except the last is correct - and that is precisely what makes the myth so sticky. RAID really does protect against one kind of failure. It just is not the kind that destroys most businesses' data.

To see why, you have to know what RAID is actually for. It was never designed to be a backup. It was designed to keep a system running, and to keep data available, when a single drive dies. Those are valuable goals - but availability is not the same as safety, and that distinction is the whole point.

What RAID actually does

RAID - Redundant Array of Independent Disks - combines several drives so they behave as one, and it stores your data across them in a way that can tolerate a drive failing. If one disk dies, the array keeps serving your files while you replace the faulty drive, and the missing data is rebuilt onto the new one. Nobody downs tools; the business keeps working. That is genuinely useful and worth having.

The key word is uptime. RAID is an availability feature: it stops a hardware fault from taking your system offline. What it does not do is keep a separate, independent copy of your data that you can return to. Every drive in the array holds the same live data, changing in real time. Whatever happens to that data - good or bad - happens across the whole array at once.

All the disasters RAID cannot save you from

Here is the uncomfortable list. RAID does nothing about any of these, because in every case the bad change is faithfully written across all the drives instantly:

Each of these is a far more common cause of real data loss than the single-drive failure RAID guards against. Ransomware in particular has turned this from a theoretical risk into a frequent one - encrypt the live data and the RAID array dutifully holds the encrypted version on every disk.

  • Accidental deletion - someone removes the wrong folder; it vanishes from every drive at once
  • Ransomware or malware - encrypts or corrupts your live files across the whole array
  • Fire, flood or theft - the entire box is gone, RAID and all
  • Corruption or a bad software update - writes the damage to every disk simultaneously
  • A second drive failing during the slow rebuild after the first - the array is lost
The 3-2-1 backup rule
3-2-1 (plus immutable) — control map3Three copies of your data keptCORE2On two different types of mediaCORE1One copy kept offsiteCORE+One copy offline or immutable (anti-ransomware)PLUSTRestores tested - proven to actually workPLUS

What a real backup looks like

A backup is a separate, independent copy of your data, kept somewhere the original disasters cannot reach, that you can restore from after something goes wrong. The difference from RAID is that a backup is detached from the live system - it is not changing in real time, so a deletion or ransomware attack on today's data does not touch yesterday's copy.

The widely used rule of thumb is 3-2-1: keep three copies of your data, on two different types of media, with one of them kept offsite. The offsite copy is what survives the fire, the theft and the ransomware that takes everything on your premises. A modern variation adds 'one offline or immutable' copy - one that ransomware physically cannot alter - which has become essential as attacks have grown more aggressive.

RAID and backup work together

None of this means RAID is pointless - far from it. The right way to think about it is that RAID keeps you running through a drive failure, while backup lets you recover from everything else. They are complementary, not alternatives. A well-run system has both: RAID so a single dead disk does not stop the business, and proper backups so a deletion, an attack or a disaster does not end it.

If you have been treating your RAID array as your backup, treat this as the nudge to fix it before you find out the hard way. Decide where your independent, offsite copy lives, make sure at least one copy is beyond the reach of ransomware, and test that you can actually restore from it. We build exactly this resilience into our backup and disaster recovery service, and our ransomware protection covers the immutable-copy piece. For how RAID fits into wider storage design, the deeper technical view is in hardware RAID vs HBA passthrough.

Key takeaways
  • RAID is an availability feature: it keeps a system running when a single drive fails. That is all.
  • RAID is not a backup - every drive holds the same live data, so deletions, ransomware and disasters hit them all at once.
  • The biggest causes of real data loss - accidental deletion, ransomware, fire, corruption - are exactly what RAID cannot stop.
  • A real backup is a separate, independent, ideally offsite and immutable copy you can restore from.
  • Use both: RAID to survive a dead disk, backups to survive everything else - and test that restores actually work.
Frequently asked

FAQs — RAID is not a backup

The core question

If RAID is not a backup, why bother with RAID at all?

Because it solves a real and different problem: keeping your system running when a single drive fails, with no downtime and no data loss from that one event. That is worth having. It simply does not protect against deletion, ransomware, corruption or disaster - which is why you need backups as well, not instead.

Does this apply to my NAS too?

Yes, completely. A NAS with RAID is just as exposed - the redundancy keeps it running through a drive failure but offers no protection if files are deleted, encrypted by ransomware, or the whole box is stolen or destroyed. A NAS should always have its own backup kept somewhere else.

Doing it right

What is the 3-2-1 backup rule?

Keep three copies of your data, on two different types of media, with one copy offsite. It is a simple, durable framework: the multiple copies cover hardware failure, the different media cover a fault affecting one type, and the offsite copy survives fire, theft and ransomware on your premises. Many now add a fourth idea - one immutable or offline copy that attackers cannot alter.

Related

Got a question this article didn't answer?

One conversation with an engineer who's done this before. No sales script.

Talk to Servnet →