It’s one of the most common misconceptions in small business IT: “We’re fine, we have RAID.” RAID is a valuable technology, but it doesn’t do what most people think it does. Treating it as a substitute for backup is a mistake that has caused real data loss for real businesses.
What RAID Actually Does
RAID (Redundant Array of Independent Disks) is a way of combining multiple physical drives so that the system can tolerate the failure of one or more of them without losing data or going offline.
In a RAID 1 array, two drives contain identical data. If one drive fails, the other keeps working. The system keeps running; you replace the failed drive and the array rebuilds.
In a RAID 5 array, data and parity information is spread across three or more drives. One drive can fail and the array remains intact. Replace the failed drive and the array rebuilds from the parity data.
RAID 6 tolerates two simultaneous drive failures across four or more drives.
This is useful. Drive failure is a genuine risk, and RAID means a single failed drive doesn’t cause downtime or data loss. For a NAS or server that needs to stay online, RAID is a sensible part of the infrastructure.
But that’s all it does.
What RAID Does Not Do
RAID does not protect against accidental deletion.
If a staff member deletes a folder (accidentally or deliberately) that deletion is immediately reflected across all drives in the array. RAID has no concept of previous versions or deleted files. The data is gone from all drives simultaneously.
RAID does not protect against ransomware.
Ransomware encrypts your files. When the operating system writes encrypted versions of your files to the RAID array, all drives in the array store the encrypted versions. RAID faithfully mirrors or distributes the corrupted data across every drive. You now have multiple redundant copies of encrypted, inaccessible files.
RAID does not protect against corruption.
Software bugs, failed writes, and filesystem corruption can affect the data seen by all drives in the array. RAID provides redundancy at the drive level, not the data level.
RAID does not protect against physical incidents.
Fire, flood, theft, or a power surge that destroys the NAS or server also destroys every drive in the array. All the drives are in the same box.
RAID does not provide point-in-time recovery.
A backup lets you recover a file as it existed at a specific point in the past — yesterday, last week, last month. RAID has no historical states. There is only the current state of the data.
The Confusion Is Understandable
RAID uses the word “redundant” and redundancy sounds like backup. Both involve multiple copies of data. The critical difference is that RAID creates simultaneous copies that change together, while a backup creates a separate, independent copy at a point in time that is protected from changes to the original.
A backup is a snapshot of your data that exists independently of your live system. RAID is a mechanism to keep your live system running through a drive failure.
What You Need Instead
The right answer combines RAID for availability with backup for recoverability:
RAID (or similar redundancy) keeps your system running if a drive fails. It provides hardware resilience.
Backup protects against data loss from any cause: deletion, ransomware, corruption, or physical disaster. It provides data recoverability.
These two things serve different purposes and neither replaces the other.
A practical backup strategy for an SME follows the 3-2-1 rule: three copies of data, on two different media, with one copy off-site. We cover this in detail in our post on backup strategy.
Specific Risks to Address
Ransomware: At least one backup copy should be immutable, unable to be modified or deleted, even by an administrator. Many cloud backup services offer immutable storage as an option. This is the only reliable defence against ransomware that targets backup destinations.
Accidental deletion: Your backup solution should retain multiple versions of files over an extended period, not just the most recent copy. A backup that only keeps the latest version will overwrite a good copy with a corrupted or deleted one before you notice the problem.
Off-site copy: A local backup protects against drive failure and accidental deletion. An off-site copy protects against the physical loss of your premises. Both are necessary.
A Common Scenario
A small business runs a NAS with RAID 1, two drives mirroring each other. They feel their data is protected.
Ransomware enters via a phishing email. Within hours, it encrypts every file it can reach on the network, including the NAS shares. Both drives in the RAID array now contain the encrypted versions of every file. The RAID array is intact and healthy. The data is completely inaccessible.
Without a separate, protected backup, recovery means either paying the ransom or starting from scratch.