RAID arrays, external hard drives, and cloud sync services like Dropbox or OneDrive are useful tools — but none of them are backups. Each one protects against a narrow set of problems while leaving you exposed to the threats that actually destroy businesses: ransomware, fire, theft, and cascading hardware failures. Here's what each option actually does, where it falls short, and what real data protection looks like.
The comparison at a glance
| Threat | External Drive | RAID Array | Cloud Sync (Dropbox, etc.) | Off-Site Backup |
|---|---|---|---|---|
| Single drive failure | Not protected | Protected | Protected | Protected |
| Fire / flood / theft | Destroyed with building | Destroyed with building | Cloud copy survives | Off-site copy survives |
| Ransomware | Often encrypted too | Encrypted by attack | Synced & overwritten | Immutable snapshots |
| Accidental deletion | No versioning | Deleted instantly | Limited (30-day trash) | Point-in-time restore |
| Version history | No | No | Limited | Full snapshot history |
| Encryption | Optional (BitLocker) | Usually none | Provider-held keys | AES-256 encrypted |
Why each option falls short
External Hard Drives
External drives are the most common "backup" strategy for small businesses — and the least reliable. Consumer drives have a 2-5% annual failure rate. They're often left plugged in (vulnerable to ransomware and power surges), rarely tested, and destroyed alongside your computer in a fire or theft. USB drives are a copy, not a backup.
RAID Arrays
RAID protects against a single drive failure — that's it. It does not protect against fire, theft, ransomware, accidental deletion, corruption, or multiple drive failures. RAID is an availability tool, not a backup tool. Many businesses with RAID arrays have lost everything because they assumed RAID was a backup.
Cloud Sync — Dropbox, OneDrive, Google Drive
Cloud sync services are designed for collaboration and access — not for backup. If ransomware encrypts your files, the encrypted versions sync to the cloud, overwriting the good copies. Deletions sync too. Limited version history helps, but it's not a substitute for proper point-in-time backup snapshots with configurable retention.
What about Backblaze, S3, and other cloud storage?
Services like Backblaze B2 (~$6/TB/mo) and AWS S3 solve the off-site problem — but they're raw storage, not a backup solution. You still need to:
- Choose and learn backup software (restic, Duplicati, Borg, rclone)
- Write scripts or cron jobs to automate backups
- Configure retention and pruning policies
- Set up monitoring and failure alerts
- Handle your own restores from the command line
- Pay egress fees every time you download data ($0.01-0.09/GB)
If you have dedicated IT staff, DIY backup on B2 or S3 can work. If you don't — and most small businesses don't — a managed backup service handles all of that for a flat monthly fee with zero egress charges.
What a real backup looks like
A real backup is stored in a different physical location so a fire at your office doesn't touch it. It keeps point-in-time snapshots so you can restore from any date. It's encrypted with AES-256 so your data stays private. And it's managed by someone who deploys, configures, and monitors it — because a failed backup you don't know about is worse than no backup at all. No egress charges, no API fees, no per-GB download costs when you restore.