When I go on information systems and information security audits of different companies either for their compliance purpose or for their readiness evaluations, I always come across instances wherein the company would have implemented RAID 5 but, wouldn’t have a backup or archival mechanism in place – because of misconceptions that RAID 5 will protect their data.
RAID 5 is a technology that protects access to the data and not the data itself. You can of course try and rebuild the data from the array but, if that doesn’t go through then you are toast. That is exactly what happened to a company wherein they had implemented RAID 5 thinking that not only will the technology help them maintain access to data during a failure but, would also actually protect their data.
One of the drives in the array failed and after the failure they still had access to the data but, after replacing the drive they tried to rebuild the data – which didn’t go according to the plan and everything just started falling apart. The vendor phone support was not at all up to the mark and if my experience serves me right, I wouldn’t bank on that 100 per cent. At the end the company lost all the data residing on their 2TB drive they were using for file sharing purpose.
Many companies already know of this and that is the primary reason they don’t use RAID5 because there are chances of a second failure while a rebuild is going on – as it happened in the case I just mentioned. Further, data keeps on growing and the rebuild process starts getting lengthier which increases the chances of a second failure – well beyond the comfort zone of many companies. Companies have started using RAID6 and enterprises which are more concerned about their data than anything else would go for codes that can even withstand up to 4 failures.
I am not saying that the second drive will inevitably fail – I am just saying that RAID 5 is not for protection of data and to be on the safer side do have a backup system in place – just in case. RAID technology has advanced over the years – but it is not a substitute of backup and archive.