|
Backup Strategies series · Part 1 of 7 Backup Fundamentals — Why Data Protection Is IndispensableRisks, protection goals and the 3-2-1 rule as the minimum standard RAID is not a backup · RTO/RPO · protection goals · 3-2-1 and 3-2-1-1-0 |
|
On this page
|
Why backup at all?
Data is at the heart of every organisation today — customer records, engineering drawings, ERP databases, e-mails, production recipes. A data loss does not just cost recovery effort, but typically halts production, damages reputation and in the worst case ends the company. Studies by the German Federal Office for Information Security (BSI) show that more than half of mid-sized companies that suffer a severe data loss disappear from the market within months — not because hardware repair is expensive, but because daily operations are impossible without their data.
A well-considered backup strategy is therefore not an optional technical extra but a business necessity. It is part of risk management, mandated by regulations such as GDPR, ISO 27001 and industry-specific frameworks, and relevant for management liability in any incident.
RAID is not a backup
A common misconception in server configurations: “We have a RAID, so we are safe.” In reality, a RAID array — regardless of level — only protects against the failure of individual physical disks. Logical errors are mirrored by the RAID: an accidentally deleted file, an encrypted ransomware attack or a corrupted database propagates in real time across all hard disks in the array.
| Damage scenario | Protected by RAID? | Protected by backup? |
|---|---|---|
| Single disk failure | Yes | Yes |
| Accidental deletion | No | Yes |
| Ransomware encryption | No | Yes* |
| Failure of RAID controller | No | Yes |
| Fire, water damage, theft | No | Yes** |
| Corrupted database, software bug | No | Yes |
| Power surge / outage without UPS | No | Yes |
* Only if the backup copies are kept offline /
immutable / air-gapped — otherwise they get
encrypted too. See part 5.
** Only if the backup copy is stored off-site
according to the 3-2-1 rule.
Bottom line: A RAID increases availability, a backup enables recovery. They are complementary, neither replaces the other. For the RAID mechanics in detail see our article .
Six risk classes that every backup must address
A robust backup strategy covers all realistic loss scenarios — not just hardware defects. The following six classes can be derived from any recognised risk analysis (BSI 200-3, ISO 27005):
1. Hardware failureDisks, SSDs, controllers, mainboards, switches. Statistically the most common cause, also the best controlled. Defence: component-level redundancy (RAID, cluster, hot-spare disks). 2. Logical errorsCorrupted databases, faulty migrations, application bugs, broken updates. Invisible to RAID — only a backup with time depth (version history) helps. 3. Human errorsAccidental deletion, wrong `rm -rf`, faulty admin migrations, phishing-prone users. Statistically responsible for ~30 % of all data losses. 4. Cyber attacks (ransomware, sabotage)Currently the most business-critical category. Modern ransomware families actively search for NAS systems and backup repositories before encrypting. Protection: air-gap copies, immutable backups, separate backup domain — more in part 5. 5. Force majeure & physical risksFire, water damage, burglary, flood, power outage. Only manageable through an external backup copy outside the building (cloud, vault, second site, bank safe deposit). 6. Power eventsSurges, lightning, prolonged outages. A UPS (at least up to 1000 VA for small servers, up to 3000 VA for larger setups) protects against cache inconsistencies and gives backup jobs time to terminate cleanly. UPS batteries should be replaced every 3–5 years. |
Protection goals and terminology
Before we discuss specific methods and media, here are the terms that will recur throughout this series:
| Confidentiality | Data is only accessible to authorised parties. For backups: encryption of the storage media (AES-256), secure storage of external media. |
| Integrity | Data is unchanged and complete. Checksums (SHA-256), hash verification after every backup run, regular consistency checks of backup sets. |
| Availability | Data is accessible when needed. In the backup context: how fast can you restore? How many recovery points are available? |
| Recovery point | A specific state of the data at a defined point in time (e.g. full backup Sunday 02:00). The more recovery points are kept, the more granular the restore. |
| Retention | Storage duration of the backups (e.g. 30 days daily, 12 months weekly, 7 years yearly). Often mandated by regulations. |
| Air gap | A backup copy is physically and/or logically separated from the production network — an attacker has no path to it. Classic air gap: ejected tape cartridge in a vault. |
| Immutable | A backup cannot be deleted or modified for a defined period — not even by a compromised admin account. Implemented via WORM storage, S3 Object Lock, ZFS snapshots, Veeam hardened repositories. |
RTO and RPO — the two key backup metrics
If you take just two terms away from the backup world, take these: RTO (Recovery Time Objective) and RPO (Recovery Point Objective). They define the entire requirement profile of your backup strategy and directly drive hardware choice, software selection and cost.
RPO — Recovery Point Objective“How much data loss is acceptable?” Maximum acceptable data loss, measured in time. An RPO of 24 hours means: in the worst case, an entire day of work is lost. That is what a classic nightly backup achieves. An RPO of 15 minutes requires snapshot-based replication or continuous data protection (CDP). Examples: Payroll 24 h, ERP 4 h, web shop 5 min, payment systems 0 s. |
RTO — Recovery Time Objective“How long may recovery take?” Maximum acceptable time from incident to operations resuming. An RTO of 4 hours means: after 4 h the system must be back in production — including hardware provisioning, restore, smoke test. A low RTO requires pre-installed standby hardware, image-based backups or replication to a hot-spare. Examples: archive 7 days, file server 8 h, ERP 2 h, web frontend 15 min. |
Both values are derived from a Business Impact Analysis (BIA) and defined per application — not per server. A database may need RPO 15 min and RTO 1 h, while an archive on the same server is fine with RPO 24 h and RTO 3 days. This differentiation enables an economically viable architecture, since halving RTO/RPO values typically multiplies infrastructure cost by 2–5.
The 3-2-1 rule — and its modern extension
The 3-2-1 rule has been the established minimum standard of professional data protection for years. Easy to remember and surprisingly robust against virtually all realistic loss scenarios:
|
Extension: 3-2-1-1-0
With the rise of ransomware, the US Cybersecurity and Infrastructure Security Agency (CISA) formalised an extended version in 2020, which has also entered German BSI recommendations:
| +1 | One air-gap copy (offline) One of the backups is physically or logically disconnected from the network: ejected tape, separated tape array, object lock in cloud storage, hardened repository. |
| 0 | Zero verification errors Every backup run is automatically verified (checksum, virtual machine boot test, restore sample). No backup job is allowed to fail unnoticed — see part 7 on restore tests and monitoring. |
Anyone consistently applying the 3-2-1-1-0 rule has protection that even withstands aggressive ransomware campaigns — provided the concept is actually lived, not just documented on paper.
Frequently asked questions
Is cloud sync (e.g. OneDrive, Dropbox) a backup?
No. Sync services mirror deletions and encryption immediately to the cloud — that is replication, not backup. True backups keep historical versions immutably and are logically separated from the production system.
How long must backups be retained?
There is no blanket answer — the legal minimum depends on the data category. Tax-relevant documents (HGB, AO): 10 years. Personnel records: up to 30 years. Engineering and patents: often beyond product lifecycle plus warranty. A retention policy is a mandatory part of any data-protection concept.
What does professional backup cost?
Rule of thumb for SMB with ~5 TB of data: a NAS-based on-prem backup costs €3,000–8,000 one-off plus ongoing maintenance; an additional cloud off-site at a German provider around €50–200 per month. Tape-based setups (LTO-9 + library) start at ~€6,000 one-off but are cheapest per TB at long retention.
Who is responsible inside the company?
Operationally usually the IT department or an external IT service provider. Responsibility under GDPR and management law remains with the executive leadership — they may delegate, but cannot abdicate. A written backup policy with documented restore tests is liability-mitigating in case of an incident.
Consulting on backup strategy and hardwareWant to redesign your data protection or have your existing setup reviewed? Our team supports you in selecting NAS systems, tape arrays, cartridges, UPS solutions and backup software — aligned to your RTO/RPO and regulatory requirements. Phone: +49 (0)7666 / 88499-0 · E-mail: sales@industry-electronics.com |
Related shop categories
| Backup & data protectionBackup software Data protection |
StorageStorage NAS · Storage SAN Direct Attached Storage |
Tape & cartridgeBand/Cartridge Tape Array · RDX |
| Servers & controllersServers · Rack-mount RAID controllers |
Hard disks & SSDHard disks · SSD SATA Storage media |
Power supply (UPS)UPS (all) up to 3000 VA · up to 1000 VA UPS batteries |
Other parts of this series
Last updated: April 2026 · Lieske Elektronik · industry-electronics.com