All storage fails. The only question is when. For critical data: LOCKSS. Lots Of Copies Keeps Stuff Safe.
I've relied on daily bootable backups to keep my business running for over 15 years. But the new M1 Macs have eliminated that option. The M1 Mac SSD is a Single Point of Failure (SPOF)
The old days
With backup software like SuperDuper! or Carbon Copy Cloner, users could automate a daily backup that not only mirrored all the system drive's data, but could also boot the Mac should the system drive fail.
You might lose a few hours work, but you'd be up and working almost instantly. If your recent docs were backed up to a cloud service, you'd lose a few minutes work.
Saved my bacon several times over the years. This was so much easier than other systems that, for me, it was a major Mac advantage.
But no more. Your M1 Mac may not boot at all if the system drive fails, external drive or no. And, as I noted earlier, all storage fails.
Locking down the boot
To keep malware off Apple Silicon macOS (& iOS), Apple is locking down the macOS boot process. The M1 boot process requires a working SSD to boot macOS. The SSD contains a Signed System Volume that is cryptographically sealed by Apple. No seal, no bootable System.
So if the internal drive on your M1 Mac fails completely, even an external bootable drive won't boot. Yep, your Mac is bricked.
It's as if the hidden volumes were part of the firmware, except they aren't in firmware.
To be real, all digital devices have multiple single points of failure. The more interesting question is: how likely is a complete SSD failure?
How do SSDs fail?
I've reviewed much of the published research into SSD failures on ZDNet:
- SSD reliability in the enterprise: This survey yields a few surprises
- Kroll Ontrack on field SSD reliability
- SSD reliability in the real world: Google's experience
- Facebook's SSD findings: Failure, fatigue and the data center
The papers largely focus on enterprise and cloud-scale systems and tell a consistent story. The main cause of data loss is NAND flash die failures.
Most flash chips consist of two dies packaged together, and when failures occur, it's typically a single die that fails. While individual NAND flash cells have a limited number of writes, mitigation strategies in modern SSD controllers ensures those limits are rarely reached.
In a 256GB SSD today, there could be as few as 16 dies on 8 chips. Lose a single die and there goes ≈16GB of data. Better than a disk drive head crash that destroys the entire drive, but sub-optimal.
Apple engineers are aware of the SPOF problem, as evidenced by their decision to create not one but two recovery volumes on the SSD. Maybe they were even smart enough to ensure that those volumes are spread across different dies in separate chips.
There's a tradeoff between system security and data availability.
I'm not happy that Apple has eliminated booting off an external drive if there is a total internal SSD drive failure. On the other hand, it may be that malware is a bigger threat to your data than a complete SSD failure is.
For pros, it is possible to create a bootable backup - more on that soon - that will work if the internal SSD is not completely failed. As always there's no substitute for a local backup of user data, in addition to frequent cloud backups, and a second Mac. Both Carbon Copy Cloner and Superduper! offer backup automation and non-proprietary file formats.
For casual users, Time Machine + cloud backup will be the simplest strategy. Apple charges top dollar for its cloud storage, but it is easy to use.