Risk
8/27/2010
05:40 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

For SMBs, Data Protection Is A Virtual Affair

Think you can't afford BC/DR to rival enterprise-class systems? If you have x86 virtualization installed, you might be surprised.

InformationWeek Green - Aug. 30. 2010 InformationWeek Green
Download the entire Aug. 30. 2010 issue of SMB, distributed in an all-digital format as part of our Green Initiative
(Registration required.)
We will plant a tree
for each of the first 5,000 downloads.

What's your best-case scenario for getting back to normal after a worst-case disaster? We first polled small and midsize businesses on that subject back in January 2008; when we revisited our survey, in May, we found there's been some improvement. In 2008, 23% could get mission-critical apps back up in four hours or less. Today, it's up to 33%, based on our InformationWeek Analytics survey of nearly 400 business technology professionals from companies with 1,000 or fewer employees.

Other key changes: In 2010, 62% have business continuity/disaster recovery systems in place compared with 55% in 2008. Consolidation has increased; today, 52% are completely centralized, with one main HQ and no branch sites, compared with 44% in 2008. And the number of businesses backing up to tapes that are taken off site dropped a full 16 points, from 63% in 2008 to 47% in 2010. Use of online backup services posted the single biggest gain, up 10 points.

One head-scratcher: The number of survey respondents who say their organizations are accountable to one or more government or industry regulations fell in every area, sometimes dramatically. Given the state-level laws that have come on the books since 2008, this is wishful thinking on a massive scale, even for small businesses.

Putting a formal business continuity/disaster recovery plan in place and testing it properly costs money, and that's tough to come by nowadays. So to what do we owe improvement in BC/DR? The introduction of new technologies, notably cloud-based storage services, and the maturation of others, like server virtualization and data deduplication, have made effective disaster recovery accessible to a wider swath of businesses than ever before.

Widespread use of x86 server vitalization has had the most beneficial effect on the disaster recovery process. An obvious impact is a reduction in the number of physical servers that have to be provisioned, powered, and maintained at a DR location. A few years ago, even the smallest site would have had a dedicated server for each application that needed to be recovered quickly. But now, a single virtual server host can handle multiple applications. It's not only that SMBs can save money on hardware. The reduced size, power, and cooling footprint of a small blade chassis running several virtual server hosts means that branch offices and co-location centers become potential DR sites. That's especially important for small businesses; when we asked respondents to describe their DR setups, the No. 1 answer (with 28%) was another data center or office within the organization. Just 7% use a specialized co-location provider, such as SunGard--down from 14% in 2008.

To read the rest of the article,
Download the August 30, 2010 InformationWeek SMB digital supplement


Small Favors: Technology Advances SMBs' BC/DR Plans

Subscribe and get our full report on SMB BC/DR. This report includes 40 pages of action-oriented analysis, packed with 24 charts.

What you'll find:
  • A game plan for prioritizing your data protection efforts.
  • An in-depth discussion of DR site options
  • Synchronous, asynchronous, or snapshot? We help you decide
Get This And All Our Reports

Comment  | 
Email This  | 
Print  | 
RSS
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
All Videos
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0485
Published: 2014-09-02
S3QL 1.18.1 and earlier uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object in (1) common.py or (2) local.py in backends/.

CVE-2014-3861
Published: 2014-09-02
Cross-site scripting (XSS) vulnerability in CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted reference element within a nonXMLBody element.

CVE-2014-3862
Published: 2014-09-02
CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to discover potentially sensitive URLs via a crafted reference element that triggers creation of an IMG element with an arbitrary URL in its SRC attribute, leading to information disclosure in a Referer log.

CVE-2014-5076
Published: 2014-09-02
The La Banque Postale application before 3.2.6 for Android does not prevent the launching of an activity by a component of another application, which allows attackers to obtain sensitive cached banking information via crafted intents, as demonstrated by the drozer framework.

CVE-2014-5136
Published: 2014-09-02
Cross-site scripting (XSS) vulnerability in Innovative Interfaces Sierra Library Services Platform 1.2_3 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.
UPCOMING!
Wednesday, September 3, 1pm EDT

The Best of the Rest of Black Hat: The Best for Last?
FULL SCHEDULE | ARCHIVED SHOWS