Risk
8/27/2010
04:35 PM
Commentary
Commentary
Commentary
50%
50%

Practical Analysis: For SMB Backups, Think Hybrid Technology

Building a system to protect your data can't be a one-size-fits-all endeavor.

InformationWeek Green - Aug. 30. 2010 InformationWeek Green
Download the entire Aug. 30. 2010 issue of SMB, distributed in an all-digital format as part of our Green Initiative
(Registration required.)
We will plant a tree
for each of the first 5,000 downloads.

Michael Davis

Want to grab a small-business owner's attention? Accidentally delete a critical piece of data. Suddenly, backups are cool, and everyone's perusing shiny brochures touting old-school tape, disk-to-disk, cloud-based, and hybrid systems tailored to the needs of small and midsize businesses, while external consultants promise recovery-time objectives shorter than Justin Bieber.

But how do you know what's best for your business?

First, it's unlikely to be a single, uniform system. You have more than one type of data, so expect to remix technology, too. Start by answering some basic questions: Where's the data that needs to be backed up? What type is it? Where should it be stored to minimize the risk of a disaster wiping out the backup? Is the cloud right for your company? And what skills do you have in-house to get all this done?

A common gotcha: Your most critical data probably isn't on your file server. In most SMBs I work with, employees save a lot of important stuff on their hard drives, intending to transfer it to the file server "later." We know how that goes. So before buying any hardware, tweak your business processes to ensure the system you implement actually will back up the data you need to safeguard. The answer could be as simple as a mapped drive or offline file sync or as complex as folder redirection and a VPN.

Next, be realistic about your staff. Disk-to-disk and tape systems require actions be taken, such as shipping disks or tapes off site or changing media if the data being stored exceeds capacity. A system may have all the bells and whistles you can think of, but if it hasn't performed a valid backup in months because someone forgot to do something, you're worse off than before. And cloud-based backups have their own problems--some don't support business applications, like Microsoft Exchange and CRM software.

The last step when building a backup plan is to define the types of data you collect--sales quotes, research stats, CAD drawings--and determine how quickly you need access to each, a process called tiering. Once data is tiered, hybrid backup systems can be tailored to lower cost and risk. Hybrids use more than one type of backup technology to provide a lower overall cost to the business. For example, cloud backups are inexpensive but normally slow to retrieve since you're downloading over the Internet, compared with fast, and expensive, disk to disk. So place the files you need access to quickest during a disaster on the disk-to-disk system and the rest in the cloud.

There are many ways to construct tiers, such as by data type or age. The idea is to match the backup system's attributes--cost, access speed, and reliability--to your data, not the other way around.

Last, and most important, don't rely on IT consultants to manage your backups. They can, and possibly should, install the system for you. But spring for training, and make sure they rig alerts to tell in-house operations people or office managers about problems. Too many times I've seen backup failures fall through the cracks for weeks because the alert was sent to an outside IT consultant who hasn't been on site for months and isn't all that concerned about your data anyway.

Advances in backup technologies over the past few years have reduced costs and are providing better and faster access to data. But don't get caught up in hype--if you aren't protecting what matters, don't have the right staff to support the system, and are piling useless information on expensive storage, all the advances in the world won't help you get back an accidentally deleted file--never mind survive a disaster.

Michael A. Davis is an InformationWeek Analytics and Network Computing contributor and CEO of Savid Technologies, which was recently ranked at 611 in Inc.'s list of 5,000 fastest-growing small businesses in America. You can write to us at iweekletters@techweb.com.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-4497
Published: 2015-08-29
Use-after-free vulnerability in the CanvasRenderingContext2D implementation in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to execute arbitrary code by leveraging improper interaction between resize events and changes to Cascading Style Sheets (CSS) token...

CVE-2015-4498
Published: 2015-08-29
The add-on installation feature in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to bypass an intended user-confirmation requirement by constructing a crafted data: URL and triggering navigation to an arbitrary http: or https: URL at a certain early point i...

CVE-2014-9651
Published: 2015-08-28
Buffer overflow in CHICKEN 4.9.0.x before 4.9.0.2, 4.9.x before 4.9.1, and before 5.0 allows attackers to have unspecified impact via a positive START argument to the "substring-index[-ci] procedures."

CVE-2015-1171
Published: 2015-08-28
Stack-based buffer overflow in GSM SIM Utility (aka SIM Card Editor) 6.6 allows remote attackers to execute arbitrary code via a long entry in a .sms file.

CVE-2015-2987
Published: 2015-08-28
Type74 ED before 4.0 misuses 128-bit ECB encryption for small files, which makes it easier for attackers to obtain plaintext data via differential cryptanalysis of a file with an original length smaller than 128 bits.

Dark Reading Radio
Archived Dark Reading Radio
Another Black Hat is in the books and Dark Reading was there. Join the editors as they share their top stories, biggest lessons, and best conversations from the premier security conference.