Risk
8/27/2010
04:35 PM
Commentary
Commentary
Commentary
50%
50%

Practical Analysis: For SMB Backups, Think Hybrid Technology

Building a system to protect your data can't be a one-size-fits-all endeavor.

InformationWeek Green - Aug. 30. 2010 InformationWeek Green
Download the entire Aug. 30. 2010 issue of SMB, distributed in an all-digital format as part of our Green Initiative
(Registration required.)
We will plant a tree
for each of the first 5,000 downloads.

Michael Davis

Want to grab a small-business owner's attention? Accidentally delete a critical piece of data. Suddenly, backups are cool, and everyone's perusing shiny brochures touting old-school tape, disk-to-disk, cloud-based, and hybrid systems tailored to the needs of small and midsize businesses, while external consultants promise recovery-time objectives shorter than Justin Bieber.

But how do you know what's best for your business?

First, it's unlikely to be a single, uniform system. You have more than one type of data, so expect to remix technology, too. Start by answering some basic questions: Where's the data that needs to be backed up? What type is it? Where should it be stored to minimize the risk of a disaster wiping out the backup? Is the cloud right for your company? And what skills do you have in-house to get all this done?

A common gotcha: Your most critical data probably isn't on your file server. In most SMBs I work with, employees save a lot of important stuff on their hard drives, intending to transfer it to the file server "later." We know how that goes. So before buying any hardware, tweak your business processes to ensure the system you implement actually will back up the data you need to safeguard. The answer could be as simple as a mapped drive or offline file sync or as complex as folder redirection and a VPN.

Next, be realistic about your staff. Disk-to-disk and tape systems require actions be taken, such as shipping disks or tapes off site or changing media if the data being stored exceeds capacity. A system may have all the bells and whistles you can think of, but if it hasn't performed a valid backup in months because someone forgot to do something, you're worse off than before. And cloud-based backups have their own problems--some don't support business applications, like Microsoft Exchange and CRM software.

The last step when building a backup plan is to define the types of data you collect--sales quotes, research stats, CAD drawings--and determine how quickly you need access to each, a process called tiering. Once data is tiered, hybrid backup systems can be tailored to lower cost and risk. Hybrids use more than one type of backup technology to provide a lower overall cost to the business. For example, cloud backups are inexpensive but normally slow to retrieve since you're downloading over the Internet, compared with fast, and expensive, disk to disk. So place the files you need access to quickest during a disaster on the disk-to-disk system and the rest in the cloud.

There are many ways to construct tiers, such as by data type or age. The idea is to match the backup system's attributes--cost, access speed, and reliability--to your data, not the other way around.

Last, and most important, don't rely on IT consultants to manage your backups. They can, and possibly should, install the system for you. But spring for training, and make sure they rig alerts to tell in-house operations people or office managers about problems. Too many times I've seen backup failures fall through the cracks for weeks because the alert was sent to an outside IT consultant who hasn't been on site for months and isn't all that concerned about your data anyway.

Advances in backup technologies over the past few years have reduced costs and are providing better and faster access to data. But don't get caught up in hype--if you aren't protecting what matters, don't have the right staff to support the system, and are piling useless information on expensive storage, all the advances in the world won't help you get back an accidentally deleted file--never mind survive a disaster.

Michael A. Davis is an InformationWeek Analytics and Network Computing contributor and CEO of Savid Technologies, which was recently ranked at 611 in Inc.'s list of 5,000 fastest-growing small businesses in America. You can write to us at iweekletters@techweb.com.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6501
Published: 2015-03-30
The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL injection attacks by creating a file under /tmp with a predictable filename that is used by the get_s...

CVE-2014-9209
Published: 2015-03-30
Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform before 2.71.00 and FactoryTalk View Studio 8.00.00 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.

CVE-2014-9652
Published: 2015-03-30
The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote atta...

CVE-2014-9653
Published: 2015-03-30
readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory ...

CVE-2014-9705
Published: 2015-03-30
Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries.

Dark Reading Radio
Archived Dark Reading Radio
Good hackers--aka security researchers--are worried about the possible legal and professional ramifications of President Obama's new proposed crackdown on cyber criminals.