Risk
8/27/2010
04:35 PM
Commentary
Commentary
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Practical Analysis: For SMB Backups, Think Hybrid Technology

Building a system to protect your data can't be a one-size-fits-all endeavor.

InformationWeek Green - Aug. 30. 2010 InformationWeek Green
Download the entire Aug. 30. 2010 issue of SMB, distributed in an all-digital format as part of our Green Initiative
(Registration required.)
We will plant a tree
for each of the first 5,000 downloads.

Michael Davis

Want to grab a small-business owner's attention? Accidentally delete a critical piece of data. Suddenly, backups are cool, and everyone's perusing shiny brochures touting old-school tape, disk-to-disk, cloud-based, and hybrid systems tailored to the needs of small and midsize businesses, while external consultants promise recovery-time objectives shorter than Justin Bieber.

But how do you know what's best for your business?

First, it's unlikely to be a single, uniform system. You have more than one type of data, so expect to remix technology, too. Start by answering some basic questions: Where's the data that needs to be backed up? What type is it? Where should it be stored to minimize the risk of a disaster wiping out the backup? Is the cloud right for your company? And what skills do you have in-house to get all this done?

A common gotcha: Your most critical data probably isn't on your file server. In most SMBs I work with, employees save a lot of important stuff on their hard drives, intending to transfer it to the file server "later." We know how that goes. So before buying any hardware, tweak your business processes to ensure the system you implement actually will back up the data you need to safeguard. The answer could be as simple as a mapped drive or offline file sync or as complex as folder redirection and a VPN.

Next, be realistic about your staff. Disk-to-disk and tape systems require actions be taken, such as shipping disks or tapes off site or changing media if the data being stored exceeds capacity. A system may have all the bells and whistles you can think of, but if it hasn't performed a valid backup in months because someone forgot to do something, you're worse off than before. And cloud-based backups have their own problems--some don't support business applications, like Microsoft Exchange and CRM software.

The last step when building a backup plan is to define the types of data you collect--sales quotes, research stats, CAD drawings--and determine how quickly you need access to each, a process called tiering. Once data is tiered, hybrid backup systems can be tailored to lower cost and risk. Hybrids use more than one type of backup technology to provide a lower overall cost to the business. For example, cloud backups are inexpensive but normally slow to retrieve since you're downloading over the Internet, compared with fast, and expensive, disk to disk. So place the files you need access to quickest during a disaster on the disk-to-disk system and the rest in the cloud.

There are many ways to construct tiers, such as by data type or age. The idea is to match the backup system's attributes--cost, access speed, and reliability--to your data, not the other way around.

Last, and most important, don't rely on IT consultants to manage your backups. They can, and possibly should, install the system for you. But spring for training, and make sure they rig alerts to tell in-house operations people or office managers about problems. Too many times I've seen backup failures fall through the cracks for weeks because the alert was sent to an outside IT consultant who hasn't been on site for months and isn't all that concerned about your data anyway.

Advances in backup technologies over the past few years have reduced costs and are providing better and faster access to data. But don't get caught up in hype--if you aren't protecting what matters, don't have the right staff to support the system, and are piling useless information on expensive storage, all the advances in the world won't help you get back an accidentally deleted file--never mind survive a disaster.

Michael A. Davis is an InformationWeek Analytics and Network Computing contributor and CEO of Savid Technologies, which was recently ranked at 611 in Inc.'s list of 5,000 fastest-growing small businesses in America. You can write to us at iweekletters@techweb.com.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1544
Published: 2014-07-23
Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger cer...

CVE-2014-1547
Published: 2014-07-23
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2014-1548
Published: 2014-07-23
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2014-1549
Published: 2014-07-23
The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not properly allocate Web Audio buffer memory, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and applica...

CVE-2014-1550
Published: 2014-07-23
Use-after-free vulnerability in the MediaInputPort class in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging incorrect Web Audio control-message ordering.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.