Risk
8/27/2010
04:35 PM
Commentary
Commentary
Commentary
50%
50%

Practical Analysis: For SMB Backups, Think Hybrid Technology

Building a system to protect your data can't be a one-size-fits-all endeavor.

InformationWeek Green - Aug. 30. 2010 InformationWeek Green
Download the entire Aug. 30. 2010 issue of SMB, distributed in an all-digital format as part of our Green Initiative
(Registration required.)
We will plant a tree
for each of the first 5,000 downloads.

Michael Davis

Want to grab a small-business owner's attention? Accidentally delete a critical piece of data. Suddenly, backups are cool, and everyone's perusing shiny brochures touting old-school tape, disk-to-disk, cloud-based, and hybrid systems tailored to the needs of small and midsize businesses, while external consultants promise recovery-time objectives shorter than Justin Bieber.

But how do you know what's best for your business?

First, it's unlikely to be a single, uniform system. You have more than one type of data, so expect to remix technology, too. Start by answering some basic questions: Where's the data that needs to be backed up? What type is it? Where should it be stored to minimize the risk of a disaster wiping out the backup? Is the cloud right for your company? And what skills do you have in-house to get all this done?

A common gotcha: Your most critical data probably isn't on your file server. In most SMBs I work with, employees save a lot of important stuff on their hard drives, intending to transfer it to the file server "later." We know how that goes. So before buying any hardware, tweak your business processes to ensure the system you implement actually will back up the data you need to safeguard. The answer could be as simple as a mapped drive or offline file sync or as complex as folder redirection and a VPN.

Next, be realistic about your staff. Disk-to-disk and tape systems require actions be taken, such as shipping disks or tapes off site or changing media if the data being stored exceeds capacity. A system may have all the bells and whistles you can think of, but if it hasn't performed a valid backup in months because someone forgot to do something, you're worse off than before. And cloud-based backups have their own problems--some don't support business applications, like Microsoft Exchange and CRM software.

The last step when building a backup plan is to define the types of data you collect--sales quotes, research stats, CAD drawings--and determine how quickly you need access to each, a process called tiering. Once data is tiered, hybrid backup systems can be tailored to lower cost and risk. Hybrids use more than one type of backup technology to provide a lower overall cost to the business. For example, cloud backups are inexpensive but normally slow to retrieve since you're downloading over the Internet, compared with fast, and expensive, disk to disk. So place the files you need access to quickest during a disaster on the disk-to-disk system and the rest in the cloud.

There are many ways to construct tiers, such as by data type or age. The idea is to match the backup system's attributes--cost, access speed, and reliability--to your data, not the other way around.

Last, and most important, don't rely on IT consultants to manage your backups. They can, and possibly should, install the system for you. But spring for training, and make sure they rig alerts to tell in-house operations people or office managers about problems. Too many times I've seen backup failures fall through the cracks for weeks because the alert was sent to an outside IT consultant who hasn't been on site for months and isn't all that concerned about your data anyway.

Advances in backup technologies over the past few years have reduced costs and are providing better and faster access to data. But don't get caught up in hype--if you aren't protecting what matters, don't have the right staff to support the system, and are piling useless information on expensive storage, all the advances in the world won't help you get back an accidentally deleted file--never mind survive a disaster.

Michael A. Davis is an InformationWeek Analytics and Network Computing contributor and CEO of Savid Technologies, which was recently ranked at 611 in Inc.'s list of 5,000 fastest-growing small businesses in America. You can write to us at [email protected].

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
Dark Reading Strategic Security Report: The Impact of Enterprise Data Breaches
Dark Reading Strategic Security Report: The Impact of Enterprise Data Breaches
Social engineering, ransomware, and other sophisticated exploits are leading to new IT security compromises every day. Dark Reading's 2016 Strategic Security Survey polled 300 IT and security professionals to get information on breach incidents, the fallout they caused, and how recent events are shaping preparations for inevitable attacks in the coming year. Download this report to get a look at data from the survey and to find out what a breach might mean for your organization.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Security researchers are finding that there's a growing market for the vulnerabilities they discover and persistent conundrum as to the right way to disclose them. Dark Reading editors will speak to experts -- Veracode CTO and co-founder Chris Wysopal and HackerOne co-founder and CTO Alex Rice -- about bug bounties and the expanding market for zero-day security vulnerabilities.