Home Professionalisms The Top Five Things SMBs Need To Do NOW To Protect Their...

The Top Five Things SMBs Need To Do NOW To Protect Their Data


bits bytes

By Christophe Bertrand, Vice President, Product Marketing for Arcserve

Every organization, large or small, is vulnerable when it comes to data loss and disaster, and threats come in many forms: weather, power outages, computer viruses, data corruption, disk drive faults, and everyone’s favorite – human error. IT life is full of small disasters! Downtime after a data loss or disaster event can be kryptonite to business continuity, so it’s critical for companies to restore full operations and recover their data as quickly as possible. Yet, a recent study done by the Disaster Recovery Preparedness (DRP) Council asserts that three out of four businesses are at risk of failing to recover their IT systems in the event of data loss. (Council, 2015). The question is not if, but when.

The mantra of “if it isn’t broke, don’t fix it” can have serious consequences, and unfortunately small and medium-sized businesses can be even more at risk for damages that can occur from extended recovery times. Limited IT budgets, immature infrastructures and fewer personnel can prevent SMBs from having complete backup and data recovery strategies and IT solutions in the first place, making extended downtime and irreparable financial and reputational damages more likely.

That said, there are five critical steps that SMBs would be wise to take now before the next data loss event strikes:

1. You must understand the essential elements of a complete data protection strategy, and know what the different solutions mean.

In other words, do your homework. If this is your first venture into the world of cloud-based data backup and recovery there is much to learn. Aside from tapping into excellent online resources, you should consider talking to IT colleagues about their experiences with cloud-based data protection. Discuss with them different deployment models (software, appliance, cloud, or a combination), and ask them how easy they were they to deploy and manage. Inquire about what level of recovery performance you can expect, and ask what (if any) were the hidden “gotchas.” It’s always easier to learn from the mistakes of others rather than making the mistake yourself.

2. Prepare to answer the disaster recovery “triad.”

The disaster recovery “triad” involves technology, processes, and people. IT Administrators often make the mistake of spending the majority of their time on the technology, when all pieces of the triad require attention. For successful disaster recovery, processes must be developed that document step-by-step instructions on how to recover applications. Your disaster recovery plan is only as good as the people who are responsible for its execution, therefore the key to success is regular training. In the case of weather-related events or regional disruptions, how does your “IT guy” or “IT gal” get to you? Chances of a successful disaster recovery are greatly improved when you pay attention to the discovery recovery “triad” – technology, processes, and people.

3. Beware of the “gotchas,” and know what it takes to circumvent them.

The “gotchas” come in many forms and are not easy to avoid (which is why they’re called “gotchas”). But with careful preparation and planning, you can avoid as many as possible. Consider the technology you plan to deploy. Ask questions such as:

  • Have you consulted with reference customers to gain their experience?
  • Have you considered all of the necessary SKUs for purchase?
  • Are there any hidden charges?
  • What service or support options should you pick?
  • What are the charges if you want to discontinue service?
  • What happens if your vendor is acquired or goes out of business?

Storing your valuable information in the cloud is a big responsibility, so be prepared to ask your vendor all of the tough questions.

4. Prepare a disaster recovery planning book that lists all of the steps necessary for recovery.

Preparing a thorough disaster recovery planning book is so critical to a successful backup and recovery deployment that it’s worth mentioning again. Consider that a typical disaster recovery deployment is a combination of technology and processes, where a vendor can provide the technology to spin up your virtual machines in the cloud, but you must identify which machines to start. In what order should the machines start? Which network resources (i.e. load balancers, firewalls, DNS, directory/authentication servers) do they access for startup information? These questions must be carefully considered and documented if you want your disaster recovery plan to succeed. Consider working with a Managed Service Provider who can help you greatly in making your plan work, and protecting your data on a daily basis.

5. Evaluate adding a cloud-based solution.

Cloud-based backup and disaster recovery is one of the most innovative and new developments for data protection, and it promises to deliver disaster readiness for organizations of all sizes. In many ways, cloud-related solutions have truly “democratized” Business Continuity and Disaster Recovery. With cloud-based solutions, you have access to compute and storage resources to run applications and store critical information, and are no longer required to hire personnel to rack and configure servers and storage. Simple subscription based pricing puts these resources at your fingertips; ready to scale up and down as your needs require. Options abound ranging from file and folder copy, to backup in the cloud, and to Disaster Recovery in the cloud. Disaster Recovery as a Service (DRaaS) can provide a fantastic option to leverage a co-located recovery resource out of region without having to provide the upfront capital one would require to build a secondary location or data center. Depending on your needs, different cloud-based disaster recovery solutions are available, however you’ll want to ask yourself:

  • Is your goal to completely replace your on-premise data protection solution with a cloud-based solution?
  • Do you want to complement your on-premise backup solution with a cloud copy and discontinue your offsite tape storage practice?
  • Do you want to be capable of running your critical business applications in the cloud in the event of a disaster?

Just like other IT projects you manage, “the devil is in the details” when it comes to cloud-based backup and recovery. While cloud solutions make enterprise-level data recovery possible for SMBs for the first time, there are still numerous considerations that an organization must address to ensure they have comprehensive protection in place for any contingency.

As mentioned before, the good news is that there are also Managed Service Providers (MSPs) who have experience in creating and managing successful disaster recovery plans. Unless you know your in-house applications inside and out, it’s recommended that you seek the services of a disaster recovery professional. Backup and recovery isn’t the same as running your production environment due to the detailed work that is necessary during failover (and failback). The MSP can assist by analyzing your current environment, developing the disaster recovery planning book, and training your IT staff.

More than ever, SMBs are in a great position to significantly improve their data protection and disaster recovery capabilities with a variety of deployment modes and levels of capital investment. The infamous Murphy’s Law will happen: preparedness and planning is the best way to mitigate its consequences. With today’s wide array of solutions, every business can benefit from enterprise-class disaster recovery.


bertrand, christophe


Christophe Bertrand is the vice president of Product Marketing at Arcserve. He joined the Data Management division at CA Technologies, now the independent Arcserve company, to lead Product Marketing and launch the award-winning Arcserve Unified Data Protection (UDP) solution. With more than 20 years in the data storage and protection space, Christophe enjoys sharing his knowledge and best practices worldwide.