Recovery for the rest of us: small and mid-size businesses need to be as diligent as large enterprises in implementing an emergency preparedness agenda - Storage Management

Computer Technology Review, Oct, 2003 by Don Chouinard

While analyzing disaster preparedness and increasing business security is vital to large enterprises, and now mandated in federal agencies, small and midsize businesses lace no lesser risk when data is compromised.

Smart businesses of all sizes consider data one of their greatest assets. Vital information can be lost or compromised by viruses, hackers, computer failures, natural disasters and a variety of other causes. If you are in charge of information security in your company or department, you know that a properly designed data protection plan involves minimizing potential data loss and ensuring that you can quickly and efficiently recover information.

Large enterprises have extensive systems and procedures in place to keep their information safe but small and midsize businesses need to be just as diligent when it comes to business security and disaster preparedness.

implementing Enterprise-Class Data Protection

The hallmarks of enterprise-class data protection are technologies like remote replication and disk mirroring. These technologies create an additional, extremely current copy of data to ensure availability when disaster strikes and to keep data accessible to network users.

Such backup strategies often involve installing a second round of hardware and software that takes over when the first round has been compromised. The cost and complexity of such a system can be prohibitive in all but the largest companies.

Smaller companies can implement similar levels of security by employing effective, but less expensive backup strategies. For these data protection strategies to be effective, they must meet three criteria:

* The backup must be as current as possible

* The backup must be as complete as possible

A copy of the backup media must be kept offsite for safety purposes

Keeping Up With the Backup

Keeping backed-up data current is the first hurdle to clear. It can often be difficult to complete backups in the time allotted, depending on the amount of data that needs to be protected, the media that will be used to hold the backups, and the network topology. Companies frequently make compromises such as backing up only the most important servers, backing up servers less frequently, or not protecting the data on desktop and notebook computers. Most small and midsize businesses automate backups so that they occur nightly to ensure that, at most, only one day of data will be lost. After awhile, the policy about which computers will be backed up, and how frequently they will be backed up, becomes accepted by the organization as a given.

Complete Backups

Ensuring complete backups demands a bit more attention. It is useful to separate the concept of protecting user data from the concept of protecting the computers and applications themselves. The former requires backup and restore software, whereas the later requires disaster recovery software. When these two types of software are used together, complete backups can be performed which allow you to restore the entire computer quickly, to the state it was in before the data loss occurred. These backups must include not just documents, but applications, user settings, and operating system settings.

When data loss occurs due to physical damage to a computer, it can take countless hours of adjustments to restore user settings, applications, application and operating system updates, as well as application and operating system configurations to their previous state--unless you have been diligent about creating disaster recovery CDs regularly. Disaster recovery software collects all of this data from the hard drives and saves it on the backup media. Then after the disaster strikes, disaster recovery CDs can be created from the backup media to quickly restore the entire computer.

Complete backups should also include not just data on servers. A reliable backup strategy must also protect data on desktop and laptop computers, which can contain between 40-80% of vital data in a business. Your backup strategy should automatically protect desktop and notebook computers. Too often companies rely on server-only backups, only to discover that a disaster has wiped out information that is vital to the company's success.

Lastly, 24x7 business-critical applications need to be protected while they are up and running. There are two approaches to accomplishing this goal. The newer, more sophisticated open file backups can take an accurate snapshot of multiple logical volumes simultaneously, thereby performing an accurate backup. This is an improvement over older methods that take snapshots of only a single file at a time, which was not sufficient to protect more robust applications that simultaneously write to several opened files residing on separate logical volumes. The other approach is to use specific agents or add-ons that use the APIs of the 24x7 applications to collect its data while it is up and running. The first approach provides breadth of support for hundreds of 24x7 applications, while the latter provides depth of support for the most popular 24x7 server applications.