Protecting against catastrophic data loss: five things small to midsize businesses need to know

If you've been thinking that it's time to do something to bullet-proof your small-to-midsize business's critical data and systems - such as financial transactions, patient records or your email and Web retail storefront - you've been thinking right.

The causes and instances of data loss are much more commonplace than you might think - it's rarely an act of God. In fact, it's usually just an easily corrected system or user error, if you've protected your data correctly. The most common causes of data loss are hardware or system malfunction, human error, software corruption and computer viruses.

Breece Hill has provided a list of five things small to midsize businesses need to know about data protection:

1. Backup often and wisely
Market research firm Gartner says that less than 1 percent of small businesses perform daily backups, and Enterprise Strategy Group analyst Peter Gerr says that backup is always at the top of business concerns - it either takes too long, or users can't verify that it's actually working. Backing up everything on a daily basis can be extremely costly and time-consuming, so it's important to identify only the data that changes. For the average business, the percentage of data that changes daily is somewhere between 2-5 percent.

For example, a graphic arts agency that develops intricate print designs and continuously backs up large image files, page layouts and video work will quickly break the bank on storage hardware alone. By implementing a backup function that's able to sense changes reasonably well and back up just those files that have been altered, the business is protected at far less cost.

On the other hand, a specialty manufacturer of high-end audio products may only need to backup once a day, but will require it to be a bullet-proofed backup. While the rate of change is slow, each order is vitally important to the business.

2. Prioritise data for disaster recovery
Another aspect to backing up data is making sure that the systems and data your business absolutely needs will be there in the case of a disaster. This means that you need to look at your overall data picture, and decide what's critical, what's important, and what you can do without. It's critical that an online retailer keep its Web store up and running, but it can do without the contactor its print services, at least for awhile.

So the next step is to prioritise each system and its related data - key systems for most small businesses include e-mail, telephones, databases, file servers and Web servers. Typically, systems are prioritised into three categories that require differing levels of recovery time, from zero to days: redundant (immediately), highly available (minutes to hours), and backed up (four hours to days).

3. Archive important data for the long term
Now it's time to consider your data archive. First, you'll need to figure out how long to keep data. Federal and state regulations and policies dictating the length of time that your data must be retained vary by state, and can be anywhere from seven years for equity or stock transaction records, to 17 years for certain HIPAA regulations, and up to the life of a patient for others.

Government contractors or companies working with government contractors, face other requirements, including the type of media used. Optical disk, for example, can survive the electrical pulse that follows nuclear war. But in most other cases, it's simply important to choose a system and/or storage location that will achieve your company's needs. But remember, penalties for non-compliance with data retention requirements are stiff.

If you're going to have to keep data for twenty years or more, you'll need to identify a physical storage location. Some businesses will choose a full-service company such as Iron Mountain, that picks up, stores and delivers data when it's needed.

4. It's smart to comply now
There's been a lot of buzz in business and industry media recently about "compliance." What it really means for the small business is that you'd better know what regulations affect your business, and what that means for your data storage system.

Some of the most important recent regulations to affect the small-to-midsize business include the Sarbanes-Oxley Act (SOX), which has implications for financial reporting, and the Health Insurance and Portability and Accountability Act (HIPAA), which applies to the maintenance, security and storage of health care records. There are also a variety of human resources-related regulations applicable to programs like worker's compensation at the state level, and payroll regulations such as the Federal Insurance and Contributions Act (FICA) at the national level.

Compliance requirements are tightening across the board. For example, if your business sells bolts to Lockheed Martin, you may be required to comply with stricter Department of Defense regulations for military contractors. The same is true for independent broker/dealers and the Securities and Exchange Commission, service providers to major utilities and Homeland Security regulations, as well as small-to-midsize businesses and local, state and federal regulations of all shades.

5. How to store data cost-effectively and easily
Most small-to-midsize businesses don't have available IT resources to set-up and manage a storage solution, so it's important to work with a value-added reseller that understands your business. It's also important that the solution fit easily into your company's existing system, and is as manageable and turn-key as possible.

Over the long run, most mid-size businesses are better off buying an integrated solution. The upfront cost may be a bit more, but in the long run, the time, money and effort spent on a custom, or "home-grown" solution will be far greater. Not only will you need a professional to install it, but they'll need to help maintain and tune it as well.

Today, there are all-in-one storage appliances that include integrated disk for short-term backups and archiving; tape for long-term archiving; as well as the software and server components that help to prioritise and store data appropriately.

www.breecehill.com

•Date: 1st July 2005 •Region: US/World •Type: Article •Topic: IT continuity
Rate this article or make a comment - click here