Don’t get lost in the Cloud!

A well-thought-out backup and data protection strategy will optimise storage costs, lead to better data organisation and minimise business risks related to IT failure, corporate data loss, or a catastrophic onsite event, which can damage the company’s reputation and result in costly fines.

The IT solution does not need to be expensive nor made to fit a large organisation. In fact, the availability of new turnkey storage solutions are now at price points that many SMEs can afford, enabling them to deploy a very cost-effective, multi-tiered backup and data protection strategy by using onsite, offsite and cloud backup methods.

The bright shiny object in the room right now is cloud backup storage, or commonly referred to as online backup. However, SMEs need to know that they should incorporate online backup carefully and only as part of an overall comprehensive backup and data protection programme.

Before an SME moves data to the cloud for online backup, whether independently or though the work of an integrator, reseller or managed service provider (MSP), they should carefully consider vendors and weigh opportunities versus risk to determine if the cloud could be a practical and safe storage tier.

Additionally, a few technological advancements have made cloud storage more accessible:

· Deduplication has dramatically improved data transfer speed. Deduplication is an intelligent data compression technique for eliminating redundant data prior to transfer and restoring it when it “lands” at a server, data protection appliance, or cloud infrastructure. Thus, data deduplication reduces the bandwidth necessary to perform backups, and many traditional and cloud-based storage vendors incorporate deduplication technology into their storage offerings.

· The cost of online data storage has decreased, primarily because hosting providers’ datacentre and hardware costs have decreased, the deployment of data deduplication technologies, as well as reduction in internet bandwidth costs. As recently as 2006, it would have cost SMBs 8 pounds per gig of data storage, perhaps even more if an SMB worked with a VAR or MSP that would provide additional management services with associated costs. Today, online storage could cost as low as 30 pence per gig of storage! The savings add up as SMBs move more data online.

While there are many cloud storage options, and new technologies paired with more efficient pipes reduce data transfer costs, SMBs and the VARs that service them have several important points to consider in order to make online backup through cloud storage practical. Two of the most important criteria for incorporating cloud storage into an overarching data protection strategy are determining the best process to initially “seed” the cloud and securing the data in the cloud.

Cloud Seeding – When weeks for data transfer won’t do

While deduplication and backup policies reduce the amount of data that needs to be backed up, the initial seed, which is the first full backup of all of a company’s data, is still cumbersome and costly. To do so over the wire, SMBs or their VAR/MSPs will require a significant amount of bandwidth and the process will take a significant amount of time. It is estimated that using a typical DSL Internet connection, it could take SMBs weeks to seed one terabyte (TB) of data.

Not only does this seem like a large amount of time for an initial backup, these data transfer rates also apply to data recovery. If a catastrophic event happened at a company’s site—for example, a web or e-mail server crashed and all data was lost—weeks to restore that data would be completely unacceptable for any small to mid-sized business and could cost the company its entire business.

This challenge is met head‐on by the availability of removable disk devices, which can be used for the first initial backup to the cloud. Copying terabytes of data to onsite removal disk drives and securely shipping them to the online backup or cloud storage provider dramatically reduces the amount of time and bandwidth required to implement a cloud-based data protection solution. Taking full advantage of the data transfer speeds available for local copying can reduce the initial backup time, including shipping, to only one or two days.

In the event of an onsite failure, an SMB’s ability to get back up is only as good as the backup strategies they’ve implemented. Much like initial seeding, downloading data back over the wire can prove to be slow and cumbersome. Again, in a major recovery scenario, removable disk technology can mean the difference between success and failure for a business in that critical, vulnerable position. Most online backup solution providers can restore the required data from the cloud architecture onto removable disk drives and can return those drives to an end user for quick reinstallation.

Cloud Security – Do you know where your data lives?

A cloud based online backup and recovery solution, provided by a reputable and tested vendor, can be the best insurance policy against catastrophic data failure or theft. But SMBs that leave security of their cloud storage providers to chance face far greater risk.

It is essential that an SMB reviews a cloud storage provider’s security policies thoroughly before selecting a vendor. This is where a VAR or MSP would be helpful, serving as a trusted advisor for SMBs, since it’s difficult to truly understand a provider’s security policies and best practices. It’s important to know which questions are right to ask. To begin, there are a few triggers or red flags that signify inadequate security:

· Provider authorisation of or access to an encryption key: The encryption standards that cloud storage providers put in place are essentially ineffective if that provider can simply “reset” the key if a client loses or forgets it. A “back door” to encryption exposes the data to risk in the event that the cloud provider’s systems are hacked. But what if a company does lose the key? Or, since many SMB IT departments are small, what if an IT professional leaves the company with key information? These are common concerns of the SMB. To use online backup and recovery while ensuring the security of data, cloud storage providers could offer encrypted, bio-metric removable storage devices for SMBs to store the encryption key. It’s recommended that no more than two company officials have access to the key.

· Lack of datacentre standards: Cloud storage providers invest heavily in their own datacentres. Recognising the importance of security in the cloud, the EU has created data protection laws and data sovereignty laws which may relate to where the data is stored or transferred, as well as how well this data is protected from a confidentiality aspect.

Data sent to and from the cloud must have built-in protections to ensure a successful journey from the client to the datacentre and back. Encryption is an essential component to data security. An ideal security policy would dictate that data is encrypted on-premise at a company’s site, en route to the cloud storage provider and at rest at the provider’s site. In the case of using removable storage for initial cloud seeding, in addition to applying industry standard encryption, an SMB should ensure that the actual removable drive is packed properly or built for durability to withstand multiple shipments. Many storage vendors now provide removable hard disk drives that are rugged and built for transport.

The opportunity for SMBs

As data volumes increase, so will the pressure for SMB IT departments to ensure backup and recovery of that data. Perhaps considering the expected growing SMB IT spending – as noted by Gartner in its January 2012 Forecast Analysis – online cloud-based backup vendors have taken steps to adopt a solid initial seeding practice for fast initial backups and rapid restores. If a cloud storage provider further passes the security test, SMBs can finally feel comfortable beginning to weave online backup into their data protection strategy to reduce costs and downtime.

Online backup provides a foray into the cloud, satisfying the c-level interest in yielding cost savings while optimising data protection however it is important that the SMB carefully considers the vendor, the MSP and the regulations before diving into the cloud.