Small businesses cannot afford to do without a solid backup strategy. However, there are several options to choose from.
Although backup planning is almost always discussed in the context of large enterprises, backups are just as important – perhaps even more so – for small businesses. After all, a major loss of data could not only harm a small business, it could even mean its ruin.
Every small business should take the time to think about how best to protect its data and put a solid backup plan into practice. Choosing a particular backup solution is only part of the strategy. There are currently many competing backup products and numerous vendors available, all claiming to be the best.
Rather than selecting a backup product and then configuring it to protect the company’s data, it is better to first develop a comprehensive backup strategy for the small business. The next step is to analyse which products best fit this strategy.
Planning a Backup Strategy
In order to ensure that sensitive data are adequately protected, there should in principle be three copies of the data. The first copy is not really a copy: it is the production data that is used daily. The second copy is the actual backup, which is kept locally on site. And the third copy is the external backup – quasi the backup of the backup that should be stored at a remote location.
There are several reasons why two different backup copies are needed. The first reason is redundancy. If one backup copy is broken or unreadable on site for some reason – because of a bad copy, memory failure or a similar problem – you can fall back on a second backup copy.
The second reason: The external backup copy is an emergency backup for the worst case. It ensures that a copy of the data is retained in the event of a disaster, for example in the event of fire or flood. It is also possible that a backup copy may be destroyed on site due to human factors such as theft or vandalism. For example, if a company is attacked by ransomware, the virus can destroy the on-site backup. A detached, external copy provides a way to get the data back without having to pay the ransom.
And there is a third reason for a second backup copy: an on-site copy gives you the ability to quickly restore data if necessary. If one would only keep an externally stored backup, restoring this external backup copy would take much longer.
Selection of a media type
When planning a backup strategy for small businesses, it is important to decide what type of backup media to use for both on-site and off-site backups.
Magnetic tapes have been used for decades for data backup and are still a good way to store large amounts of data over the long term. Under the right storage conditions, magnetic tapes can be archived for many years. In addition, the tapes can be stored easily and above all inexpensively.
However, the classic tape is not as popular today as it was in the past – in part wrongly so. Tape backups have the advantage that they are relatively inexpensive and reliable. Another advantage is that as soon as a tape is ejected from the drive, it is disconnected from the system. A ransomware attack would therefore not affect the data stored on an ejected tape.
The disadvantage of using tape is that it does not work well with data that changes frequently. Usually only one tape backup is made per night, so the latest data is always left unprotected. You also need to find a safe place to store the tapes to prevent data theft or vandalism.
The most common medium in today’s backup strategy for small businesses are portable hard drives as a backup target. This backup medium has similar advantages and disadvantages as tape. They are inexpensive, relatively fast, easy to store and transport and generally more convenient than lower capacity removable media such as optical discs. However, hard disks are usually more expensive than magnetic tapes and – unlike tape – do not survive a fall from a great height. So you should handle them very carefully.
Another problem is the frequency of backups. Here Continuous Data Protection (CDP) is recommended. CDP is a method of continuous data protection. It continuously backs up data to a number of hard disks within a backup server or appliance. CDP backups are performed continuously so that the latest data is protected. However, the drawbacks are that CDP backups are more complex than simple tape or portable disk backups, are not portable, and are very expensive. Since CDP backups are not portable, it is common practice to copy backup data to tape or the cloud for offsite storage. This increases the level of protection, but also increases the cost and complexity of the backup.
Off to the cloud?
Another popular option of a backup strategy for small businesses is cloud backup. Cloud backups are reliable, but they are not suitable for backing up large amounts of data. This is because the cost of transferring and storing data rises exorbitantly as data volumes increase. In addition, the relatively low Internet bandwidths can make backing up or restoring data from the cloud impractical – especially if the data volumes are very large. For these reasons, many companies only use the cloud as a secondary backup.
In purely physical terms, virtual outsourcing of data to the cloud is the safest way to back up data – but this also depends on basic confidence in data security and compliance with security standards. With a cloud backup, a company puts the responsibility for data protection in someone else’s hands. This appears to be convenient because of the convenient automatic updates as well as from a cost and efficiency point of view. In times of proven industrial espionage, however, a company should consider this step carefully – and check conditions, security standards and evaluations.
Nevertheless, cloud backup products aimed at small businesses are an attractive security option. They are often designed for people with minimal technical experience and can be a good choice especially in companies with limited IT resources.
Small businesses need to be aware of their own data protection needs and choose a product accordingly. You should consider how often data needs to be backed up, how quickly data needs to be restored – and most importantly: what a company can afford.