The role of CDP for SMBs

Now that affordable implementations of continuous data protection (CDP) are available, SMBs can take advantage of technology that was once available only to larger enterprises with big IT budgets.

By Heidi Biggar

Good things often do come in small packages, but for small and medium-sized businesses (SMBs) this hasn’t always been the case for data-protection solutions. For years, small organizations—particularly those with limited or no designated IT resources—have struggled to find products that enable them to easily and cost-effectively protect their data while meeting regulatory requirements.

As a result, many SMBs have either ended up implementing data-protection solutions that have been too big for their environments, with the hope that they will grow into them, or implementing solutions that have been grossly inadequate given today’s increasingly demanding business climate. And, as unwise as it may seem, still others have had no real data-protection strategies in place, putting their critical business applications and data at potentially significant risk in the event of a corruption, virus attack, or some type of regulatory or legal inquiry.

According to ESG Research, 79% of SMBs said they could tolerate 24 hours or less of downtime before they experience significant revenue loss or other adverse business impacts, while 31% said they had a window of tolerance of between one and four hours (see figure). ESG expects this window to continue to decrease as data volumes grow for this class of user and data becomes an increasingly critical asset of their day-to-day operations.

The bottom line is that it’s not the size of the organization that determines the value of the data that is generated. Mission-critical data is mission-critical data regardless of what size company produces it, and it deserves appropriate protection. That said, SMBs face a number of different challenges that larger organizations don’t (and vice versa), which necessitates some key differences in data-protection strategies.

Data protection for SMBs

Fundamental realities
There are three fundamental realities facing SMBs today: 1) They are generating a lot more data than ever before, and there is no end in sight to this growth; 2) the value of the data they are generating continues to mount; and 3) they are becoming more aware of the need to protect their data resources or face significant business risk.

Increasing data volumes: The size of primary and secondary data volumes today rivals the data volumes of significantly larger organizations just a few years ago, and these volumes are increasing steadily. According to ESG Research, more than one-third of SMBs report 28% growth per year. ESG expects digital content growth alone to have a 50% or higher CAGR for the next five years;

Increasing importance of data: It’s not just the size of the backup volumes that has increased, but the value of the data that is being generated. As the value of data increases, tolerance for application downtime also decreases. The opportunity cost associated with a loss of data never diminishes-it only increases. As volume grows, opportunity cost and probability of failure increase;

Increasing awareness of the need to protect data: SMBs are getting the message that when it comes to the data that drives their business, what is worth having is worth protecting. However, there are fundamental changes that need to be made to their data-protection practices. Doing incremental backups nightly and full backups weekly is often no longer adequate-and it requires people and dollars that SMBs often don’t have. New disk-based backup options provide better data protection from both a backup (i.e., getting backup jobs done in allotted windows) and a recovery (i.e., being able to recover data quick enough in a restore situation to minimize downtime and potential data loss) perspective.

Fundamental challenges

Many SMBs still rely on traditional tape-based products for data protection. The problem is that these products generally fail to address three persistent backup-and-recovery challenges: shrinking backup windows, data-protection gaps, and long recovery times.

Shrinking backup-and-recovery windows: Over the past couple of years, ESG survey respondents have spoken loudly and clearly: When it comes to data protection, time is definitely not on their side, especially as data volumes increase. In fact, the biggest data-protection challenge among SMBs is getting backup jobs completed in allotted windows. There simply aren’t enough hours in a day to back up all data to traditional tape-based targets, especially when SMBs are being asked to keep applications up and running for longer periods of time. SMBs are equally pressed when it comes to recoveries. As illustrated in the figure, SMBs’ tolerance for downtime is shrinking. Like larger organizations, they are being asked to recover data faster and with less potential data loss;

Troubling data-protection gaps: While SMBs recognize the inherent value of their business applications and associated data, for many there’s still an apparent disconnect between the perceived value of that data and the frequency with which they currently back up their systems, although this is changing. ESG Research found that more than one-third of SMBs two years ago either knew or worried that their current backup schedules did not provide an adequate level of protection against loss and as a result were looking to increase the frequency with which they backed up (see figure, below).

Click here to enlarge image

Other ESG Research shows that both large and small organizations are looking for data-protection technologies that further speed the backup process and, equally important, allow for faster restores. Again, the cost of downtime is driving the need for both faster backup and restore;

Shortcomings of legacy technology: As data-protection demands on SMBs increase, the shortcomings of traditional tape-based backup and recovery become more apparent. SMBs report problems with both backup-and-recovery performance, reliability issues (due to media failure, human error, and hardware failure), tape management headaches, and high administrative costs. Nearly 25% of SMB users in our research reported that at least 20% of their tape-based backup operations failed, and a slightly higher percentage (26%) said that 20% or more of their recovery attempts failed. Translate these losses into dollars lost, and the impact is potentially devastating to SMBs

New options for SMBs

Disk offers new hope
The face of data protection is changing for SMBs just as it as has for larger organizations. A number of current business realities, including business continuity and disaster-recovery concerns, regulatory compliance requirements, information security threats, and growing data volumes, are putting increasing pressure on SMBs to change traditional data-protection behaviors or mindsets.

The scale of the recovery operation may be different between SMBs and larger organizations, but the need to recover data quickly and efficiently to meet recovery point objectives (RPOs) and recovery time objectives (RTOs) is becoming just as critical for SMBs as it is for larger organizations. And as they have in the enterprise world, disk-based data solutions—including virtual tape libraries (VTLs), disk-based targets, snapshots, and continuous data protection (CDP)—are playing an increasingly important, and prevalent, role in protecting SMB environments.

The problem is that many SMBs still think of data protection in traditional backup (i.e., backup to tape), not recovery, terms and, importantly, most major vendors think of SMBs as an extension of the enterprise and attempt to retrofit enterprise solutions to SMB environments-often with only marginal success.

SMBs, like larger organizations, are looking to disk-based data-protection solutions because they can significantly help them improve performance, reliability, and people utilization (by reducing or even eliminating the amount of tape handling that is still required). But SMBs are also looking for solutions that meet a number of other criteria, including

Easy to use: Is the solution plug-and-play, user-friendly, easy to use? SMB users are significantly more likely than their enterprise counterparts to cite technical (as opposed to business or financial) considerations as reasons for not considering implementing various IT technologies, including disk-based data protection. Also, SMBs share a common trait with larger enterprises in that they also tend to address the hottest, most visible issue of the day and as such, longer-term and more-strategic issues such as data protection tend to be put at the end of the list. They simply don’t have the personnel or expertise to handle multiple IT initiatives at the same time—and the perception of the user community is that backup-and-recovery “fixes” are complex, costly, and time-consuming;

Non-disruptive: SMBs are looking for disk-based solutions that can be added to the existing data-protection environment or implemented by the first-time data-protection customer with little or no fanfare. SMBs want data-protection solutions that support existing business applications and systems that don’t require any significant changes in procedures, and that have no impact on the existing network or applications;

Low cost: SMBs are wary of the capital investment requirement for data-protection solutions. Across all disk-to-disk backup/recovery technologies, SMBs state cost as the number-one barrier to deploying new solutions. In particular, they are wary of the capital investment required to add the new secondary disk capacity necessary for growing data stores.

The role of CDP

Thanks to the advent of disk-based backup technologies and a number of other underlying factors (e.g., growing data volumes, increased regulatory scrutiny, etc.), data protection isn’t just about backup anymore; it’s also about recovery. After all, what is the point of backing up data if you can’t recover it fully and in an appropriate timeframe when you need to? Disk-based technologies such as CDP make this possible for SMBs.

Click here to enlarge image

CDP is one of what ESG describes as a “continuum” of data-protection technologies. ESG views CDP as both an RTO and an RPO enhancer (see “Key definitions for SMBs,” below).

The beauty of CDP technology is that it allows users to restore or recreate data, at very granular levels, to virtually any point in time. Should a file become corrupted or be accidentally deleted, CDP allows the user to roll back to a point in time before the deletion or corruption occurred. CDP means that, instead of waiting to recover last night’s—or last week’s-information, SMBs can recover from minutes ago. When this technology is applied as part of a solution that is “set and forget,” the SMB can bring its data-protection strategy to a whole new plane—one that even some of the larger enterprises are not capable of doing. If an SMB can not only dramatically improve its recovery abilities, but also automate those abilities such that it no longer has to spend time and energy on them, at least one major headache and risk goes away.

Although CDP technology is being integrated into leading vendors’ backup-and-recovery software, it is also available as a storage service and in stand-alone appliances, which are designed to be plug-and-play additions to SMB environments. Some features that SMBs should consider when they are evaluating CDP products are onboard encryption, open-file backup, incremental backup, versioning (in addition to instant recovery), hands-free off-site backup, network throttling features (for sending data to a collocation facility), user-based recovery, and flexible policies. Prioritizing your requirements is a good first step, as you want a product that gives you what you want and not one that forces you to accept what a vendor considers important.

For years, SMBs have been trying to make enterprise-class backup-and-recovery products work in their environments. But SMBs are a distinct class of users with a distinct set of requirements. Just as no amount of forcing makes a square peg fit into a round hole, no amount of retrofitting makes enterprise-class products appropriate for SMBs.

With the advent of disk-based backup/recovery, a variety of new technologies have hit the market. For SMBs, this means new choices-ones that can help them meet their specific requirements without breaking the bank or, importantly, driving IT complexity through the ceiling.

CDP is a technology that will become mainstream within every facet of IT. The proper packaging of the technology, delivered as an appliance, gives SMBs plug-and-play usability and RTO and RPO of near-zero. Now, that’s proof that good things do come in small packages.

Heidi Biggar is a storage analyst at the Enterprise Strategy Group.

Key definitions for SMBs

Recovery time objective (RTO): A measurement of how quickly data needs to be restored in the event of an outage or some type of disaster. In other words, the amount of the time an organization can be without data (e.g., minutes, hours, days, weeks, etc.).

Recovery point objective (RPO): The point in time to which data is restored should an outage or some type of disaster occur. It’s the amount of data loss (e.g., 15 minutes’ worth, an hour’s worth, two days’ worth, etc.) an organization can tolerate.

Click here to enlarge image

Generally, RTOs and RPOs increase as data ages. But for SMBs that want to ensure all data is protected at all times-and want minimal hands-on administration, etc.-CDP can be applied to all points of the 3 DR data-protection continuum, as shown in the figure.

DR is an ESG construct that describes the ability and efficiency of data recovery within an organization. 1 DR (data recovery) assumes that local disk-based devices are used to house data that is statistically more likely to require a recovery operation. In a perfect world, all recovery operations would occur at this stage. 2 DR (disaster recovery) implies a second (or third, etc.) set of disk-based devices that house recoverable data outside the main facility. This data may be less granular than 1 DR data in terms of RPOs, but access and availability are online. 3 DR (doomsday recovery) is the worst-case scenario and is based on offline media, typically tape, vaulted somewhere for deep archive.

This article was originally published on April 01, 2007