IT data protection for SMBs

Although often smaller in scale and capacity, the IT needs of small and medium-sized businesses (SMBs) are undergoing many of the same shifts and unpredictable pressures as larger organisations.

They are faced with more demanding business users and increasingly complex infrastructure requirements, while simultaneously being asked to reduce costs. All of this they must do without specialised expertise in storage infrastructure.

This piece sets out the challenges and the solutions that SMBs should consider when moving towards more efficient IT data protection and storage.

Falling into a consumer mindset

It is said that SMBs can often fall into a "consumer mindset" when considering their data protection requirements.

However, unlike with personal home computers, it is not appropriate for businesses to simply rely on Windows firewall to guard against unwanted intrusion, and use free versions of anti-virus, anti-spyware and malware protection that are activated infrequently.

PCs, laptops, tablets and smartphones used for business - no matter how small the organisation - need much better protection, since they carry critical data that needs to be actively and continually defended.

The data on these business tools may store business and product plans and/or customers financial information and account details. This information requires an end-to-end security solution that includes data protection, access control and authentication.

Data security not just for the big boys

However, many SMBs are concerned about the cost, complexity and lack of internal skills to choose, deploy and manage their own data protection and data storage systems.

"The days when small and mid-size businesses were just burning DVDs from time to time to protect their data are over," said IT analyst firm IDC. "Today's SMBs are more IT savvy than 10 years ago, and many of them are concerned as much as large enterprises about protecting their data in an organized and comprehensive way."

Data backup and replication

As a result, according to IDC, SMBs are increasingly adopting technologies like data replication - including hosted services in the cloud - or disk-to-disk-to-tape backup, previously only seen in enterprise data centres.

IDC said, "Of course SMBs are not ready to adopt enterprise-scale products that might be too complicated and expensive and which over-deliver. They are looking for solutions appropriate to their needs, which won't require significant financial and human resources to acquire, deploy and manage."

The research firm also said that the majority of SMBs can often put several methods of data protection in place, with the number of methods increasing as the size of the firm increases. Backup to tape/removable media and disk are the leading methods, but it says data replication - mirror images of data stored on different servers as a backup - is quickly gaining traction among SMBs.

Cloud-based hosted data protection services are also being adopted, but "cautiously".

Overall, according to the analyst, when selecting a data protection solution, small-sized businesses are especially concerned about ease of use, given their limited IT support resources. Medium-sized businesses, on the other hand, care more about product functionality and seamless integration.

Online backup, remote replication, and continuous data protection (CDP) are the top three methods small businesses are interested in implementing, while for medium-sized firms, the biggest potential gainers include remote replication and CDP, as well as virtual tape library (VTL) and online replication, said IDC.

That said, when it comes to data protection for SMBs, the main barrier for adoption is price. SMBs typically have limited resources and many still think that strong security is something only larger enterprises can afford. However, new types of security suites are now available that are specifically designed to fit into SMBs' budgets.

Data security areas that need to be addressed by SMBs

Data protection on personal devices and servers:

Encryption is the most common technology used to address this area. There are two main forms of encryption - full-disk encryption (FDE) or file/folder encryption.

FDE systems encrypt the entire hard drive, so only those with the encryption key can access the data on the drive. Additional data protection technologies include data backup systems to ensure information is not lost, firewalls, anti-virus, anti-spyware software and malware protection systems.

Access control:

Making sure that the people accessing data should be allowed to do this is something that is often overlooked by SMBs. Giving access to information to employees that don't need it in order to do their jobs can create security issues.

Systems that deliver improved access control include virtual private networks (VPN), which only allow approved users to specific areas of a data network, or single sign-on or password management systems to restrict access to portions of a website, as well as databases or specific applications.

Authentication:

Critical to any data protection is being able to validate who is requesting access to networks, apps or databases, and authentication solutions provide organisations with a way to determine who does what, where and when.

While a simple password is the most common form of authentication, it is also the least secure. Businesses are now looking to more advanced authentication methods, including one-time password tokens, smart cards and biometrics. With biometrics, there are many forms, including fingerprint biometrics and facial recognition, with fingerprint biometrics now becoming less expensive and even entering the consumer space with the arrival of the latest iPhone.

Beyond price, the solutions offered to SMBs have to be easy to deploy and manage, as many SMBs lack technical know-how and dedicated IT staff.

Tackling the data migration barriers

But SMBs know that barriers in any shape or form have to be hurdled, as failure to properly manage and safeguard corporate data can result in business disruption, devastating losses, and the threat of fines from governmental data protection agencies.

And, as businesses become more reliant on the electronic data they hold to run their businesses, they are realising that the regular backing-up of data and its archiving is essential in the face natural disasters such as fire and water damage, or the increasing risk of computer viruses and power failures.

While these challenges may be daunting to some organisations, SMBs should realise that specific data storage and data protection solutions are available to their section of the market, that can help them to securely share their data and become more operationally efficient as a result.

To learn more, download the following White Papers: