Risk & Compliance

Big Data Issues at Smaller Companies

Many small and midsize businesses aren't backing up their data at all; ''They're about as vulnerable as anybody you'll find.''
Anne StuartOctober 27, 2004

Many data-management requirements, most notably the dictates of Sarbanes-Oxley, initially applied only to large public corporations, but their effects are already trickling down to small and midsize businesses (SMBs). These firms must manage data just as professionally as the big guys, providing easy, reliable access to some records and guaranteeing the confidentiality of others. Some of those SMBs may want to go public someday, and they’ll be subject to the same regulations as the Global 1,000. And no business of any size is immune to lawsuits, major or minor disasters, or competitive pressures.

“SMBs’ storage needs aren’t really different than enterprise storage needs,” says Nancy Hurley, a Portland, Oregon-based senior analyst at Enterprise Strategy Group, a data-storage research firm headquartered in Milford, Massachusetts. “They want to effectively utilize resources, reduce total costs, and protect and recover business information like everyone else, just on a smaller scale.”

In the past, that smaller scale meant forgoing certain capabilities that large companies enjoyed. But now, an approach formerly used almost exclusively by giant companies that deal with dozens of terabytes of data is becoming available to — and critical for — smaller companies as well. It’s called information life-cycle management, or ILM.

Although ILM certainly involves storage, security, network hardware, and other technologies, it’s a process, not a product. Or, more accurately, it’s a combination of processes and technologies that manage information at every stage of its life, based on its value to the business. A true end-to-end ILM system includes a comprehensive storage infrastructure, migration software that relocates data automatically, and products for backing up, replicating, archiving, and retrieving information.

Used properly, ILM keeps tabs on data from creation to deletion. Typically, it moves, stores, archives, or removes information with little or no human intervention, based on company policies or priorities, regulatory requirements, or automatic timetables. Ideally, it’s set up so that anything that hasn’t been deleted can be easily retrieved.

Behind every effective ILM effort is a solid strategy, which Hurley says businesses can develop in three simple steps. First, set a value for each type of information. In other words, figure out what the data is worth to the business and what impact its loss might have, then assign it a priority.

Next, based on those designations, figure out how accessible, how protected, and how recoverable each item needs to be. For high-priority information, such as current financial records, “it might be important to mirror the data, and also take snapshots and replicate off of those snapshots for disaster-recovery purposes,” says Hurley. Less-critical information — marketing brochures or employee PowerPoint presentations — might get backed up once a week. Even that’s an improvement for some SMBs, says Gary Doan, CEO of IntraDyn Inc., an Eagan, Minnesota-based maker of storage products. “Fully 50 percent of them are not doing any offsite archiving at all,” he says. “They’re about as vulnerable as anybody you’ll find.” (For more, read “Saving Gracefully.”)