SMB data backup strategy must overcome data protection issues

ESG Senior Analyst Jason Buffington discusses some of the major data protection issues a small or medium-sized business must overcome while planning a data backup strategy in this podcast.

What are the major differences between enterprise and SMB backup?

In a nutshell, the biggest difference is obviously scale. The good news is that a lot of the data protection technologies that started in enterprise, many of them have started to work their way down into something that is more than just butchering the features and slashing the price. There really is more of a right-sizing of abilities. So we’re seeing two nice trends in the industry: One, software and hardware technologies that are becoming right-sized for the scope and scale — including ease of use — of small- to medium-sized companies, and also, we’re seeing some niche players come up from the bottom and saying, “Look, we can solve this better, where ease of use is our primary tenant. Some of them are on-premise solutions, some of them are cloud solutions, but collectively, they’re both working toward that midmarket space. And that’s giving midmarket customers a lot of great options.

What are the specific backup challenges facing SMBs?

Well, in the past, I would have said virtualization and dedupe were the two big challenges coming up. But now, we’re beginning to see some convergence around that. From a deduplication perspective, there’s still a couple different camps as far as [whether] we need to have a hardware-based appliance or a software-based solution. And one of the things I’m probably most excited about is seeing how some of the hardware traditional deduplication appliances are now offering the right-sized lower end appliance, or my preference, a virtualized appliance… I like where we’re going from a dedupe perspective. The other trend, of course, is where you do dedupe — is it hardware-based, is it back-end storage versus client-side, and some of the solutions that typically used to be enterprise-only, we’re finally beginning to see that come together.

If I were to answer what were the main challenges related to that, I think the big one would be by not having a dedicated IT staff, or at least not the experts on site that an enterprise might have, there’s a couple challenges. One, when something goes down, they don’t have somebody who can start solving the problem. They’re very much more dependent on the reseller community to help them, which means not only are they down, but they’re hemorrhaging cash while they’re down.

So challenges around ease of use, and ensuring an agility to restore is probably even more important in mid-sized customers than it is in enterprises, because it’s got to be something they can click a mouse three or four times and get back up and running again. So, I’d say that is one major difference. The other difference is more dependent on the workloads than anything else.

Virtualization, as an example, or a large database infrastructure, those kinds of workloads used to require some expertise just to get data protection or recovery done in a useful fashion. And today, it’s becoming a lot easier. The challenges are really around ease of use, ease of deployment. Once you got it up and running right and the work flows, hopefully that solves the rest of the problem.

How do vendors work with SMBs to determine what data protection practices are the best fit for a smaller organization?

That is a battle of multiple fronts. The traditional backup software vendors, they’re trying their best to refresh UIs. Just in the last year, some of the largest and most venerable data protection companies in the industry, and they’re talking about most right now is, “Take a look at the new UIs, and take a look at the new ease-of-use features,” because they know that they built these platforms for enterprise scale, and now they have to go back and try to resolve that. So they’re trying to solve the problem [with] ease-of-use features.

Meanwhile, you got service providers out there saying, “Wait. Let’s solve the problem by you [cutting] a check, and we’ll make all your backup problems go away.” Problem is, it’s not really true. Even if you decide that you’re not going to be managing the backup server anymore, you’re still going to be watching the jobs, you’re still going to be invoking the recoveries. It’s a different set of baby-sitting tasks you have to do, and I would say… regardless of whether you’re moving to a data protection technology because you want something different for ease of use, or whether you’re moving to a data protection service because you think it’s going to solve all your problems, habitually, when we look at the real challenges in data protection, most of them have to do with visibility.

In fact, in a recent research report you’ll see published first on my blog,, one of the main things you’ll find is five of the six top challenges for data protection today have to do with visibility — it’s auditing my environment, it’s ensuring my recovery success, it’s identifying bottlenecks — there’s visibility challenges. Actually, it holds true if you’re talking about midmarket or enterprise, but those challenges are even harder when you don’t have somebody who’s really skilled in that IT staff to monitor for that.

Instead of just thinking, “I need to get this from products or I need a different solution,” I would tell you there’s actually a third option that SMBs in particular really ought to be looking at. And that is the monitoring of that backup. There’s a lot of solution providers and resources out there that think they want to solve people’s backup protection problems, they got to run to the cloud. And frankly, a lot of the cloud-based technologies have the same scheduling and management limitations that the on-premises products do.

If the challenge is really around visibility, then what you really ought to be looking for is to manage what you got, [but] smarter. And, particularly for SMB customers, this should be a silver bullet, where resellers say I am going to watch what you got, which by the way I probably sold you, so you don’t have to. If they don’t have an IT staff, that should be welcome news.

How are public clouds doing in the SMB space?

So we are seeing cloud backup becoming more and more interesting, but it’s not necessarily being delivered by a public cloud provider, per se. In fact, some of the research we’re currently looking at around data protection services — and that includes backup-as-a-service, DR-as-a-service, storage-as-a-service — in all those cases, we’re starting to see where the subscribers aren’t necessarily saying I want it from a public provider, instead, they’re more often saying, I want it from a company who specifically offers data protection services.

Or, I want it from a company I used to buy my backup software through, I trust them to remotely deliver that same capability. More than just generic public cloud, we’re seeing interest from data protection cloud providers and the software vendors that are moving to the cloud in order to protect their marketplace.

Do SMBs need to bolster their staff training when it comes to data protection issues?

Yeah, from a learning and growth perspective, I think one of the things that companies of most sizes, but particularly SMBs, need to think about is that they need to stop thinking about backup as a task that they solve, say great, and goes lights-out for them. If you lift up the spectrum of data protection – that’s a blog post that came out recently – the spectrum of data protection is bigger than just backup [and] making extra copies in case you have to roll them back.

It includes things like how to leverage snapshots, it includes replication for off-site protection, it includes archive – there’s a whole range of verbs in that data protection landscape. They can really help make a company agile. So I guess the one thing I would tell an SMB is don’t focus so much on I have a backup problem, or I have a backup cost and I have to try to solve for it. Instead, think about what your recovery goals are, and the ramifications of not being able to act upon [them].

[Originally blogged via TechTarget’s Technical Optimist]

Leave a Reply