Whether a top 100 corporation or a small and medium sized enterprise (SME), business data is the lifeblood of all organisations and second in importance only to the staff you employ. An increasing number of real-world threats, including virus attacks, power outages and natural disasters, as well as less publicised problems such as equipment failures, network interruptions, or simple human errors, all increase the likelihood that daily operations affecting business critical data will at some point be interrupted. As a result, it is vital that businesses mitigate their exposure to risk from data loss or corruption and, in particular, choose a practical and cost-effective path towards protecting critical information.

The challenge to businesses today is to minimise the disruption that unplanned downtime may cause and have the capability to resume normal operations as quickly as possible. Small and medium-sized organisations are particularly at threat from the risk of business interruption. There are a number of reasons why this is so:

• Limited IT resources for back-up and recovery;


• Critical data is all held on one server creating a single point of failure;


• Pressure to comply with regulations but limited funds to implement these requirements;


• Business disruptions quickly start to impact on cash flow, something few SMEs can afford.

Increasingly, however, there are practical steps that SMEs can take towards protecting their critical data and recovering faster from unplanned downtime.

One of the first steps is to ensure that there is a single person within the organisation who is designated as the data manager and tasked with overall responsibility for the protection of information in the event of unplanned business downtime. His/her responsibilities should include securing management buy-in, documenting processes, investigating, directing and testing backup options.

The data manager should work within a designated group to determine what constitutes the most important information to the business, consider carefully the impact of relevant regulations and define critical business applications. In smaller businesses, this may mean narrowing the focus on one or two core applications where an inability to access key information can quickly start to cost money, for example, the e-commerce site, customer database or e-mail system.

It is crucial to obtaining management buy-in that you estimate the potential cost of downtime and the financial impact of your employees, suppliers and customers being unable to access critical information. A simple formula that will enable you to estimate the financial impact is:

Productivity Impact + Revenue Impact = Downtime Estimate

Productivity impact can be calculated on the basis of the average employee salary or rate multiplied by the number of business hours the users would be impacted. Revenue impact can be calculated on the basis of the average monthly gross revenue for the critical application multiplied by the number of business hours that the application is affected. These are then added together to achieve the estimated cost of downtime.

While this formula is a step towards setting a data recovery budget, it can be refined further by establishing a recovery time objective (RTO) and recovery point objective (RPO) for each application. The RTO is simply how quickly you need to have information restored after downtime, and the RPO is the goal for how much data you can afford to lose since your last backup.

Once you are armed with the real costs of downtime and the required recovery objectives, you are in a far better position to agree a realistic data recovery and business interruption budget.

SMEs are also likely to discover that traditional backup tapes will not be a sufficient recovery solution if the goal is to resume normal operations as quickly as possible with a minimum loss of data. Furthermore, tapes are ineffective for organisations with multiple remote locations. And while hardware mirroring technology (which uses remote copy technology to provide synchronous mirroring between two sites) is a more effective solution, it is usually prohibitively expensive for SMEs to purchase and operate.

However, new technology using asynchronous software-based replication can provide an effective recovery solution for a fraction of the cost of synchronous mirroring. It works by replicating only the bytes that are actually changed by each write (not the entire block of information or the whole file), resulting in a lower load on the production servers, faster updates, and the ability to send replication updates across low-bandwidth Internet networks.

Asynchronous software solutions are an ideal data recovery answer for SMEs and bring the added advantages of:

• Providing a near real-time copy of the data on another server without straining your production servers or network;


• Costing less than synchronous replications hardware and much easier to manage;


• Working over a lower bandwidth with effective backup of your remote or branch locations.

Finally, it is important to ensure that you have thought through how you would restore your critical applications – either locally or at a different location. Consider whether you have (or can quickly get) all the components you would need to recover, the specific steps you would need to take to restore a failed server and what you would do if you had to move staff and operations to an alternate set of servers at another location.

In the past, small businesses have been out in the cold as far as practical solutions to mitigating their exposure to data vulnerabilities was concerned, but nowadays this can no longer be said. There are many new software solutions that can significantly reduce your company’s downtime risks, while maintaining a flexible, replication solution with speed and ease of recovery that works over long distances.