IT problems for SMEs - how to recover

These range from virus attacks, power outages and natural disasters, through to less evocative but equally serious challenges such as equipment failures, network interruptions, or simple human errors.

Small and medium-sized organisations are particularly at threat from such risks. According to Gartner 50% of SMEs would go out of business in three years if they were unable to retrieve their data within 24 hours.

As a result, it is vital that SMEs formulate a disaster recovery plan that both mitigates their exposure to risk from data loss or corruption and provides a practical and cost-effective path towards protecting critical information.

The threat to SMEs

There are a number of reasons why SMEs are particularly vulnerable to IT business interruption, but a common theme has been the limited resources available for back-up and recovery solutions. This can leave critical data held on just one server at a single location.

Few SMEs can afford to operate under this level of exposure since a single attack can cripple access to data and quickly start to impact day-to-day operations that in turn will affect cash flow.

Therefore the challenge to SMEs is to minimise the disruption that unplanned downtime may cause and have the capability to resume normal operations as quickly as possible.

There are many simple and effective steps that can be taken towards protecting critical data and one of the most important set of tasks should be to define and review the people, priorities and policies involved.

Start by ensuring there is a single person within the organisation who is designated as the data manager and has overall responsibility for the protection of information.

Their responsibilities should include securing management buy-in, documenting processes, investigating, directing and testing backup options. This data manager should work within a designated group to determine what constitutes the most important information to the business, consider carefully the impact of relevant regulations and define critical business applications.

In smaller businesses, this may mean narrowing your focus on one or two core applications where an inability to access key information can quickly start to cost money, for example, your e-commerce site, customer database or email system.

It is also vital to have an offsite back-up system that is geographically distant to the main site so that it remains unaffected by any localised problems.

Surprisingly, this does not have to cost the earth and one way of achieving a remote back-up may be to set up a PC back-up server in the home of your IT administrator that can be connected back to the main server by DSL or cable.

Calculate the potential loss

A common stumbling block many businesses face is to demonstrate the value of securing effective back-up systems.

There is, however, a simple formula that can be applied which may help secure the buy-in of those who are sceptical. This involves estimating the potential cost of downtime and the financial impact to the business of your employees, suppliers and customers being unable to access critical information.

A simple calculation that will enable you to estimate the financial impact of potential downtime is - Productivity Impact + Revenue Impact = Downtime Estimate

Productivity impact can be calculated on the basis of the average employee salary or rate multiplied by the number of business hours the users would be impacted if denied access to systems and data.

Revenue impact can be calculated on the basis of the average monthly gross revenue for the critical application multiplied by the number of business hours that the application is affected. These are then added together to achieve the estimated cost of downtime.

This formula can be used as an effective tool for calculating a suitable data recovery budget, but it can be refined further by establishing a Recovery Time Objective (RTO) and Recovery Point Objective (RPO) for each application.

The RTO is simply how quickly you need to have information restored after downtime, and the RPO is the goal for how much data you can afford to lose since your last backup.

Clearly, once you are armed with the real costs of downtime and the required recovery objectives, you are in a far better position to agree a realistic data recovery and business interruption budget.

Introducing viable solutions

In technology terms, SMEs who are looking to resume normal operations with a minimum loss of data may initially find themselves in a no-win situation.

Traditional backup tapes may not be a sufficient recovery solution, particularly for organisations with multiple remote locations, and while hardware-mirroring technology (which uses remote copy technology to provide synchronous mirroring between two sites) may be an attractive alternative, it is usually prohibitively expensive to purchase and operate.

However, help is at hand in the form of new technology that uses asynchronous software-based replication to provide an effective recovery solution for a fraction of the cost of synchronous mirroring.

It works by replicating only the bytes that are actually changed by each write (not the entire block of information or the whole file), resulting in a lower load on the production servers, faster updates, and the ability to send replication updates across low-bandwidth Internet networks.

Asynchronous software products are an ideal data recovery solution since they cost much less than synchronous replication hardware and are much easier to use. Not only that, but the solution also provides a near real-time copy of the data on another server without straining your production servers or network.

Furthermore, asynchronous solutions work over a lower bandwidth yet can still provide effective back-up of your remote or branch locations.

Finally, it is important to ensure that you have an action plan outlining how you would restore your critical applications, either locally or at a different location. This plan should detail whether you have (or can quickly get) all the components you need to recover, the specific steps you would need to take to restore a failed server, and an outline for moving staff and operations to an alternate set of servers at another location.

In the past, SMEs had limited options for planning against business interruption and for data recovery, but with many new software solutions available nowadays this is no longer the case. With careful foresight, it is possible for businesses of all sizes to significantly reduce their downtime risks, while maintaining a flexible, replication solution that is cost-effective and easy to maintain and deploy.

Ian Masters is sales director of Sunbelt System Software.

Sunbelt Systems are exhibiting at Storage Expo the UK's largest and most important event dedicated to data storage. Now in its 4th year, the show features a comprehensive FREE education programme, and over 90 exhibitors at the National Hall, Olympia, London from 13 - 14 October 2004.