Tips on choosing a cloud backup provider for your SMB

These are seven factors your small or medium business should consider when selecting a cloud backup provider.

Businesses depend on their data and applications like never before, and data protection is a critical component of nearly every company's IT strategy. Even two hours of downtime can significantly impact productivity and sales. If you can't recover your data quickly in the event of a natural disaster, equipment failure, or cyberattack, your ability to maintain operations could be compromised.

Most small-to-midsized businesses (SMBs) are aware of the importance of data protection. But due to accelerating data growth rates, budget constraints, reliance on outmoded technology, and other factors, many SMBs do not have adequate data protection. For example, almost 75% of SMBs have no disaster recovery plan, and only about 25% are "extremely confident" about their ability to restore data in an emergency, according to the Symantec 2012 SMB Disaster Preparedness Survey. About half of SMBs back up less than 60% of their data, leaving the rest vulnerable to loss at anytime, according to the Symantec 2011 SMB Disaster Preparedness Survey.

These gaps in data protection are among the key drivers leading SMBs to embrace cloud backup. Over 30% of SMBs are already using cloud backup, with about 14% more planning to adopt it within a year, based on a recent survey by Spiceworks. But while cloud backup is often the most affordable, reliable, and efficient data protection solution for SMBs, choosing the right provider for your specific business needs can be a challenge.

This article outlines seven key considerations that every SMB should factor into their evaluation of cloud backup providers.

Key SMB considerations for cloud backup

Reasons for the popularity of cloud backup among SMBs include lower upfront capital costs, reduced IT complexity, and a pay-as-you-grow model that scales cost-effectively to support business growth. Cloud backup is reliable, highly automated, and easy to use. It's also more secure than on-premise solutions like tape backup, because your data is stored offsite.

But not all cloud backup providers offer the same level of service. Some offerings are not "business class" and are more appropriate for individuals, for instance; others have features (and often costs) more appropriate for enterprises than SMBs.

What considerations are most critical for SMBs choosing a cloud backup provider? The following seven factors consistently top the list.

1: Security

What good is backing up your data if your backed-up files are vulnerable to exploitation by cybercriminals? Data is vulnerable both at rest and while in transit between your business and the cloud. You need to be able to encrypt your data not only when it’s being uploaded, but also once it’s been stored.

Top-tier cloud backup providers offer "end-to-end" 256-bit encryption -- but encryption is only as strong as the encryption key. Most services will manage your encryption keys for you, which is acceptable for many businesses. But for compliance with HIPAA and other regulations, or simply for additional security, some SMBs will need to manage their own encryption keys so that the provider cannot access their data. 

2: Performance and versatility

The performance of a cloud backup service is key to reducing backup windows and minimizing the total volume of data being backed up. The advent of faster Internet speeds, combined with advances in data compression and deduplication, enable top-tier providers to offer SMBs very fast backups and restores with no restrictions on bandwidth. However, low-end providers often restrict upload rates, which can slow backups to a crawl.

To optimize costs and performance, it's essential that a provider offer incremental backups (also called delta blocking), so that only files and parts of files that are new or changed since the last backup will be included in a backup. It's also important for the service to back up open files, and for it to support all the platforms (Windows, Linux, UNIX, Mac) and applications (Microsoft Exchange, SQL Server/Dynamics, SharePoint, Hyper-VMware, Oracle) your business uses.

3: Pricing structure

SMBs need to balance service with costs. The best cloud backup providers offer excellent service along with an affordable, flexible pricing structure that can fit your business model.

Cloud storage billing is typically based on the amount of data uploaded, stored, and downloaded, and the number and types of requests for backups and restores. Be sure to ask for details about setup costs, hardware/software fees, cost per gigabyte of data stored, and whether there are additional charges for "overages."

In addition, some vendors charge for every file access (read, write, open) in addition to per-gigabyte and download charges. If you are moving large blocks of data, these access charges may not be a major issue. However, if you are doing a significant number of database lookups and updates, the costs can add up fast.

4: Availability

Availability and uptime are a function of a provider's investments in its data center(s). Data centers are rated according to tiers, a standard methodology that defines the level of availability they can offer. Tier 1 data centers (the lowest tier) lack redundant capacity components (uplink and servers) and can offer 99.671% availability.

At the other end of the spectrum, Tier 4 data centers offer fully redundant and fault-tolerant components (uplinks, storage, chillers, HAVC systems, servers, etc.) and can achieve 99.995% reliability. The best cloud backup providers offer Tier 4 availability along with competitive pricing.

5: Regulatory compliance

Who is handling your data, and how is it being handled? Regulations like HIPAA, the Payment Card Industry (PCI) standard and others are increasingly focused on how third parties handle sensitive data. Will your cloud backup provider help or hinder your chances of passing a regulatory audit?

The "gold standard" for cloud backup providers is SOC 2 Type II certification (which replaced SAS 70 last year). This is an audited attestation of controls and procedures related to security, availability, processing integrity, and confidentiality/privacy. Providers with this level of certification can show that they meet regulatory requirements.

6: Company policy

Does your SMB have an established policy for ensuring business continuity and data security? What are your recovery time objectives (RTOs) for key classes of data like financial records, contracts, and client information? What is your retention and disposal policy for electronic records?

You need to ensure that prospective cloud backup providers can 1) agree to the service levels you need, and 2) provide a set of backup/restore procedures that fit well with your policy. For example, if your company policy requires versioning of certain types of data, does the provider offer versioning? Do they have a predefined retention period for deleted files? You need your cloud backup provider to adjust its services to fit your policies, not vice versa.

7: Avoiding vendor lock-in

Vendor lock-in means that a customer cannot easily transition to a competitor's product or service, usually because the proprietary technologies involved are incompatible with those of competitors, or due to contract issues. In the case of cloud backup, many SMBs stay with a provider that no longer meets their needs in order to avoid the complexities of moving data from one cloud service to another.

The best way to avoid vendor lock-in issues is to perform due diligence before signing a contract. What is the length of the contract? What service levels does the provider agree to? Are there any restrictions on moving your data elsewhere? In particular, ask whether a vendor facilitates moving customer data out of its repository, and whether they provide migration tools or services for moving large volumes of data. Ask also whether a provider supports emerging industry standards, such as the Cloud Data Management Interface (CDMI).


Leveraging cloud backup can help SMBs save money, improve their level of data protection, manage data growth, and comply with regulations. But it's essential to look carefully at a prospective cloud backup provider to ensure their service is a good fit with your business needs.

This guest post was written by Tim Hannibal, founder and CEO of VaultLogix.