Hurricane season is fully upon us, with forecasters predicting that as many as nine tropical storms will form in the Atlantic between now and the end of November.

Fortunately, savvy businesses won’t need to board up any windows, figuratively speaking, if their applications and data already live in the cloud. Noting that researchers think four tropical storms will strengthen into hurricanes with winds of at least 74 mph — and that one of those hurricanes will intensify into a major hurricane with peak winds exceeding 110 mph — vigilance is simply good business.

Small business owners rightly fret about data loss. You needn’t be a mega-enterprise awash in big data to recognize the potential peril to business health from even a ‘minor’ erosion in data security, and natural disasters are among the most disruptive events a small business can face. And that’s exactly why businesses need to wean themselves from traditional backup and recovery solutions.

Backup procedures live on a continuum:

  • #1 - Good: Local backup taken offsite.  Backup tested monthly by performing restores. Logs reviewed by engineers. While data is taken offsite, the process is both time-consuming and expensive. Does not prevent productivity loss.

  • #2 - Better: Online backup. Gets customer data offsite. Prevents data loss due to any number of catastrophic occurrences. Does not prevent productivity loss that ensues when applications vanish.  

  • #3 - Best: Placing applications and data in the cloud with a provider who does application-consistent snapshots and replicates data to data centers outside the customer’s geography.

Small and midsize businesses (SMBs) should get their data out of the office entirely — out of the office, and into the cloud. Paradoxically, moving it out is the very best way to obtain 100% control over data. It’s a matter of cutting the apron strings and delivering a little tough love to that data. It’ll be safer and more secure for the effort.

Online backup and recovery solutions don’t permit businesses to back up their applications, so what happens when the server blows up? How long will it take to rebuild from a meltdown, and what financial losses is that business prepared to endure?

The real issue isn’t how to protect an SMB from data loss, but how to protect a business from productivity loss – which is why Option #3 is clearly the way to go. Infrastructure as a Service (IaaS) was created expressly to enable businesses to run everything natively in the cloud, with 100% confidence. Cloud-based backup means, among other things, zero data loss, zero security breaches, zero lost sleep. SMBs still wondering about backup and recovery solutions are asking the wrong questions. The old tried-and-true is has lulled them into a false sense of security. They hope they’re backing the server up — it’s their responsibility, but they don’t really know. They can’t know.

For diligent cloud service providers (CSPs), security protections have become part of their DNA, with technologies such as clustered firewalls and intrusion detection and prevention systems (IDPS). The prospect of enhanced security in the cloud — indeed, that the better cloud deployments now mean that data is safer in the cloud than on a typical unsecured desktop — has altered the conversation.

Audits of CSP security controls — especially the SSAE (Standards for Attestation Engagements) No. 16 Type II audit, one of the most rigorous auditing standards for hosting companies — mean that peace of mind can now be virtually guaranteed.  The audit confirms the highest level of service and reliability attainable for a virtual server hosting company. To be SSAE compliant, a hosting provider needs to offer SSL capability, enterprise-level, application level protection, hardware firewall, IP-restricted FTP, managed backups with 14-day retention, advanced monitoring and multi-level intrusion prevention.

For that extra dollop of protection, an increasing number of CSPs rely on the American Insti­tute of Certified Public Accountants’ Service Organization Control process (SOC), the organization’s certification of controls with verification for cloud environments. Some of the larger cloud service providers now publish SOC reports on their security controls.

Now more than ever, SMBs can turn to cloud service providers who recognize a tight connection between managing security and facilitating cloud adoption. And cloud service providers concerned about safeguarding data and applications are taking steps to mitigate those risks with tight security controls and transparency regarding those controls.