Bob Cramer–Security Challenges and Solutions for Small Companies

Bob Cramer, president and CEO of LiveVault (recently acquired by Iron Mountain Incorporated), discusses the hidden dangers that lurk in small business data backup systems and technology solutions that can help companies survive data loss.

Business data, from the general ledger to orders, inventory, and customer lists, are the corporate jewels–your most precious business assets. The loss of that information can critically damage a business of any size–according to the Small Business Administration and other authorities, major data loss can mean the death of a small business–yet business owners often underestimate the risks of data loss and overestimate the reliability and security of their data recovery systems.


To find out more about security challenges and solutions for small businesses, we talked with Robert Cramer, president and CEO of LiveVault, whose online backup and recovery service was recently named a finalist in the Best Storage Software Solution category for the 21st Annual CODiE Awards.

Q: What do you see as the biggest security challenge facing small and medium businesses (SMBs) today?

A: The security situation has changed so fast. Think about it. Ten years ago, if a business had computers, it was sort of a complement to the business. Five years ago, use of computers became core to many businesses. Today, in many cases, the computer is the business: The primary functions of the business and its critical data live on computers. But the business owner’s expertise is in the business itself, not in information technology. Because computers are so important today, business owners are being forced to become IT experts. What we, as vendors, need to do for them is to automate the management of IT so that they can focus their energy back on the business.

Q: What is the most common misconception that SMBs have about information security?

A: That they’re safe. For example, for the past 20 years, most businesses have backed up their data to tape. Someone runs the backups, but seldom if ever does anyone test to be sure they can restore their data from tapes, check the error logs, etc. As I said before, SMBs don’t have a high level of IT expertise in-house, and they don’t want to spend the time on these basic IT functions. But analysts estimate that up to 50% of those tape backups fail–the data can’t be restored from them–because of configuration problems, full file systems, and other issues. Or maybe a smaller company, say a dentist’s practice, backs up each night to a CD or disk and the office manager takes that disk home with them. First, there’s the same issue as with tape backups: No one tests to see whether the data is recoverable. Second, what if someone breaks into their car when they stop for groceries on their way home? The backup data is typically not encrypted [coded], so patients’ medical, financial, and other personal information has been stolen. In the medical field, this violates HIPAA requirements. In other businesses, it would violate Sarbanes-Oxley requirements.

Today, virtually every computer is connected to the Internet, so information is vulnerable from that side. There are threats from disasters, Internet attacks, and data theft. The business owner needs to be on top of all those things, yet through habit and lack of time to spend on IT functions, they’re often relying on potentially failed backups to protect their business information. That’s a huge risk, and that’s why our company offers services to automate the backup and restore functions for businesses. We have multiple data centers around the country, and all data is in at least two vaults, so even if one center is hit by a disaster, there’s no single point of failure. That way businesses have reliable data backup to ensure business continuity in case of disasters, Internet attacks, system failures, etc., and the business owners and staff aren’t spending their time and energy on those tasks.


Q: Do most SMBs think in terms of business continuity?

A: No, unfortunately. Most businesses don’t think in those terms because they think it can’t happen to them. In the last few years, we’ve seen 9/11 and hurricanes Charlie and Katrina. These create regional pockets of awareness about information security, but people tend to forget. And that’s serious because the Small Business Administration estimates that 90% of small businesses that fail to recover their data fail within the next two years.

Q: Your company, LiveVault, is an SMB. How do you use technology to create new business models and to keep your company competitive?

A: The technology to do what we do didn’t exist even five years ago. Bandwidth is a big factor. For example, think about dental offices that use the Kodak Dental System for medical images. Five years ago, a survey found that less than 10% of dental offices had broadband connections. Today, it’s more than 98%, so it’s possible to perform remote backups on large amounts of image data. Plummeting disk prices have also allowed us to offer services that we couldn’t have before.

Today, we also have wholesale access to any information we want. If you want to know something, it’s a couple of clicks in Google and you’re done. Then there’s the Google desktop. We used to spend time looking for information. Now if you want all the information related to a project or question, you do a quick search and it’s all assembled for you. I’ve been in technology for 25 years, and every time I think we’re done, these new transformational apps appear and lead us to a whole new level of productivity.

Our company also leverages application services from other providers to help us focus on our core business. We use Salesforce,com* for our sales and customer service applications. We use RightNow* for CRM. There’s even a tool called SurveyMonkey that we use to gather customer feedback.


Q: With all these applications outsourced, do you have your own in-house servers besides the ones you use to offer backup and restore services?

A: Sure. We have file and print servers, our centralized databases, Outlook and Exchange servers, all the things you need for coordinating and running the business.

Q: What does the outsourcing model do for security? For example, what if a business is in the middle of the day and there is work happening with and RightNow and other ASPs, and a disaster–say, an earthquake–strikes completely without warning. How can all that data be restored up to the moment the disaster struck?

A: First, when you choose an ASP, you need to review its data protection and backup policies. And when you choose a third party for these services, make sure that you can rely on it to stay in business, and make sure that if it ever does go out of business, the data and application would still be accessible to you.

In the situation you’re describing, most of the data would be in the business’s central databases, its local exchange and file servers, etc., and we would have that backed up. For the data that’s with ASPs, the ability exists today for us to do what we call a “redirected restore,?? which would allow us to recover the in-process data from those ASPs’ servers or backups. And it won’t be the bulk of the business’s data because no SMB today fully outsources. It will still have its independent servers–file and print, Exchange servers, its own enterprise applications, etc.

Q: What other kinds of technology do you use to help your business run better?


A: We also use mobile computing, including devices like Treos and BlackBerrys. I have to admit, in the late 1990s, the first time I was in a meeting and two or three people pulled out their Palms to schedule a meeting, I thought, “Those people are nuts! Why carry around that thing when you could just write it down??? But within a few years, I was addicted to my Palm. I couldn’t manage schedules and contacts without it. Same thing with the Treo. People tend to think that whatever way they’re doing things is good enough, but they don’t realize that technology can create a step-function that takes you to a whole new level of productivity.

Now that productivity can begin to intrude on personal time, you have to be careful to guard your downtime. But there’s lots of time you would otherwise spend waiting that you could be using to get things done. For example, I took a vacation to Disneyland with my kids. Sometimes we waited in lines for 45 minutes, and I could whip out my Treo and check messages. It didn’t take time away from the kids’ activities, and when I got back to the office, I didn’t have a stack of messages waiting. You have to do the work anyway, so why not use those waiting times to get it out of the way and free up more time for other things?

Q: What advice would you give other business owners about technology?

A: One, embrace it. Don’t be scared of it. But two, don’t become enamored of technology for the sake of technology. You know what your business is about better than anyone. Use technology to help you do that business better, not to lead it off in other directions. For instance, my friend Gail Goodman is the CEO of a company called Constant Contact. Her company offers an application that enables small businesses to communicate very effectively with their customers via e-mail. But Gail’s main expertise wasn’t in technology; it was in handholding customers and providing them service. E-mail is just the tool she used to apply that expertise. Same thing if you’re a hair salon or a local real estate company. Ask yourself how you can use technology to communicate better and service your customers faster.

Q: What surprises you most in working with SMBs?

A: Two things, I guess. First, that people are very resistant to change. We will continue to do things the same way we’ve done them for the last 20 years. For example, tape backups are left over from when larger businesses had mainframe computers. Embracing the new is clearly hard, because people don’t want to change, even when change could benefit them so much.


The second thing that amazes me is how much difference technology can make for our businesses. People don’t realize how much is available, and there’s more all the time. They should give it a shot.

About Robert Cramer, President and CEO, LiveVault Corporation
Bob Cramer was president and CEO of LiveVault from 2001 until its recent acquisition by Iron Mountain. His extensive executive management experience in fast-growth environments includes president and CEO of FirstSense Software, Inc., a category-leading application performance management vendor; general manager of the process manufacturing business at Marcam Corporation, a $200M publicly traded enterprise application software company; and president and CEO of SET. Cramer has also held senior marketing and sales positions at Oracle Corporation (’86-’90), CenterLine Software and Ingres.

Cramer started his career at AT&T Bell Laboratories, holds a bachelor’s degree from the University of Massachusetts at Amherst, and a master’s degree from the University of California at Berkeley. Cramer currently sits on the board of directors at I-Logix. He has been a LiveVault board member since April 2000.

About LiveVault: LiveVault, a service of Iron Mountain Digital, offers the simplest, yet most advanced data protection available for small and mid-sized businesses, as well as remote offices of larger corporations. Through its partnerships with IBM, BT, HP, Microsoft and others, LiveVault delivers automatic and continuous data protection (CDP), backing up server data, protecting it offsite at a secure, remote facility, archiving it, and making it immediately available for recovery 24×7.