The Strategic Guide to Disaster Recovery and DRaaS
- Disaster recovery vs. business continuity
- 4 reasons you need a disaster recovery plan
- How to write a disaster recovery plan based on business continuity
- DRaaS Key Factors: Understanding RPO, RTO, and Application Tiering
- Disaster recovery as a service (DRaaS) automates replication and recovery
- The difference between DRaaS and cloud backup services
- 5 tips for choosing the best DRaaS provider
A disaster can strike anywhere at any time. When it comes to your IT systems, disasters include storms, floods, power outages, and earthquakes, of course, but also human error and cyber-attacks. Any of these can significantly affect operations, so the survival of your business depends on your disaster recovery plan.
Disaster recovery (DR) is the process of returning an organization’s mission-critical business systems to a functional state in the event of a disaster. A well-tested disaster recovery plan lets an organization continue serving its customers, partners, and employees during unplanned downtime, and can greatly reduce data loss.
Disaster Recovery as a Service (DRaaS) is an increasingly popular option for handling disaster recovery. It is expected to post a CAGR of close to 41% between 2019 and 2026. DRaaS uses orchestration technologies to automate replication and recovery for better protection and manageability.
Fortunately, with cloud computing and DRaaS, disaster recovery becomes cost-effective for any size organization. A good DRaaS partner helps clients evaluate their downtime risks and system dependencies and design a disaster recovery program, before disaster strikes.
Disaster recovery vs. business continuity
A disaster recovery plan focuses on IT systems and is just one component of a business continuity (BC) plan. A business continuity plan covers how the business will protect its employees, minimize losses, and continue to serve its customers under adverse conditions. In comparison, a disaster recovery plan only covers how the business will protect the IT systems that the business depends upon.
When planning a business continuity plan, ask the following:
How much downtime can your business afford?
What applications does your business need to function?
How current does the data need to be for each application?
How long can the business function without each application?
4 reasons you need a disaster recovery plan
Even if you are not in a tornado alley or flood zone, your organization needs to prepare for likely hazards.
Reason 01: Downtime costs are high
Downtime is a dirty word for CIOs. When applications and data are inaccessible, employees can’t do their jobs, transactions don’t go through, and business revenue comes to a halt. A recent study by Veeam found that downtime costs businesses $84,650 per hour on average. Even with an average downtime of 79 minutes, the costs can add up quickly.
Downtime can also hurt the trust your customers and partners have in your services. Any downtime can drive them to a competitor, so it’s important to get your business processes restored as fast as possible.
Reason 02: Cyber-threats are on the rise
Cybercrime represents the fastest growing cause of data center outages and have doubled since 2016.
Coinciding with an increasingly remote workforce, cybercrime is the fastest growing cause of data center outages. According to IBM’s 2020 Cost of a Data Breach Study, the worldwide average cost of a data breach was $3.86M. In the United States, the average is $8.64M per breach.
While an unprepared organization may face weeks of downtime from a natural disaster, cyber-threats such as ransomware attacks can cause significant downtime as well. A ransomware attack is designed to gain access to and encrypt an organization’s data and files. The attacker makes it impossible to decrypt the data without a private key, which is usually stored on the attacker’s server, until the ransom is paid.
Reason 03: A previous disaster or threat caught your organization by surprise
IT professionals who have experienced a downtime event say their top recovery challenges include:
- Business-side expectations that didn’t match actual IT capabilities
- Insufficient testing of the disaster recovery plan
- Lack of staff
- Out-of-date or inadequate plans
- Lack of communication between IT and business
Testing a disaster recovery plan annually keeps it up to date and helps prove it will work when the business needs it.
Reason 04: You need to stay compliant
HIPAA, PCI DSS, and other regulations aren’t suspended when a disaster strikes. If your business is regulated or working with confidential customer information, you need to maintain compliance, even when things get messy. This includes records retention rules, which have been part of regulatory compliance since before computers were commonplace in business.
A disaster recovery plan can help your business stay compliant when things go wrong.
How to write a disaster recovery plan based on business continuity
Every business is unique, so to be effective, your disaster recovery plan needs to be closely aligned with the needs of your business. Analyze your business and understand how a disruption will affect it. This will help you prioritize the systems you need to get restored first.
Your plan for disaster recovery should prepare you to:
A 10-point disaster recovery plan checklist
To build a better disaster recovery plan:
Build your disaster recovery plan on business continuity
Understand your dependencies
Tier your applications to get the most important applications recovered first
Understand the impact of data change rates on replication bandwidth
Set requirements for recovery environments, including service level agreements (SLAs)
Choose your replication methods (e.g. hot site or cold site) based on recovery point objectives (RPOs) and recovery time objectives (RTOs)
Identify internal resources and application experts
Test your plan regularly
Derive short-term return on investment (ROI) from your DRaaS environment
Derive long-term ROI from your disaster recovery environment
1 - Prevent a disaster, whether man-made or natural, from affecting your IT systems
2. Keep your IT systems and applications running, or restore them quickly when downtime strikes
3. Preserve and protect your business’s mission-critical data
DRaaS Key Factors: Understanding RPO, RTO, and Application Tiering
Requirements for minimizing data loss and downtime will differ by industry and type of business. A bank will have different requirements than a wholesaler, for example. Recovery point objective (RPO) and recovery time objective (RTO) tie the disaster recovery plan to the real needs of each business. Think about how far back would be an acceptable point in time for your data to be restored, and how quickly you’d need to get back up and running.
With a DRaaS solution such as cloud-to-cloud recovery services, it can take as little as 15 minutes to get back to business. Because there’s no need to spin up new hardware and servers and restore from backups, DRaaS can compress traditional disaster recovery processes from days to minutes.
In a good disaster recovery plan, you will prioritize applications to ensure the most important ones return to service first. In application tiering, you make strategic decisions about which applications and data are the most urgent based on business importance and dependencies on other systems and applications. With tiering, applications are grouped by their RPOs and RTOs, allowing them to be prioritized for disaster recovery.
Disaster recovery as a service (DRaaS) automates replication and recovery
There are many reasons to embrace DRaaS, but the one overriding motivation is decreased downtime.
Disaster recovery as a service (DRaaS) is the replication of data and the hosting of physical or virtual servers by an expert third-party service provider. That provider can deliver quicker and more complete disaster recovery, protecting the organization by maintaining business continuity.
Compare DRaaS to traditional DR
DRaaS offers significantly faster recovery times than traditional shared-storage DR or expensive secondary data centers, which were once a standard solution for large corporations. This cloud-based solution is thus becoming the first choice of disaster recovery options for businesses. More and more organizations will be using DRaaS than traditional recovery services.
While traditional DR solutions can protect data and enable companies to recover after a disaster, traditional disaster recovery technologies don’t do it quickly – and can result in substantial data loss. In traditional DR, the communication between the primary production environment and secondary site typically happens on a set schedule, often after business hours, which results in a 24-hour recovery point.
With DRaaS, recovery time can be minutes. The primary and secondary environments can stay in near-constant contact, with bandwidth availability being the only major constraint. As a result, DRaaS can get applications back and up and running in minutes.
The difference between DRaaS and cloud backup services
Cloud backup services will protect your data, which makes backup-as-a-service (BaaS) ideal for data retention and compliance. But backup does not provide fast recovery...
An offsite backup plan, including cloud backup services such as backup-as-a-service (BaaS), preserves your data, but it doesn’t constitute a disaster recovery plan.
Securing data with offsite backups is good for many purposes, but it’s not good for recovery. If you have backed up your data offsite, you can retrieve it as of the last recovery point. But your backup has only captured data; you’ll need the applications, too.
You can’t use the backup data until you restore the applications, because you need the application to access the data to get moving again. Cloud backup services do not provide automation or orchestration for application recovery. In DRaaS, the data is saved, the applications are replicated and recovered, and recovery is orchestrated with automation to get your data back online quickly – in minutes, compared to the hours or days it can take with backups. It can be easy to move from cloud backup services to DRaaS.
Once you’ve identified your mission-critical applications and databases (such as ERP, CRM, and Active Directory), you’re ready to find a DRaaS partner. The benefits of DRaaS could be yours within weeks.
The difference between DRaaS and cloud backup services
The success of your DR plan depends upon choosing the right disaster recovery partner.
Your choice may depend on the following:
- Expertise needed in regulatory compliance, data protection and security services, and hybrid cloud deployments, as well as experiences with platforms and applications you use
- Time the DRaaS provider has been in business
- A provider that can meet your needs for RPO, RTO, service level agreements, and data center locations
- Ability to test DRaaS systems with minimal to no business operation disruption
- Other DR questions your organization may face in a disaster scenario