GlobalSign Blog

05 Jun 2018

What Is Disaster Recovery as a Service (DRaaS) and Is It Right for Me?

With emerging technologies in the mobile, social and IoT space, businesses are becoming more yielding and more responsive. However, in our insatiable desire to remain flexible and available, the risk of a disaster striking also increases.

The key question here is – how long can you, as a business, afford downtime and unavailability of services? Research and surveys illustrate that post-disaster, companies become defunct over time in various dimensions. Around 43 percent of the organizations succumb to the disaster and never resume operations. Another whopping 51 percent of businesses close down within two years after IT and infrastructure loss caused by the disaster. Only 6 percent of companies survive the catastrophic conditions and lead a successful long-term recovery life.

Isn’t Enterprise Disaster Recovery (DR) the Solution?

I am here to tell you that it is! However, recovery should ensure that all business critical data and the company’s IT setup are safe-guarded against outages and downtime, and the business can continue to operate without a hiccup. This concern of downtime and outages can be mitigated with a disaster recovery plan. The way a disaster recovery plan normally works is to use a fail proof solution with stringent Recovery Time Objective and Recovery Point Objective, sticking to the tolerance limits of loss of data and time before the business resumes.

How Do We Then Chart out an Effective DR Strategy?

Newer technologies have enabled most organizations to part ways with the traditional, tedious and very-expensive physical tape-based recovery practices. This method was not only cumbersome, but had limited ability to grow, required continual restoration testing and often resulted in potential media issues.

Some organizations prefer to have a second data center which is a replica of their IT environment. As it suggests, it is expensive to invest in mirrored equipment, which at times is underutilized with respective to the primary. Moreover, if there are discrepancies in configuration between the primary and the secondary centers (which in itself is a challenging maintenance task), a successful failover might be difficult to attain. Recovery testing of such a setup is complex and at times might disrupt the functioning of normal business services. If the failover is unsuccessful, it takes up quite an amount of resources to enable restoration of services.

With the advent of cloud services, organizations are embracing cloud-based recovery practices. This enables an enterprise to seamlessly recover their data, while maintaining the safety and integrity of the backed up data, and not having to be incessantly bothered about the testing, location or infrastructure of their recovery setup.

An important point to note regarding cloud DR is that it is no replication or a live spin-up of the organization’s production environment. It is essentially backup and storage of business data, application snapshots and system images using cloud computing infrastructure. In case of a disaster, these maintained copies of the facets of the enterprise are easily recovered onto virtual or physical servers. However, this does involve certain points of concern for the businesses incorporating cloud-based disaster recovery services. They need to ensure that while the data is being continuously transferred, the security of the data is monitored and protected during the movement. Also, all users handling the data must be authenticated appropriately.

With a subtle difference to the cloud-based DR process, comes in Disaster Recovery as a Service (or DRaaS). It eliminates the need of tapes, replicated equipment, a second data centre or cloud-based backups.

What Is DRaaS, and Is It the Best DR Option?

DRaaS involves arrangement of a warm or hot live disaster recovery site, which is a total replica of the company’s production environment. This can be done on a public cloud or on a VPC (Virtual Private Cloud) or in a hybrid environment – the choice for which rests with the organization.

The DR site is usually managed via an internet web portal, and allows the set-up and live run of the business production environment straightaway. A CSP (Cloud Solution Provider) technology, incorporated with virtual machine servers that are configured to immediately kick on when the main business servers go down, is the model which ensures the service continuity. In the event of a disaster or an outage of the services in the organization’s primary site, business-critical services continue to run by use of the provider’s cloud. And all of this, comes without any expensive hardware equipment or torturous installations.

However, along with availability, when it comes to deciding which route to take – Do It Yourself (DIY) or DRaaS, there are a lot of parameters which need to be evaluated, before making the call.

-          With known, recurring and unanticipated costs associated with setting up your own recovery infrastructure, the expenses only keep rising up and lesser savings are derived. On the contrary, with DRaaS, costs are upfront and inclusive, and do not require hardware investment. Pay-as-you-go, in the cloud-based storage, is how this works. Increase of business uptime with less investment, is a win-win deal.

-          In addition to the lower total costs of ownership, DRaaS provides two more key benefits when compared to the DIY take – and that is, flexibility and ability to scale with your business. Cloud-sourced options can change as needs change, assuring businesses have all the resources needed instantaneously, should the company decide to scale up at a given point of time.

-          With recovery now the responsibility of the service provider, all documentation tasks associated with the DIY approach can now go out of the window. The provider ensures that the procedures are not only documented, but are also comprehensive, are communicated to all relevant stakeholders, can be easily understood and are easily executable when the disaster occurs.

-          Keeping track of production environment changes and ensuring that the replicated environment is up to date is also one of the key competencies and requirements via the vendor. This can otherwise be a daunting task for the organization’s IT team to maintain the required history and replicated accuracy.

-          To ensure that the business is DR-ready and the recovery is aligned to meet the business requirements, elaborate and consistent testing is a primary requirement. This is a significant time-and-effort consuming task. With DRaaS, this duty is now on the shoulders of the vendor, and they conduct the scenario testing for recovery, with all the needed rigor. Some vendors provide arrangements for performing penetration testing as well.

-          Almost all of the vendors in the DRaaS game are compliant with various regulations and security frameworks. One of the prime focus areas and requirements of these compliance standards is data security. Thus it goes without saying, that the security of the business data is of utmost criticality for the service provider. This gives the business, the reasonable comfort that they are not only just doing the recovery thing, but they are also doing it right.

How Do I Know It Is for Me?

DRaaS is customizable to meet the requirements of businesses of all sizes. If all of the above benefits are appealing, but you do not have the required funds or resources, you can opt for either of the three models:

  1. Self-Service DRaaS – here the vendor will provide you with all the required tools to assemble, monitor and perform the replications of your production environment, in preparedness of a disaster. The IT team of your organization will come into play for execution of the recovery procedures, when the outage occurs.
  2. Assisted DRaaS – While this is a very rarely provided option, here the vendor will not only supply you with the needed resources, but will also act as a trusted assistant to help you implement, test and manage your recovery plan. In the event of a disaster, the vendor will help fill in all the resource gaps, to ensure that your business meets its defined recovery objectives.
  3. Managed DRaaS – With all the responsibility lying with the vendor, this is most practiced form of vendor-based recovery options. The service provider manages all aspects of the recovery, with fulfilment of your recovery strategy as their top priority.

Precautions, Disclaimers and Final Thoughts

DRaaS provides the needed resilience to an organization by providing continuous mirroring of critical infrastructure and data to a high-availability cloud service, so that recovery of the business is possible within very few minutes of an outage. Some vendors also provide constant recovery management analytics to assess and validate the DR readiness of businesses. However, there exists a single catch here – like with any outsourced engagement, there is a level of confidence and assurance that is needed from the vendor.

The vendor’s hosting should not only be secure, but should also be able to size up to the required RTOs (Recovery Time Objectives) and RPOs (Recovery Point Objective) that we spoke about at the beginning of this article. This is an undertaking which requires utmost attention, and hence the business is required to perform the necessary due diligence. This can be done via thorough comparative assessment of vendors to ascertain that they are practicing what they are preaching.

Ultimately, with a dependable, fast, cost-effective and coherent recovery option that is DRaaS, I truly believe it is the best option for businesses.

About the Author

Anushree is a Technology Consultant with PwC Australia, and also an active blogger on information security issues at Page Potato. Anushree has over 6 years of experience in information security management and risk-based advisory services, having previously worked with organizations like Deloitte and Adobe. She is a CISA certified professional, with a management degree in Software and Systems from Symbiosis International University. Beyond work, Anushree can be seen practicing yoga and dance, and dreams of being an established choreographer.

Professional Association: As one of the Big Four Auditors, PWC is one of the largest multi-national professional services firm. PWC helps organizations and individuals create the value they are looking for, with their competent services in audit, assurance, consulting, tax and legal services.

Blogger Association: With growing significance of content to achieve enterprise-wide success, PagePotato serves as being the content marketers to lead, execute and support their clients’ digital marketing strategy goals. Its services also extend to content preparation and promotion, web design and web security services.

Note: This blog article was written by a guest contributor for the purpose of offering a wider variety of content for our readers. The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of GlobalSign.

Share this Post

Write for Us

Apply Now