Disaster Recovery as a Service - Why?
Business leaders across the globe may think disaster recovery (DR) is too expensive, too complex, or that a disaster is unlikely to impact them. Yet human error, cybercrime, or a natural disaster can cause their company’s digital infrastructure to come crashing down in a split second. Then what?
The Reality of DR
Every year, IT teams are challenged to do more with less. The number of projects, advances and business requirements for IT grows, and it is a struggle to fit it all into the budget. One line item that is often cut is disaster recovery. People tend to think “Disasters happen to someone else. We’ll get around to it next budget cycle.” The reality is that DR is not a luxury, it’s a necessity. IT has become a fundamental piece of every business and it is critical to be always available for your internal and external users.
When people think about disasters, they initially think of major natural disasters, such as hurricanes or flooding. But, most disasters come from less extreme but potentially more damaging factors such as:
Hardware faults Every piece of hardware is rated for five nines of availability, but what happens if something fails? How does that impact what is running on it? What if there is data corruption because of it, or hardware replacement is more than four hours away?
Software faults Let’s be honest, no software package is perfect. Between integration into multiple systems, patches, vulnerabilities and common errors, what happens if your primary application has an issue that potentially loses data or fails to start?
Malicious software You can’t read the news without hearing the latest security vulnerability or worse, a ransomware or cryptolocker scare. If your organization’s data is held hostage, how will you recover?
Malicious users You hope that no one would ever intentionally do something to compromise customer or employee data, but it happens. With no recovery options in place this can be a burden on IT to resolve quickly, while also dealing with the human aspect of the disaster.
Accidents Sometimes, someone just makes a mistake. It happens to everyone. Some mistakes are minor and can be solved easily, while others are more pressing and require immediate IT intervention.
Every organization has backups, and many feel that is all they need to protect their environment. When looking at budget items, DR becomes an insurance item for something that hasn’t happened so far and companies decided to pass and roll the dice. Backups are necessary for multiple reasons – long-term retention, file recovery and even system recovery. But backups are not disaster recovery. For a complete, fully resilient business continuity solution, organizations must employ both backups and DR.
Recovery Point Objective (RPO) is how far back in time you will go when recovering data in an event. Backups are traditionally run once a day at off hours, and thus can lead to unacceptable RPO timeframes. Imagine that a nightly backup is all that you have and something happens an hour or two before the next backup can occur. This potentially puts your organization back 20+ hours. How much data was lost? How many orders? How many projects? What is the impact of having to find and recreate 20+ hours of data?
Recovery Time Objective (RTO) is how long it takes you to recover that information. Large data sets or even full systems can take hours to recover. When combined with an old dataset, your business could be down for over 24 hours from the recovery process time and the last known good state of your data. These numbers might be fine for certain tiers of workloads but every application and process needs to be evaluated. If it is mission-critical to your organization, and you can’t afford for it to be down for 24 hours, it needs to be protected with disaster recovery techniques that meet the appropriate RPO and RTO.
While backups are necessary for organizations, there are other limitations to think about when relying only on them for data resiliency. Local backups can be impacted by either hardware faults or malicious software. Backup to disk is a great technique because of how rapidly you can recover data versus other, slower longer-term solutions. But, if there is a cryptolocker attack on that data or a hardware fault on the storage, you will effectively lose that and need to rely on your other copies of data that might be on slower devices or off-site. Another challenge is that backups need something to recover to. While natural disasters don’t cause the most IT disaster incidents, they still do occur. Data center flooding, power outages or complete hardware failures mean there is nothing physically available to restore to. So, now you have your data, but nowhere to put it. Business continuity and data resiliency rely on having overlapping coverages of protection based on the criticality of the application and system. Multiple backups leveraging the 3-2-1 rule of 3 copies of data, 2 different media types and 1 off-site is not only a good starting point, it’s a must. But, add to that faster RPO/RTO options for disaster recovery based on the tier of system and you can start to build multiple protection schemes to limit the impact that a disaster can have on you.
3 copies of data
2 different media types
1 off site
Cloud Makes DR Affordable
Historically, one of the biggest hindrances to creating a DR solution was the enormous capital expenditure cost. This was usually seen in the budget and immediately cut out for being too expensive. Finding a secondary site or co-location, buying double the IT infrastructure gear, power, software and maintenance doubled an IT project’s cost and DR became the first thing that was cut. The cost in man hours to configure, test and maintain a full second site just for disasters made the cost astronomical. As virtualization modernized the data center, it had huge benefits in disaster recovery. Now, you can protect your environment practically anywhere.
Cloud brings affordability, scalability and agility to disaster recovery. Cloud cost models are different than traditional CAPEX for IT. Instead of buying duplicate hardware, with maintenance and all of the associated secondary site costs, you simply pay for the storage you need, and in the case of a disaster, pay only for the resources you consume. This keeps cost a fraction of what building a secondary site would be, and allows you to always know what your bill will be.
Another significant benefit to cloud Disaster Recovery as a Service (DRaaS) is in the ability to tier your workloads for the proper RPO/ RTO and manage costs based on that. If you are building a secondary site, you still need to purchase everything up front whether it’s your tier 0 mission-critical app, or those development servers that get used once a month. With a cloud consumption model, you can decide what gets protected, how often and how or if it’s brought online in the case of a disaster.
You Cannot Afford to Cut DR From the Budget
When you look at all of the things that an IT team needs to function, from software and hardware to infrastructure and people, it becomes very easy to redline the money you want to put into a new disaster recovery solution and think “maybe next year.” You cannot afford to cut DR. The cost of a disaster both from a monetary and perception standpoint can be incalculable. It’s not a matter of IF, it’s a matter of when. In IT, any number of things can happen from malicious software to a simple mistake, and companies that have a tried and tested DR plan in place can weather these issues without incident.
Journey to the Cloud
Many organizations use DR as a stepping stone to more permanent cloud offerings such as Infrastructure as a Service (IaaS). When evaluating your cloud DR strategy, during testing or failover, you can see how your systems will perform and behave in a cloud-based environment. Most of the time they will perform as well as, or better than, they do on-site and can help ease into the transition to cloud for not just DR but more IT projects.
Discover the Streamline Difference
BaaS - Backup as a Service
DRaaS - Disaster Recover as a Service
IaaS - Intrastructure as a Serivce
Office 365 Secure Cloud Backup