Find out how to enable the recovery of business-critical servers and data following a disaster.
The term DRaaS is almost exclusively associated with virtual servers delivered under a cloud services model. For those organisations that have not fully transitioned to the cloud or virtualised their environments, DRaaS will form only a subset of an overarching IT disaster recovery (DR) and business continuity plan (BCP).
Unless you select the right supplier and conduct the correct due diligence, you’ll end up paying a premium for something that doesn’t deliver what you expect or, more importantly, what you need to meet your business recovery time and objectives.
Whilst not exhaustive, the following checklist should represent the foundation of your decision-making process when it comes to the DRaaS solution that you choose.
1. How much data do I have?
Understanding how much data you have is important, but do you know how much of it is the same, outdated and not part of an immediate recovery strategy? Can the solution help you to tier data and its recovery so that you don’t store all of your data in the same place and at the same cost?
2. What’s really important?
Ask yourself, “Which applications are the ones that are needed to ensure that you can communicate and transact with your external customers and continue to interact with internal stakeholders?” “How do you ensure that all the right people can connect to the right applications at the right time and see minimal negative performance issues?”
3. What can wait?
Starting at the bottom, which data and applications are the least important for your business to continue to operate as normal?
4. Where is it in my infrastructure?
Consider all the platforms and systems. Do you have data in cloud-based applications such as Microsoft 365, Google Apps, Salesforce etc.?
5. Is critical data hosted on mobile devices?
Every hour that your systems are down, revenue is lost and, in some cases, your reputation and customers are lost for good. How long can your business survive and maintain its reputation in a disaster without access to critical applications?
6. How do I access and secure my data?
Recovery of services in the cloud offers significant flexibility to access recovered applications, but how are your internal/external users going to connect? Do they have sufficient bandwidth coming in and do you have sufficient bandwidth going out? And what about your website(s)? If these are currently part of your internal IT service portfolio, do you need to load balance web traffic for web services?
7. How quickly do I need to recover?
Once you have identified what is really important, you then need to understand how quickly the business expects/needs these important services back online? This information will require IT to work together with the wider business. Maybe this has already been achieved through a business impact analysis (BIA) exercise, or do you expect the service provider to offer a BIA prior to implementation?
8. Can I recover at all?
Is the data that is being transmitted off-site consistent and recoverable, and what checks are in place to ensure that it’s recoverable? Is it possible to test your solution bi-annually or annually without this having any impact on the DRaaS solution that protects your operations?
9. Who will be around to recover me?
Where does the responsibility for recovery lie – with you or the service provider? In either case, do either of you have all the skills necessary to recover not just the data, but the applications too? Are you or the service provider accredited, or do you have proven expertise in all the areas you require?
10. When is data loss unacceptable?
Any regulated business knows that being able to recover non-critical data can be as costly as not being able to recover operational data. Compliance should be part of your decision-making process and your ability to meet compliance and audit it with the service provider on an ongoing basis.