The natural progression from Backup as a Service to Disaster Recovery as a Service

Developing a Disaster Recovery (DR) plan to meet your business requirements is not as difficult as one thinks.

May 19, 2016
Distaster Recovery

By Iniel Dreyer, Managing Director of Gabsten Technologies

While some companies acknowledge that they need Disaster Recovery as a Service (DRaaS), many still think that Backup as a Service (BaaS) is sufficient to meet their data management needs.  Those that are convinced that they need DRaaS may also be unsure of how to develop a Disaster Recovery (DR) plan to meet their business requirements. It is not as difficult as one thinks.

BaaS is an online or managed service that provides users with a system for the backup, storage, and recovery of computer files from the cloud. It makes a copy of the company’s data and stores it at a different site so that the company can quickly retrieve it if there is an accidental deletion of data or corruption of the system.

DRaaS, on the other hand, is the replication and hosting of physical or virtual servers by a third-party in the event of a man-made or natural disaster. Therefore, DRaaS allows a company to continue conducting business using a different system following a disaster.

How to classify a disaster

Businesses need to define and document what they classify as a disaster. The obvious definition covers natural disasters such as floods and tornadoes, and man-made disasters like terrorist attacks.  In South Africa, the most prevalent cause of natural disasters is in all likelihood lightning.

A company may also define disaster as a state when its level of operations reaches below certain measurements. For example, a company may declare a disaster if it’s generating 80% less revenue for an average business day because its systems are down or infected by viruses.

The benefits of DRaaS

Disaster recovery is like insurance – a business investment that you hope you never have to use, but nonetheless, still require…just in case.  Some of its benefits, in the absence of a disaster are:

  • Business credibility – In our fast-paced digital age, having a strong, tested disaster recovery plan is rapidly emerging as an important criterion when companies choose a service provider. Customers need the assurance that in the event of a disaster, their data will be safe and can be recovered in minimal time to allow the business to continue its operations.
  • Consumers demand it – Consumers expect to be able to buy what they want when they want it, regardless of what may be happening in another part of the world where the company hosts its infrastructure.
  • Meeting governance requirements – Many organisations have regulatory obligations to demonstrate and a fundamental one is that they can fail over to another site if a disaster happens. These institutions include government departments, parastatal bodies and financial institutions to name a few.   Shareholders also place an obligation on companies to show that can recover their business systems and data and demonstrate business continuity.
  • Peace of mind at affordable rates – For smaller companies, DRaaS is affordable because there is no need for a capital investment.   DRaaS service providers allow businesses to make use of their cloud environment which saves them on investing in in-house Infrastructure such as hardware and software.  Many data storage companies also offer pay-as-you-use options to further help companies to keep their operating costs low whilst providing the ability to scale up or down easily.

Developing a DR roadmap

Companies should bear in mind that investing in DRaaS does not have to be expensive, nor does it need to happen overnight. Companies should also approach DRaaS as a holistic business continuity process so that they do not waste money and time in duplicating efforts.

The DR roadmap should outline the steps a company plans to take in case of a disaster.

Step 1: Get your backups right first. It’s crucial.

Make sure that you are already doing regular backups of your data. There is a 3-2-1 rule of thumb which recommends that a company keeps at least three copies of their data. Two of these copies should be on different types of media and the third copy must be at a different location from the other two. Regardless of your DR plan backup is always your failsafe for recovery.

Step 2: Classify your data

Classify your data and IT infrastructure to determine the impact a disaster would have on your business if you do not have access to your systems. It is therefore important to ensure that you have a catalogue of all your systems and applications. You need to understand the following three components from your business units:

  • Recovery Time Objectives (RTO) – how long can system outage be tolerated before it severely impacts business. This will determine how quickly a system must be up and running again in the event of a disaster.
  • Recovery Point Objectives (RPO) – how much data loss is acceptable? This will ultimately decide how much of a backup or replication must occur on a specific system.
  • Look at the financial impact system downtime will have on your business. This will ultimately determine how much money you can spend on a disaster recovery solution when weighing up the cost of downtime.

Once you have this information, the systems and applications to physical infrastructure can be mapped with the IT team, ensuring dependent systems are grouped together.

Step 3: The next step is to implement

Now that you have classified your data, you can work on your DR deployment plan. The systems that will impact business continuity the most should be recovered first and then the rest can be tackled systematically down to the least important systems and data. Always remember to also have a recovery plan from the dependent infrastructure services that are not necessarily used directly by business. For example – you need to be authenticated on the network in order to access certain applications. Without that authentication nothing will work. This is where the role of IT is crucial.

The RPO’s gathered during the classification will guide you regarding the frequency of backup and replication.  The RTO’s will enable you to establish whether applications must be readily available or if they can be recovered over a period of time.

Categorising your systems and applications allow you to implement DR plans in a staggered approach and enables you to ‘grow into it’.

Step 4: Regularly test your plan.

It is unwise to develop a good plan on paper that meets regulatory requirements but that is never tested. A real-life disaster is not a good time to implement untested theories, as they may fail to deliver under pressure, damaging the business.

BaaS combined with DRaaS is the perfect platform as you develop an end-to-end data management platform and processes for your organisation.