Even the smallest companies need a way to recover from a disaster that takes down business resources. Without recovery methods in place, businesses can be out of service for hours or days, which can have expensive repercussions. A survey by Veeam found that the average outage costs nearly $1,500 per minute.
Most businesses have gotten the message loud and clear, implementing a disaster recovery plan and/or backup technology. Traditionally, the business itself will manages that plan and technology. However, the effort, cost, complexity, and skillsets required can be overwhelming.
These issues, combined with the growing acceptance of cloud services, have led more and more companies to turn to cloud-based disaster recovery services. Disaster recovery as a service (DRaaS) vendors will provide infrastructure, services, and management in the cloud. In the event of a disaster, the provider will restore a customer's affected business resources.
As of 2021, 60% of companies were using DRaaS in some form, and 23% planned to start doing so within the next year, according to Christophe Bertrand, a practice director at Enterprise Strategy Group.
“DRaaS has really evolved over time, and businesses find it attractive,” Bertrand said. “It removes much of the complexity of disaster recovery and places it in the hands of the service provider."
In addition to offloading non-core responsibilities to a provider, cloud-based disaster recovery services can help alleviate issues related to IT skills shortages. It can also provide an extra layer of protection against ransomware. For example, some DRaaS providers may offer ransomware detection services.
How Does DRaaS Work?
Typically, DRaaS creates a connection from the customer’s environment to the service provider’s environment. With this connection, the service provider can replicate data and applications as they change to their own site. If a disaster occurs, the customer can simply push a button to bring up their production environment in the service provider’s cloud.
While every DRaaS process is slightly different, there are some constants. That means looking for the following:
As much automation as possible. This is typically done with runbooks, which ensure that systems will be recovered in the right order to address interdependencies among applications.
Any point-in-time failover.
Automated failback to the local site with near-zero downtime.
Support for whatever topology the customer’s environment uses. For example, if the customer uses a specific firewall to manage their infrastructure, the service provider should have access to that type of firewall in the cloud environment. That’s important, said Dante Orsini, chief strategy officer at 11:11 Systems, which recently acquired DRaaS vendor Iland. “If something goes wrong, you want as little as possible to change from the way the team operates on a day-to-day basis.”
The ability to meet the customer’s recovery point and recovery time objectives and service-level agreements (SLAs). “If your company requirements change over time, you need to be sure the DRaaS provider can meet those requirements,” said Alexander Ivanyuk, a senior director at Acronis. For example, can you add capacity as needed? If you are considering new environments, will they be supported?
Choosing the Right Cloud-based Disaster Recovery Service
If it’s time to consider DRaaS as a viable disaster recovery option, there is more to weigh than simply cost. For example, if your environment relies heavily on physical workloads in addition to virtual workloads, it’s important to determine if a provider can handle that. In other cases, the company may rely on platforms that simply aren’t covered by some DRaaS offerings.
The choice can also hinge on whether the provider can handle the organization’s specific compliance and policy requirements. “Your company may have some data governance policies in place that require disaster recovery processes to remain either under their own control or a provider that doesn’t use a multitenant infrastructure,” Orsini explained.
In addition, organizations must determine the suitable level of service. DRaaS offerings can range from purely “DIY” to “white glove” options. With the DIY model, the service provider makes the infrastructure available, but the customer does everything else. On the other end of the spectrum, a white glove implementation gives virtually all responsibilities to the vendor, from planning to testing and implementation. The white glove approach relieves the IT organization of the implementation issues, but it also has the highest purchase cost.
Most companies opt for an offering that sits somewhere in between DIY and white glove, depending on the organization’s budget and appetite for control.
DRaaS Implementation Tips
No matter which DRaaS method or provider you ultimately decide on, best practices apply when deploying the service.
First and foremost, adopt DRaaS with your eyes wide open. "Just because it’s a service doesn’t mean you should make assumptions about anything,” Bertrand said. “Always trust but verify.”
Be honest about your own internal capabilities, Orsini added. That means conducting a full assessment to understand how mature your disaster recovery plan is and how committed you are to it. You can’t help a provider understand if you don’t understand.
It’s also worth thinking about costs, which can vary drastically depending on your recovery point and time objectives and your SLAs. If you want to save money and can withstand the risk, it may be worth including only critical resources in your DRaaS plan, Ivanyuk noted. In some cases, companies might choose to spend more on certain types of data, based on certain levels. It all depends on what is most valuable to your business.
DRaaS Testing Required
All these decisions are important to a well-functioning DRaaS implementation. However, at the end of the day, the DRaaS customer is responsible for the implementation's effectiveness. After all, it’s your data and your business. That means organizations must take the time to test the cloud-based disaster recovery service in every way possible. It’s the only way to pinpoint performance issues and determine whether current SLAs are appropriate.
It’s also the only way to know whether the entire system will work as planned when a real disaster occurs. “When you test properly, you’ll know that you can hit a button and actually bring up your environment, which is the whole point,” Orsini said.
As providers’ offerings have matured, more and more organizations are clearly moving toward DRaaS. Yet the DRaaS market hasn't finished evolving. More vendors will likely integrate additional security features into their services, for example.
“We can expect more vendors to keep adding depth and breadth to their DRaaS support,” Bertrand said.
About the authorKaren D. Schwartz is a technology and business writer with more than 20 years of experience. She has written on a broad range of technology topics for publications including CIO, InformationWeek, GCN, FCW, FedTech, BizTech, eWeek and Government Executive.