Disaster Recovery As A Service (DRaaS): Does Your Business Need It?
Before a business determines whether disaster recovery as a service (DRaaS) is a good option, it must consider the choice to manage disaster recovery in-house or hire a DRaaS provider. That decision gets made during business continuity planning (BCP) and disaster recovery planning only after an organization explores disaster recovery readiness. Here are several factors to consider:
- Is your IT department lean or lacking in expertise to manage your company’s disaster recovery? Does your IT department include a solo professional or contractor?
- Are your business applications unique or custom which may make it challenging for a third-party to understand?
- Do you have an alternative location for data storage and redundancy? Have you tested the fail over to the virtual servers to ensure accurate data capture?
- What is your budget to hire DRaaS providers in the event of catastrophe?
By answering these questions, along with a few others, your company can ascertain whether to hire consultants to manage DRaaS and which model delivers the best solution.
Understanding Disaster Recovery as a Service (DRaaS)
Everyone is familiar with SaaS — software as a service. SaaS revolutionized software by taking it to the cloud so that upgrades, backups and recovery would be managed by external service providers who focus only on software functionality. Along similar lines, disaster recovery has evolved to include service providers. These providers offer different subscription models to accommodate a variety of business needs — from organizations that don’t have expertise and those that can manage every aspect of disaster recovery to those companies somewhere in between. When third-party disaster recovery providers are hired, an organization can expect to pay month-to-month for various levels of data protection and recovery in the event of catastrophe.
To reach the point when a business elects to hire DRaaS specialists, the organization needs to consider several factors in its overall business continuity planning (BCP) and disaster recovery planning. Recovery time objectives (RTO) and recovery point objectives (RPO) are critical parameters that help a company anticipate acceptable lengths of time for data loss and recovery time to secure systems. Throughout this process, often a balancing act, the BCP planning team considers the point of no return in disaster recovery. This RPO and RTO calculation helps an organization determine whether it can manage its own disaster recovery or whether it should hire a DRaaS service provider.
When and How to Use DRaaS
An organization large enough with expert IT knowledge as well as those equipped to manage disaster recovery may elect to purchase redundancies at a third-party vendor’s facility. These virtual servers running in fail-safe mode deliver as-needed DRaaS. This completely replicated infrastructure includes functions to compute, store and network so that an organization in the throes of disaster will suffer little-to-no downtime. As a business experiences disaster recovery, applications and software may run from the DRaaS provider’s cloud or hybrid environment instead of on-premise where a business’s physical servers may be adversely affected.
DRaaS efficiently provides near-instantaneous recovery for compromised servers or data. For internal or external customers, there may be some delay when apps are running off-prem vs. on local servers, but having protected data with no downtime outweighs that inconvenience.
DRaaS Subscription Models
Just like SaaS, DRaaS works as a subscription model. Organizations purchase the model that best fits their budget and BCP strategy. The choice can be all or nothing or somewhere in between for a traditional subscription or a pay-per-use model; each option varies in scope and cost.
The three main subscription models are:
Managed DRaaS: This is the top-of-the line as far as subscription models go. For organizations with lean IT teams and little time to manage a disaster, it is a solid option to consider. An organization hires a DRaaS company and all responsibility for disaster recovery lies exclusively with that third-party service provider. While the third party manages everything relating to disaster recovery, that doesn’t mean an organization can hire and forget. The DRaaS provider must be kept in the loop for any and all changes to infrastructure, application and services.
Assisted DRaaS: In this model, the organization assumes some or all control of the disaster recovery plan. Perhaps the organization has unique, challenging or custom applications that a third party may not grasp or the organization has some talent on staff to direct disaster recovery. Regardless, this subscription model assumes that DRaaS is provided by a third-party only as much as the organization dictates.
Self-service DRaaS: For organizations equipped with the expertise and depth of knowledge in its IT department, self-service DRaaS may be the best route. On top of day-to-day responsibilities, the IT department will need to identify a remote location to host backups on virtual servers and also plan, test and retest management of disaster recovery methods. During such tests, data are processed to fail over to virtual servers in an instant and then migrated back to on-premise servers once disaster recovery occurs.
Prior to signing on the dotted line, an organization needs to carefully review the fine print of a service level agreement. If the DRaaS provider is stuck in the same natural disaster as an organization, where on the pecking order is the organization when it comes to restoring and recovering data for existing customers? In addition, understanding the redundancies that a DRaaS provider has in place for its servers and security are critical in the event of a disaster.
Planning whether to hire DRaaS providers begins with business continuity planning and disaster recovery planning. It’s not a simple, “let’s do it,” without careful consideration of a variety of business continuity management solutions and factors that should be addressed by a designated leadership team.