Disaster recovery is a vital component of the business continuity strategy. For a long time, DR was associated with high costs, but digitalization has opened up new opportunities in this area as well. Disaster-Recovery-as-a-Service provides innovative answers to how to effectively minimize revenue losses.
How the crash can happen
A crash of the IT infrastructure can endanger the entire company. IT managers and management should therefore deal with data protection and disaster recovery sooner rather than later. It can happen to any company. And only those who are prepared for the worst-case scenario can minimize the resulting damage.
When you think of “disaster”, the first thing you think of is an earthquake or storm surge. Or tornadoes, which according to the German Weather Service are expected to become more severe in the future as a result of climate change. But even inattentive or frustrated employees can cause a lot of damage. A short circuit in the server room due to penetrating moisture, a fire in the data center, a power failure or a failure of the cooling system can have serious consequences under adverse conditions.
Attacks via the Internet are on the rise: Viruses can spread across the network via the inbox. Phishing attacks give hackers access. Ransomware encrypts business-critical data, which can only be decrypted after paying a ransom. These dangers are also the reason why failover applications designed to ensure high availability are not enough. The automated backup and recovery process restores the latest version, but including viruses and ransomware that have been infecting the system weeks before.
The longer the outage lasts, the higher the loss of revenue and the costs add up. If the website is not available, potential customers switch to the competition. If data is lost, the company is sometimes set back months. The potential loss of reputation when customer data is compromised is enormous, possibly permanent. Non-compliance with contracts results in compensation payments.
Disaster recovery in action
What is the best way to protect yourself against the consequences of a crash? First of all, you determine the as-is state. Once you know what devices, applications, virtual machines, databases and cloud services are in use, risk assessment and prioritization follow. On this basis, the frequency of backups and the order of recovery are determined. In case of an emergency, the disaster recovery plan is prepared and tested.
Determine the current state
When determining the as-is state, the enterprise IT with all its dependencies is recorded. If you do not know where which data is located, you cannot back it up. Even shadow IT of the business departments can hardly be secured by administrators. Determining the as-is state offers the opportunity to address other problems and consolidate the IT infrastructure.
Planning Backup and Recovery
Before the backup is performed, the question arises as to which system is to be backed up and at what intervals. The KPI Recovery Point Objective (RPO) determines the time interval between backups. It indicates what data loss is acceptable in the event of a crash and recovery. The costs of the loss are compared with the costs of the data backup. The RPO value tells you how much time may pass between two backups and the maximum amount of data that would be lost during recovery.
How much a system failure costs can be determined with the help of the KPI Recovery Time Objective (RTO). RTO shows the costs that a system failure causes in a given time. You can use this Key Performance Indicator to determine the sequence of recovery. The more costs the failure would cause, the higher the priority for recovery. The volumes for the backup can also be determined accordingly. With some of them, data can be recovered faster than with others.
The shorter the backup cycle and the recovery time, the more complex the disaster recovery solution is and the more costs are incurred. The cloud is an exception. Although it can reduce the RTO down to the time it takes to click “Restore”, it costs less than on-premises solutions.
Test Disaster Recovery Plan
The Disaster Recovery Plan is designed to enable the fastest possible recovery after an emergency. It is important that the Disaster Recovery Plan also works. For this purpose it must be tested:
- Do the processes work?
- Are the specialist departments involved?
- Even if some of those involved are ill?
- Do you need certification from manufacturers, e.g. SAP?
- To what extent is the DSGVO taken into account?
- Is the HYPERVISOR TECHNOLOGY used supported by the DR solution?
- Can everything that was backed up be restored?
- Are there ways to accelerate the process?
Disaster Recovery as a Service
DRaaS vs. DR on-premises
On-premises is also so expensive because a large part of the IT infrastructure has to be duplicated. Or even triple if you want to test whether disaster recovery really works without endangering the production system. These overcapacities can be avoided with scalable cloud solutions.
Often several backup systems distributed across the company are used. This causes higher maintenance costs and leads to uncertainty whether all business-critical data and applications are really covered.
Compared to the strategy of implementing DR on-premises, disaster recovery in the cloud offers many advantages:
- The holistic approach means that all relevant data and applications are included.
- The investment is very low and operating costs are spread over the lifetime of the system.
- The recovery of backed-up data and applications can be done at the push of a button in self-service tools.
- The productive instance is securely separated from the DR infrastructure.
- Only the cloud resources actually used are billed.
- Testing is cost-effective, as resources can be quickly scaled up and released as soon as they are no longer needed.
- Frequent testing increases the probability of a successful and complete recovery process.
- For a start, DRaaS can also be used as an additional location for business-critical data and applications, AS A FIRST STEP INTO THE CLOUD.
There are various offerings for disaster recovery in the cloud:
- With DR Self Service you are completely independent of the provider. But you also have to take over all tasks yourself, i.e. employ appropriate personnel.
- With Assisted DR, the service provider provides operational support. There is a division of tasks, which is set out in the SLA.
- Managed DR relieves the company of the most work. The service provider takes care of the entire operation. Disaster recovery is outsourced.
DRaaS strategies in the cloud
In summary, it is necessary to distinguish between three basic DR strategies in the cloud.
- The full-managed approach with a trusted partner
- The assist approach with a flexible and easily accessible partner in the event of an incident
- The self-service approach with any cloud provider
Irrespective of the choice of the appropriate approach, it is urgently recommended that the provider’s infrastructure be thoroughly examined and, if possible, the disaster recovery case be discussed with the selected provider.
Possible questions could focus on the way data is stored, for example to ensure that in the event of a failure the required data is 100% available and usable. Just as important are regular test runs to ensure that the prepared DR workload starts and that the required IT services are available without delay.