A power failure at a Verizon data center knocked out JetBlue’s digital infrastructure for several hours. For an airline business there is nothing worse than cascading flight delays and thousands of angry flyers. Several IT experts were flummoxed, everyone was wondering “what was their disaster recovery plan and why didn’t it work?” JetBlue was using Verizon to manage its data center and network infrastructure. Everyone was left trying to figure out if Verizon failed to implement the disaster recovery plan or if the particular data center was outside the scope of its Service Level Agreement (SLA), or if the SLAs have high limits for fault tolerance.
And this is not an isolated instance, a 2013 study by the Ponemon Institute found that the average cost of data center downtime per incident is $627,418. Its obvious that companies are paying dearly for not having a well-functioning disaster recovery system.
The situation is set to worsen…
Global supply chains imply that disaster disruptions can have business ramifications in places far from their place of occurrence. The Intergovernmental Panel on Climate Change (IPCC) has predicted an increase in the frequency and magnitude of disasters in our near future. Every year disasters spring new surprises on us and catch us unprepared.
Businesses today have some or complete Digital dependence.
Your digital business can face disruption from any number of sources:
- Natural: Fire and Floods
- Manmade: Fire, Viruses, Hackers, Intentional Sabotage
The 3 R’s of Digital Business Success
Ensuring the 3Rs would require proper Disaster Recovery Planning.
Cos’ you don’t want to in news for the wrong reasons (a la Samsung)
In 2014, Samsung’s South Korean Data Center went up in flames. The data center outage led to loss of mobile services and user data. The incident came as a huge shock to the IT world. It exposed weaknesses in Samsung’s Disaster recovery plans and left experts wondering why such an easily-remedied risk was overlooked.
Disaster Resilience may ‘UP’ your Business competitiveness!
According to a Disaster Recovery Preparedness Benchmark Survey, the current state of preparedness of small and large enterprises in the event of disaster/outage is very low. 3 out of 4 organisations are at the risk of failing to recover from a disaster quickly.
So having a disaster recovery plan will give you the early mover advantage and position you well to prospective clients.
So, Disaster Prep is a Must.
Before we get to discussing alternative approaches to disaster recovery, let us go over the essentials of a good recovery plan first.
Essentials of a Good DR Plan
Before we talk about which method wins, we will first list the essentials of a good disaster recovery plan. A good plan will cover
1. Preventive measures
Prevent disasters by early identification and reduction of risks.
Includes activities like keeping data backed up and offsite, using surge protectors, installing generators and conducting routine inspections.
2. Detective measures
Discover threats as early as possible and ensure minimal damage to IT infrastructure through prompt actions.
Measures like installing fire alarms, using up-to-date antivirus software, holding employee training sessions, and installing server and network monitoring software are used to detect threats.
3. Corrective measures
Restore as quickly and as much as possible
Keeping critical documents in the Disaster Recovery Plan or securing proper insurance policies will qualify as corrective measures
What Options/Alternatives Do You Have?
There are two main approaches
2. Disaster Recovery as a Service (DRaaS)
Let’s compare the two to find out which one would better satisfy the 3Rs for a modern digital business.
Traditional approach to Disaster Recovery
It involves protecting data through tape backup or imaging.
- Poor performance on RTO and RPO compared to newer services like DRaaS
Recovery Time Objective (RTO): The point in future at which your application will be up and running.
Recovery Point Objective (RPO): The point in past to which you will recover.
- Hidden costs to get data in usable state and to rebuild servers
- Cost Factor: Protecting applications requires clustering, duplicating infrastructure and managing complexity. Ensuring good performance using traditional recovery plans involves creation and maintenance of secondary data centers. A costly exercise.
- Time factor: In traditional DR you are in a fix first, run later mode
Disaster Recovery as a Service (DRaaS)
Replicates and hosts your applications to Virtual Machines(VMs) in an alternate location. The replication, hosting and maintenance services are handled by a third-party vendor. The DRaaS provider will be responsible for providing business continuity in the event of a disaster to ensure critical business functions continue uninterrupted.
Why DRaaS makes for a good choice?
- Minimize downtime. Your business data centre gets replicated in the cloud. A Cloud DRaaS lets you run first, fix later.
- The cloud is a flexible, low-cost alternative to traditional DR solutions. Traditional DR imposes cost constraints forcing companies to pick only high priority applications for protection leaving others out.
- Faster implementation, better management consistency, agility, scalability and zero internal infrastructure needs are the other benefits
- Avoiding brand damage and retaining the goodwill of customers despite and in spite of a disaster is possible thanks to DRaaS.
- DRaaS allows differences between the primary and secondary sites to be abstracted using technologies such as converged infrastructure
- Freeing IT from synchronisation shackles will give them more bandwidth to focus on their production environment
- An additional benefit is DRaaS contracts are flexible allowing easy adaptation to changes in business’ needs.
Downsides and Risks
Businesses will have to rely on the DRaaS provider to implement the plan correctly and meet the RTO and RPO objectives.
Best Use Cases
- Small and Medium Businesses
DRaaS can help small and mid-size businesses which have low bandwidth and expertise to implement a sophisticated disaster recovery plan (DRP)
- Large enterprises with ageing IT Infrastructure
DRaaS means organisation need not invest in and maintain their own off-site DR environment.
Gone are the days of incurring huge Capex costs to provision IT infrastructure at alternate locations. This is too expensive for the agile and dynamic business environments of our times where profit margins are tight and companies need to extract more value from less.
What should be on your DRaaS checklist?
Before your final DRaaS requirements are signed into a Service Level Agreement, you will have to make a detailed disaster recovery plan.
- List your applications & perform a risk assessment and business impact analysis for each application
- Identify risks in the following areas:
a) Information risks – identify information most vital to the firm.
b) Communication Infrastructure – What communication processes are essential to the continued functioning of the business.
c) Access and Authorization – Who needs to be given access to which systems? How to provide secure access and authentication in an event of a disaster.
d) Physical Work Environment – Determine the environment necessary to conduct the business from another location.
- Rank each application on how critical it is to business operations.
Every application run by your organisation cannot be afforded maximum protection. The RTOs and RPOs will vary depending on the criticality of the application to core business needs.
- Fix each application’s ideal RTO and RPO
Using risk assessment metrics, determine the maximum amount of time an application can remain offline in the event of a disaster. The amount of data that can be lost in the worst case scenario also needs to be decided.
- Determine your Disaster Recovery Budget
Keeping the budgetary constraints in mind each application needs to be provided the best possible protection and the risk assessment done earlier can help in this exercise.
- Determine your recovery destination
Where will you recover to? Do you have a secondary site? Or perhaps you will use cloud?
- Ready your runbook
Outline the recovery process in a document. Detail the boot order of the mirrored VMs and other changes necessary for successful recovery.
- Plan and Test Recovery
Ensure that the recovery plan and the decided order of things are readily available in the event of an emergency. Schedule tests every year to check for compliance with the plan and the SLA parameters. Check if employees at alternate locations can quickly and easily transition to the replicated work environment during the fail-over mode.
Having done all of this, you can sleep easy knowing there is a storm out there that cannot put you out of business.
Businesses are slowly realizing that most if not all of their disaster recovery requirements could be met by the cloud. Outsourcing disaster recovery to a specialist DRaaS provider is catching on rapidly and is one of the fastest growing sectors in the cloud industry. Picking a DRaaS specialist to secure your IT is not easy. But you have plenty of help from IT advisory firms to find the best DRaaS fit for you.