Business Continuity Planning

Knowing the basics

Cloud disaster recovery (cloud DR). By storing copies of data in a cloud environment, cloud DR has become a popular element in modern disaster recovery planning. Flexible costs and capacities make it a good choice for smaller organizations who don’t want to spend an arm and a leg on traditional DR setup, avoiding the costs of hardware, data center space and personnel. For larger businesses that already have an established DR strategy, the cloud can be a bit of a safety net. Geographical threats to a data center, such as natural disasters, have no effect on cloud recovery efforts, as long as the cloud provider isn’t located in the same disaster area.

While some organizations may not fully trust using the cloud for disaster recovery, especially for mission-critical files, a hybrid cloud DR strategy is both effective and cost efficient.

Cloud backup. Having a cloud backup strategy in place before a disaster hits should be a priority for any organization planning on using the cloud for disaster recovery. Cloud DR and cloud backup are not synonymous, but they are connected. Cloud backup sends a copy of the data offsite, while ideally keeping it secure and accessible over time. Cloud DR helps prepare for unexpected incidents and failures, and a good recovery strategy must include the process of failing back to the primary site.

Disaster recovery as a service (DRaaS).Often used interchangeably with cloud DR, DRaaS is the replication and hosting of data by a third party service provider. In the event of a disaster, a DRaaS provider will implement your organization’s DR plan and prevent a total shutdown when your own data center is in jeopardy. Depending on the terms laid out in the service-level agreement (SLA,) a DRaaS provider may conduct its own testing and provide the customer with assistance during a disaster.

The major disadvantage to using DRaaS is similar to the major benefit, in that it means handing over recovery processes to a third party. Entrusting your data to another company always comes with risks, so it is up to each organization to weigh the pros and cons of using DRaaS.

Disaster recovery plan. The cloud is just one aspect of a disaster recovery plan, but should be included in all of the assessments, analyses and testing prior to a disaster taking place. Using the cloud brings its own set of risks to be calculated and should be taken into account when conducting a risk assessment. When you perform a business impact analysis, your cloud DR service will directly affect recovery times and continuity. Security is a common concern with the cloud, so be sure to monitor this during testing.

After a disaster occurs, it’s important to evaluate how a plan worked and what you might need to change. Examine the performance of the cloud service in this assessment, including the amount of downtime, the success of the failover and failback, and the security and availability of your data. If any changes need to be made, work with your DR team and the cloud provider to amend any issues.

Words to remember when working with a provider

When choosing a cloud DR vendor, you’re likely to come across a whole new set of important terms and concepts. Vetting providers and finding the right one for your organization is hard enough, so translating a complicated SLA shouldn’t be an additional concern. Below, we cover five terms you might come across when browsing the market, and what they mean when it comes to choosing the right cloud for disaster recovery.

Cloud service provider (CSP). Among other services, such as infrastructure and backup, a CSP can provide DR services to an organization in an on-demand or subscription basis. CSP offerings can be tailored to meet a company’s needs, and handle key aspects of the recovery process. Cloud service providers can offer private, public and hybrid options, which is beneficial for the high-stakes world of disaster recovery. If your organization is looking for the ease and reliability of using a CSP, but prefers to keep some mission-critical recovery processes out of the public cloud, a hybrid option is a good choice. Major CSPs today include Amazon Web Services, Microsoft Azure and Google Cloud Platform.

Vendors specializing in cloud DR services include Zerto, Axcient and Sungard Availability Services.

Cloud storage SLA. When choosing a CSP for DR, having a comprehensive SLA in place is critical. Cloud SLAs cover important requirements and objectives that the vendor is agreeing to meet in case of a disaster. Factors that may affect the contents of an SLA will likely include your organization’s industry, compliance requirements and geographic location.

When it comes to using the cloud for disaster recovery, an SLA should address the responsibilities of the vendor and the organization, performance parameters, a description of covered services and applications and stipulations for uptime.

Cloud uptime. A term you’re likely to see covered in an SLA, cloud uptime refers to the amount of time a cloud service is accessible. Given that nearly all data is considered mission-critical today, a common stipulation for cloud uptime is at least 99.9%, which translates to about nine hours of cloud outages per year.

Cloud outage. Fairly straightforward, a cloud outage refers to a period of time when cloud services are unavailable. Outages can be caused by any number of factors, from natural disasters to ransomware attacks. When choosing a CSP, make sure to ask questions such as what percentage of the CSP’s customers can be supported during a regional disaster, and what the guidelines are for declaring a disaster.

Cloud insurance. A cloud insurance policy is a form of risk management for the CSP, taking responsibility for an outage or failure spelled out in the SLA. Along with protecting a cloud vendor in the event that promised services are not delivered, cloud insurance is also beneficial to the customer. Cloud insurance can compensate an organization for lost business when a cloud service is unavailable, as well as provide protection in case of a security breach. Cloud insurance can also be purchased through a third-party insurance company.