3 things to consider before buying into Disaster Recovery as a Service
- — 01 July, 2013 14:45
Disaster Recovery as a Service (DRaaS) backs up the whole environment, not just the data.
"Most of the providers I spoke with also offer a cloud-based environment to spin up the applications and data to when you declare a disaster," says Karyn Price, Industry Analyst, Cloud Computing Services, Frost & Sullivan. This enables enterprises to keep applications available.
Vendors offer DRaaS to increase their market share and revenues. Enterprises, especially small businesses are interested in the inexpensive yet comprehensive DR solution DRaaS offers. There are cautionary notes and considerations too that demand the smart businesss attention before and after buying into DRaaS.
DRaaS market drivers, vendors and differentiation
DRaaS is a wise move for cloud vendors hungry for a bigger slice of the infrastructure market.
"DRaaS is the first cloud service to offer value for an entire production infrastructure, all the servers and all the storage," says John P. Morency, Research Vice President, Gartner. This opens up more of the market, providing much higher revenues for vendors.
DRaaS creates new revenue streams and opportunities for vendors, too.
"They want to bring comprehensive recovery to a wider variety of business customers," Price says. Where only an enterprise could afford a full-blown BC/DR solution before, now the cloud offers a more affordable option for BC/DR to the small business.
Vendors leveraging DRaaS include Verizon TerreMark, Microsoft and Symantec (a joint offering), IBM, Sungard and NTT Data, Earthlink, Windstream, Bluelock, Virtustream, Verastream, EVault, Hosting.com and a trove of smaller contenders seeking to differentiate themselves in the marketplace, according to Price and Morency.
"While most of the DRaaS vendors are relatively similar in their cost structures and recovery time objectives, the recovery point objective is a differentiator between vendor offerings," says Price. Whereas Dell and Virtustream each report RPOs of 5 minutes, according to Frosts Karyn Price, Windstream reports RPOs of 15 minutes to 1 hour, depending on the DRaaS service the customer chooses.
DRaaS: No drab solution
With so much to offer, DRaaS has a bright future in the BC/DR realm. Companies with no tolerance for downtime, those looking to enter the cloud for the first time, those seeking a complete DR solution and those that have infrastructure in severe weather risk locations are interested in DRaaS. DRaaS is particularly interesting to enterprises with minimal tolerance for downtime.
"Most of the DRaaS vendors I speak with offer recovery times of four hours or fewer," says Price.
DRaaS is an option for enterprises that want to test the cloud for the first time.
"If you are in the middle of a disaster and suddenly you have no infrastructure to restore to, would you rather have a cloud-based solution that maybe you would have been wary of as your primary option or would you rather have nothing?" asks Price.
Small businesses see DRaaS as a way to finally afford a broader BC/DR solution.
"DRaaS can minimize or even completely eliminate the requirement for company capital in order to implement a DR solution," says Jerry Irvine, CIO, Prescient Solutions and member of the National Cyber Security Task Force. Since DRaaS is a cloud solution, businesses can order it at most any capacity, making it a more cost-effective fit for smaller production environments. Of the 8,000 DRaaS production instances that Gartner estimates exist today, 85- to 90- percent are smaller instances of three to six production applications, Morency says. The VM scope of these companies is between five and sixty VMs and the associated production storage is no more than two to five TB, Morency adds.
Businesses hit with increasingly severe weather catastrophes are very interested in DRaaS.
"When you look at the aftermath of events like the Tsunami in Japan, there is a lot more awareness and a lot more pressure from the board level to do disaster recovery," says Morency. This pressure and the affordability of DRaaS can tip the scales for many a small business.
Proceed with caution
Enterprises and small businesses considering DRaaS face a lot of due diligence before choosing a solution and a lot of work afterwards.
"It's not like you just upload all the work to the service provider," says Richard P. Tracy, CSO, Telos Corporation. If the enterprise requires replication to a cloud environment supported exclusively by SAS70 data centers, then the DRaaS provider better be able to demonstrate that it has SAS 70 data centers and agree to keep data in the cloud only in those facilities.
Depending on the industry, the customer must confirm that the DRaaS provider meets operational standards for HIPAA, GLBA, PCI-DSS, or some of the ISO standards as needed.
"You don't want to trust that they do just because it says so on their website," says Tracy.
Due to the nature of the cloud, DRaaS can offer innate data replication and redundancy for reliable backup and recovery. But unless specified otherwise, DRaaS could include only replication to failover core systems and backup may not be included.
"Many organizations define their backup systems or data repositories as critical solutions for the DR facilities to replicate," says Irvine. This provides for replication of core systems and data backup to DRaaS.
And once the enterprise's data successfully fails over to the DRaaS service, at some point the enterprise and the service have to roll it back to the enterprise infrastructure.
"You have to make sure that the DRaaS service will support you in that process," says Tracy. There are processes, procedures, and metrics related to exit strategies for outsourcing that the customer must define during the disaster recovery planning process. These will depend on the organization. These procedures set the timing for how soon data restoration to the primary location takes place and how soon the company switches the systems back on.
"The SLA should define the DRaaS provider's role in that," says Tracy. "It's not just failover, it's recovery."
DRaaS: Worth consideration
DRaaS can replicate infrastructure, applications and data to the cloud to enable full environmental recovery. The price is right and the solution is comprehensive. Still in its early stages, DRaaS is by all signs worth consideration, especially with the number and types of offerings available, and the obvious market need.