Disaster Recovery Solutions: Nine Questions to Assess Needs

If you’re thinking about replacing or enhancing your company’s disaster recovery (or DR) capabilities, you’re likely to be in for a pleasant surprise.

Thanks to continuing advances in cloud technology, today you can achieve better protection at a lower cost than at any time. Still, Disaster Recovery as a Service (or DRaas), as the cloud service is called, isn’t necessarily the best alternative for all companies.

This article offers a brief overview of the three generic approaches to disaster recovery. It then provides a list of nine questions to ask yourself about your operations.

Your answers to those questions will help you choose the disaster recovery alternative that best meets your company’s needs. The two familiar, well-established alternatives for disaster recovery are backup/restoration and system mirroring.

Backup/restoration protects your systems to your last backup

With backup/restoration, you make a full copy of your system and data files at regular intervals. You move the copy to a remote site where a secondary or backup infrastructure is waiting to be activated.

If your primary systems go down, you restore your most recent system and data files to the secondary infrastructure. You then shift your workload to the secondary site until you can resume operation at your primary location.

Mirroring provides fast, complete protection at high cost

With system mirroring, you run two functionally identical systems all the time.

A secondary or backup system replicates all the activities of the first, in near real time. If the first system goes down, the workload shifts to the backup system.

DRaaS offers fast recovery and complete protection at lower cost than mirroring

DRaaS mirrors the operation of your current systems. But you need not own and operate redundant infrastructures.

As a first step toward DRaaS, you virtualize your primary systems. You can then choose where to run your primary workloads. You can run your workloads:

• On infrastructure you own.
• On dedicated cloud infrastructure you use like a utility.

Either way, a DRaaS provider mirrors the operation of your primary system on a virtual machine in a remote location.

You can set up your infrastructure in a Private Cloud or a Hybrid Cloud environment.

Depending on your security and compliance needs, you can keep your cloud infrastructure 100% private and exclusive to your company. You can know exactly where your data resides, and no one else has access to your systems.

As for day-to-day operations, you don’t have to worry about managing your shadow systems. Or if you prefer, your IT team can manage and control the them remotely.

When your primary system goes down, your primary workload switches to the DRaaS system. The automated cutover [failover?] process can happen within about 20 minutes.

With DRaaS, both your operating cost (OPEX) and capital costs (CAPEX) can be much lower than for backup/recovery and system mirroring.

Do your homework before you go shopping

As you weigh your disaster recovery options, your evaluation will be much easier if you’ve gathered some key information in advance. You’ll have a much clearer idea of what disaster recovery capabilities you need after you’ve answered these questions:

1. For what kinds of potential disasters do you need better protection?

Many different threats can interrupt the operation of your systems. Here are a few:

• Natural disasters (floods, tornadoes, hurricanes, earthquakes, volcanoes).
• Loss of electrical power or network connectivity
• Terrorism and acts of war, including cyber warfare
• Hacking, viruses, denial of service attacks, cyber crime, crypto-locker extortion
• Random, unforeseen equipment failure.

To which of these threats are your systems most vulnerable?

How likely are you to experience a disaster related to one of these causes?

2. What might be the consequences of a system disaster?

What are the risks of an IT disaster for your company?

Here are some common, measurable consequences of system downtime:

• Loss of revenue
• Loss of customers
• Higher operating cost
• Hardship or harm to employees, customers, or constituencies
• Legal liability
• Exposure for regulatory noncompliance.

Other consequences, such as damage to your brand, are harder to measure but are no less real.

What would be the actual costs of downtime for your company? What might be the consequences?

How much revenue would you lose? What’s your exposure to legal or regulatory liability if your systems were to go down?

3. Which systems and workloads would be most important to restore or recover in the event of a disaster? Which would you want to recover first?

Which of your systems would be most damaging to your business if they were to go down? Which would be most harmful to your customers or clients?

How much secondary infrastructure would you need to perform a full recovery? Consider the compute capacity, data storage space, operating systems, application software. Also consider the physical space and staffing needs.

4. How long could you afford to go without your mission-critical systems?

What is your hourly cost of system downtime?

If you were to experience a disaster today, for how long might your systems go down? How long would it take you to recover?

What is your ideal Recovery Point Objective (RPO)? What is your Recovery Time Objective (RTO)?

5. What are your current DR processes, systems, and capabilities?

Which disaster recovery technologies or systems do you have in place?

How many different DR processes and technologies do you use across all your systems?

How often do you thoroughly test your DR processes and capabilities to ensure they work?

What are your current RPOs and RTOs?

How often and how thoroughly do you test your DR processes and systems?

How much do you currently spend on disaster recovery, including the cost of redundant infrastructure and all related operating expenses?

If your current approach is backup/restoration, how often do you back up? How much important data might you lose if you had to recover from your most recent backup?

6. How much staff resource can you commit to DR?

How many people on your IT staff would you be able to commit – part time or full time – to enhanced disaster recovery capabilities?

Who on your staff would you train in the deployment and use of DR systems?

How many people must be trained to provide full protection?

7. How much can your company afford to spend for DR?

Considering the potential risks your systems face, how much would your company be willing to spend on DR as a kind of insurance policy to mitigate disasters? I

8. What regulatory compliance and security factors must you consider in choosing your DR alternatives?

How secure must your data be? What security and compliance standards must your systems meet?

Who can have access to your systems?

9. How soon must you upgrade your disaster recovery capabilities?

How fast do you need to implement new DR systems and protocols? When do you need new capabilities in place?

Your answers to the foregoing questions will help you narrow down your best options for disaster recovery.

Once you’ve thought through your potential exposure and your needs, you’ll be ready for a side-by-side comparison of your three broad options for disaster recovery. If you feel ready to discuss your needs with a Thrive consultant, please contact us here.