Ever since 2017’s global ransomware attack by WannaCry threatened any computer running the Windows OS, the digital world has been on proverbial red alert.
In today’s dynamic environment, the next disaster is just around the corner and whether the threat is cyber or natural, companies must be prepared to quickly restore their systems. Depending on the nature of the business, impact on BAU and interruptions in service delivery could have highly damaging effects. Take, for example, a healthcare organization that suffers a prolonged outage due to a natural disaster. Or simply look at BFSI companies like Equifax, where large amounts of sensitive data could be compromised after a breach, making recovery especially complex.
Aware of these aspects, companies are increasingly looking to strengthen Disaster Recovery (DR) mechanisms; while cybersecurity measures are preemptive, a DR plan will ensure that systems and applications keep running even if, there’s a breach. Now, technologies such as the cloud and remote application hosting make DR planning a simpler initiative. Without the need to configure actual physical hardware and all data stored away from the premise, companies can look forward to a faster recovery process and significantly lower downtimes.
But make no mistake: a cloud disaster recovery plan isn’t identical to simply creating a backup and restoring it in case of a disaster event. A back-up will not provide the continuous synchronization required, and even the backed-up instance could be open to disaster. A comprehensive cloud based disaster recovery plan will consider a specific Recovery Point Objective (ideally 24 hours) and a Recovery Time Objective (in minutes).
So, what are the different DR options available when exploring cloud migration? We recommend the following four approaches:
1. Cloud-based back-up and restore – Here, cloud migration is only partial as applications and data continue to be hosted on-premise. However, the entire ecosystem is backed up on the cloud at regular intervals, meaning a cloud backup is essentially replacing the legacy practice of tape-based offsite storage.
Backing up to the cloud is relatively simple; it’s only when we are trying to restore post-disaster that the challenges arise. Bandwidth may be limited and the data volumes to be recovered may go up to several terabytes. This leads to violation of the pre-determined Recovery Time Objective, potentially impacting business operations and customer services.
2. Restoring to (and not from) the cloud – Unlike the previous approach, the data isn’t brought back to on-premise systems – it is restored to a cloud environment instead. This requires the availability of virtual machines and powerful cloud computing resources.
The advantage here is that the restore doesn’t need to be triggered by a disaster event. A company can preemptively restore to the cloud on a continuous basis, keeping the virtual machines up to date and simply switching to the same when disaster strikes – with nearly zero downtime.
3. Replicate to virtual machines in the cloud – This is the preferred cloud Disaster Recovery mechanism for mission-critical applications. By replicating digital infrastructure to cloud-based virtual machines, companies can protect both on-premise and remotely store data. In its essence, each application instance is replicated in a virtual machine so that both are concurrently functioning at any given time.
While replication-driven disaster recovery plan for application on cloud services will obviously consume more resources, often requiring specific cloud service capabilities, the benefits in terms of Recovery Point and Recovery Time are clear.
4. Managed applications and cloud disaster recovery – This is an increasingly popular choice among larger companies, especially those without the requisite in-house technology prowess.
An experienced cloud partner takes full ownership of application hosting and disaster recovery with Recovery Point and Recovery Time objectives mentioned right in the SLAs. Also, by rigorously assessing the cloud migration partner before selecting a cloud provider disaster recovery plan, businesses can make sure a provider is equipped to take on the challenges of protecting their digital infrastructure.
Interestingly, these four approaches are not mutually exclusive. Based on the nature of your work and unique organizational goals, you could subscribe to any combination of the above, applying a different DR model to each application stack/functional unit, as required. When performing this analysis, ensure that these six points on your checklist aren’t ignored:
Conduct an infrastructure audit and identify vulnerable areas (including a propensity for natural disasters, adverse climate, and sensitive customer information)
Perform a business impact analysis to arrive at the Recovery Point Objective and a Recovery Time Objective
Select a singular or multi-layered DR option, based on the Objectives defined
Assign project goals, along with detailed disaster simulations
Select the cloud migration and disaster recovery provider and solicit RFPs in-line with Objectives and project goals
Co-formulate a DR planning document, outlining clear ownership in-conjunction with your cloud management service provider
There’s no denying it; the cloud has made recovering from disasters far easier than it would be in an end-to-end hardware-based scenario. This is just what’s needed in an evolving cyber-threat environment with new forms of attack emerging every day. Coupled with heightened customer expectations in terms of service timelines and quality, companies must proactively seek new ways to combat disasters and recover fast.
By partnering with the right cloud migration provider, along with a deep awareness of cloud services and disaster recovery alternatives, you could find a solution that’s right for your business and – at the end of the day – for your customers.