18 November 2022
In today’s hyperconnected digital economy is paramount to protect business data from damage, loss, or attacks. Without an effective disaster recovery infrastructure an organizations put its future at stake. And DRaaS business model allows to effectively defeat these threats.
“Once in 100 years” natural disasters do happen almost every year, don’t they? Add social disruptions, even wars, major disruptions in increasingly thin and wide energy supply chains and of course ransomware as well as other cyberattacks and you soon will have a very compelling array of reason to immediately plan for Disaster Recovery.
Actually organizations should stop wondering “if” or “when” something will strike their data operations. In 2020 Gartner reported that 76% of organizations reported in the previous two years at least one incident requiring an IT data recovery plan*.
Therefore a sound and proactive management approach should start facing the reality and wondering “how often” data-related incidents will or could occur and assessing their consequences on the business’ profit and loss sheet or even on its very ability to stand on the market.
Data protection strategies make the difference between ‘will’ and ‘could’ happen and it will be even more challenging in 2022 and beyond.
The ‘attack surface’, i.e. the possible ways an attacker can get into any company’s devices and networks and seize or eliminate data, became wider in these last years. Companies store more data across a wider array of resources and systems. Smart working multiplies the use of mobile devices which are among the main attack vectors. The ever changing regulations surrounding sensitive data weight on organizations adding to their responsibilities.
The goal is clear: ensuring business continuity whatever happens. “The show must go on”. Organizations will need to ensure that cyberattacks do not further compromise their operations and that all data remains available 24/7 with instant recovery. In IT terms that means a company should have a disaster recovery (DR) planning and a Disaster recovery infrastructure in place.
Disaster Recovery is something broader than data backup. DR means replicating both data, applications, and computer processing in an off-premises location not affected by the disaster. Should servers go down, a company would be able to operate from a second location where data are backed up.
Disaster Recovery solutions can be implemented in-house using for instance two different sites of the same company, as a Service (DRaaS) or hybrid, using either internal company resources or a service provider.
To perform data recovery on their own, (buying or renting a set of servers in a different premise) organizations should duplicate their IT hardware fixed costs and beside that, should have the relevant in-house skills and dedicate a significant amount of their time on planning, configuring networks, testing and ensuring that their ‘backup’ infrastructure will adapt to their ever changing needs.
Assuming that the organizations enjoy the competences needed to effectively shield both of them from increasingly sophisticated cyberattacks, an in house DR approach means doubling every single issue and cost the company will face in the future. Eventually executing an in-house DR strategy will need time, and time is not necessarily on your side.
Disaster Recovery as-a-Service (DRaaS) is a cloud computing service model that allows an organization to mirror not just data, but the company’s complete infrastructure, including compute, storage and networking functions on virtual servers. In a matter of weeks a company could back up its data and IT infrastructure in a third party cloud computing environment.
DRaaS differs from Backup as-a-Service (BaaS), where only the data, but not the ability to process the data, is stored by a third-party provider. Because BaaS is only protecting the data, and not the infrastructure. Through a ‘as-a-service’ business model the third party will provide all the DR orchestration, needed to regain access and functionality to IT infrastructure after a disaster.
Should a disaster occur, or better to say, when it will happen, (natural events or ransomware attack) a DRaaS provider moves an organization’s computer processing to its own cloud infrastructure, allowing a business to continue operations seamlessly from the vendor’s location, even if an organization’s servers are down. The third party could adapt its offer to the ever changing company’s needs, comply to all the relevant data protection regulations and is able to employ and train human resources focused on their data security skills. DRaaS plans are available through either subscription or pay-per-use models.
*Gartner, “Survey Analysis: IT Disaster Recovery Trends and Benchmarks”, April 2020