There are many players in the data protection, backup and recovery space, many who claim to provide a “DRaaS” service, but not many provide for all aspects you should expect in a Disaster Recovery Solution. 

AllConnected believes you should have the facts so you can make an informed decision.  

Regardless of what business you run, your Disaster Recovery plan begins with backup. 

Why You Need Backup

Everyone knows backups are important, right? Except we frequently find businesses who acknowledge they don’t do it. Or they don’t prioritize it.

Why? They say it’s not central component of their line of business. It consumes IT man-hours. Nothing has happened so far.

The same can be said about auto insurance. Insurance is not needed for the car to function and it costs money that could be used on gas and other things.

But we still need it.

Your business needs to backup your mission critical information as insurance against:

Data crashes. As the demotivational poster reads: “To err is human, but to really screw something up, you need a computer.” Whether the network fails by spilled coffee, a bad patch update, or a corrupted hard drive, the result is the same: the potential permanent loss of your data.
Audits, Regulations, and Taxes. The IRS and regulatory commissions have no patience for excuses. They expect businesses to be compliant: to have data archives for an extended period of time.
Duplicating Work. Even if your data loss is minor, that failure may force your business to spend twice the number of man-hours to restore the work. This impacts not only your labor costs but also your brand in the marketplace. Your customers won’t stay if your infrastructure can’t consistently solve their problems.

On the other hand, having a strong backup and recovery strategy means that after a disaster, you save the company, rebound quickly, or potentially gain an advantage over the unprepared competition.

So how much backup “insurance” is enough? Consider the 3-2-1 rule.

What is the 3-2-1 Rule?

The best organizations employ the 3‐2‐1 rule when it comes to backing up data, which means:

Keep 3 copies of data: 1 primary (in production), with 2 backups
Store those 2 backups on different types of media (disk or tape)
Keep One backup offline and offsite, preferably in the cloud

Why? While one backup may need to be connected to the network for recovering data, the other backups need to have an “air gap.”

What is an Air Gap?

Air-gap (AKA “air wall”) is a security measure of physically and logically isolating a given system of computers, networks or backups so that are not directly accessible to the internet or other computers connected to the internet.  


Ransomware. If hackers can breach your network and reach your data in production, that’s bad. If they can reach your backups, that’s checkmate

How long you need to maintain these backups depends upon your potential data needs and the regulation and compliance standards of your business.  AllConnected can help your organization navigate this process. 

But there is more of DRaaS then just backups.   

What is DRaaS?

Disaster Recovery as a Service (DRaaS) is a managed IT solution that provides remotely hosted Disaster Recovery services to replicate a business’s data and applications so that business can continue even if its primary location is not operable.

DRaaS can be an all-in-one or variable solution but at a minimum, the service should:

Automatically back up critical systems and data at appropriate intervals
Provide suitable backup media (“backup target options”)
Provide flexible recovery options, such as restoring a single application or the whole infrastructure
Recover from a disaster quickly, with minimal end user interaction
Provide easy-to-understand billing

Many Managed Service Providers (MSPs) backup primary servers and/or applications and restore data to the primary location after a crisis.

At AllConnected, we think that’s a business of making copies.

Better DRaaS services cover comprehensive remote IT infrastructure, including:

Periodic testing and client review
“Failback”: the process of restoring operations back to the primary location after remediation is complete
“Failover”: the process of transferring business critical applications to a temporary disaster recovery (DR) location to keep business running after a disaster makes your primary location inoperable

What is RPO and RTO?

Since Disaster Recovery is the process of reestablishing access to applications, data, and IT resources after a crisis renders the primary network unavailable, your DRaaS plan must consider two factors: RPO and RTO.

Recovery Point Objective (RPO) 

What is the maximum amount of data can your business afford to lose?  Or how much time can pass between your last data backup and a disaster without causing serious damage to your business?  

Your RPO number can help determine how often to perform data backups. If your fixed backup occurs every night and your RPO is 24 hours or more, you may be safe. If that number is 2 hours, you are not. 

Recovery Time Objective (RTO) 

After a disaster, how much time can lapse before operations are restored to normal?  Can your business survive in a disrupted state for that length of time?  

If your RTO is 24 hours, that means your business can maintain operations for that long without having its normal data and infrastructure available.  

RPO is just about data. It determines the frequency of back up data, and this function can be set at fixed intervals and automated.  and does not reflect other IT needs. 

On the other hand, RTO involves your entire business infrastructure, not just data. It involves restoring all IT operations, and because of its complexity, it cannot be completely automated.  

An effective disaster recovery plan should consider both RTO and RPO to guarantee the survival of your business.  

Common DRaaS Misconceptions

1. Isn’t DRaaS just backup?

No. Backup as a Service (BaaS) provides data backup, but DRaaS should do more than simply run automated backups on servers and provide the data back as needed.
If your infrastructure is inexpensive to replace, simple enough to be easily reassembled, and/or if you already employ a disaster recovery specialist, BaaS may be enough.
However, for complex environments with business-critical processes that cannot afford a long RTO, you should consider DRaaS.  

2. My Backup is my DRaaS

Yes, but as we mentioned above, after a disaster renders your primary site unavailable, how much time can you afford to spend before your critical applications are back in production (RTO)?
How do you test your backups to make sure they are able to replace your production environment? How accessible are older backups in case of a corruption or ransomware infected backup?
Many companies discover that standard backups are no match for damaged hardware or crypto-locked backup data. DRaaS gives you the ability to failover to a functioning infrastructure for your business needs as well as virus-scan and test multiple backups before restoring them to production.

3. Is DRaaS the same as Business Continuity

DRaaS provides a foundation for business continuity. Business continuity refers to a business’s ability to continue operating during or following an unexpected disruption. It requires setting policies and strategies to identify, assess, and minimize the risk of disruptions.
DRaaS provides many of the tools, processes and infrastructure, tools necessary for business continuity. Since they are so closely related, organizations commonly combine them into a single business continuity / disaster recovery (BCDR) plan.

4. Isn’t DRaaS too Expensive? Or only for Enterprise?

Disasters can happen to any organization. You owe it to your business to have some plan to mitigate the impact of a disaster.
There are many factors that go into your disaster recovery plan. These include what you choose to backup, the RTO and RPO thresholds for your business, storage requirements, length of hosting, bandwidth, and licensing fees for backup software.
DRaaS solutions can be tailored to your company’s tolerance for downtime. Typically, the closer to zero your RTO number (the duration between disaster and normal operations), the higher the cost.
Do you need “high availability” for every part of your organization, or only for your mission critical applications?

AllConnected can work with you to design a strategic DR solution that is reasonable and effective.

5. Aren’t All DRaaS Solutions the Same?

No. Not all DRaaS solutions and DRaaS providers are equal. As we mentioned above, some who call their product DRaaS are only BaaS.  Some don’t have a failover/failback component, or have limited variations on that service.
When reviewing DRaaS solutions, consider:  

Availability: Does your network require high availability for your whole network?  Or can we prioritize them in separate tiers based on your business needs?  

Networking: Do you need an IPSec connection or a direct connection for your network size, security and functionality?  

Security and Compliance:  What are your compliance requirements?  Are they suitable for a standard multi-tenant environment or do you need a premium-level service offering? 

Testing: How frequently is testing done and who performs the test? Many DRaaS providers test only a single VM with an IT admin.  Better DRaaS testing requires testing a critical application by a power user to determine if the business can run off the DRaaS service. 

Disaster Recovery with AllConnected

While many IT Companies provide DRaaS as an add-on service to other infrastructure offerings, at AllConnected, DRaaS is our primary service. 

We believe that our Co-Managed Disaster Recovery services will not only insure your business against disaster, it will make your organization more effective by: 

Freeing up IT Resources. With AllConnected handling your data protection and backups, your IT team has more time to address your business-critical concerns. 

Proactive Patch Testing.  AllConnected’s DR services can spin up and test software patches and periodic updates in a safe, remote environment, enabling you to see how they will function without risking your production environment. 

Verified Recoverability. Most company IT departments test their backups test by opening files to make sure their offsite copy of data is accessible.  This may be comparable to verifying your auto insurance policy will include a rental truck or a duplicate product in case of disaster. 

Verified Recoverability is more like we periodically drive up alongside your delivery truck with a fully stocked duplicate truck, ready for immediate failover in case of a breakdown. 

Our periodic testing does more than provide peace-of-mind that your DRaaS works. It also enables us to plug holes in our business continuity plan.   

In our experience, organizations may bring on new mission critical applications or data without adding them to their DRaaS schedule.  Our Verified Recoverability report can reveal this missing component and show what will be lost if the plan is not properly updated.  


As we have discussed, DRaaS can yield numerous benefits for a variety of business types. By partnering with AllConnected, you can reduce the cost of downtime in a disaster, improve the efficiency of your IT department and rest assured that your organization has implemented the most reliable disaster recovery method available. 

To ensure that DR testing, planning, and recovery is organized and effective, many organizations use a disaster recovery “runbook.” A DR runbook is a working document, unique to every organization, which outlines the necessary steps to recover from a disaster or service interruption. 

Learn more: Top 10 IT DR Runbook Requirements

To get your own DR Runbook – a customized template for IT Disaster Recovery – contact us through the form below: