DRaaS: Misconceptions of Data Backup & Data Recovery
Regardless of the business you run, your Disaster Recovery plan begins with backup
There are many players in the data protection, backup and recovery space, many who claim to provide a “DRaaS” service, but not many provide for all aspects you should expect in a Disaster Recovery Solution.
AllConnected believes you should have the facts so you can make an informed decision. Our assessments and managed services are based on the NIST 800-171 Cybersecurity Framework.
Regardless of what business you run, your Disaster Recovery plan begins with backup.
Why You Need Backup
Everyone knows backups are important, right? Except we frequently find businesses who acknowledge they don’t do it. Or they don’t prioritize it.
Why? They say it’s not central component of their line of business. It consumes IT man-hours. Nothing has happened so far.
The same can be said about auto insurance. Insurance is not needed for the car to function and it costs money that could be used on gas and other things.
But we still need it.
Your business needs to backup your mission critical information as insurance against:
- Cybercrime. As we discussed in How to Prepare Your Organization to Fight Ransomware, if hackers encrypt your data, you three choices: pay the ransom to get your data back, go out-of-business, or restore from backup. Restoring from backup is preferable.
- Data crashes. As the demotivational poster reads: “To err is human, but to really screw something up, you need a computer.” Whether the network fails by spilled coffee, a bad patch update, or a corrupted hard drive, the result is the same: the potential permanent loss of your data.
- Audits, Regulations, and Taxes. The IRS and regulatory commissions have no patience for excuses. They expect businesses to be compliant: to have data archives for an extended period of time.
- Un-survivable Downtime. A 2007 University of Texas study showed that 43% of businesses that suffer major data loss never reopen. 51% close their businesses within two years. Companies that aren’t able to resume operations within ten days are not likely to survive.
- Duplicating Work. Even if your data loss is minor, that failure may force your business to spend twice the number of man-hours to restore the work. This impacts not only your labor costs but also your brand in the marketplace. Your customers won’t stay if your infrastructure can’t consistently solve their problems.
On the other hand, having a strong backup and recovery strategy means that after a disaster, you save the company, rebound quickly, or potentially gain an advantage over the unprepared competition.
So how much backup “insurance” is enough? Consider the 3-2-1 rule.
What is the 3-2-1 Rule?
The best organizations employ the 3‐2‐1 rule when it comes to backing up data, which means:
Keep 3 copies of data
1 primary (in production), with 2 backups
Store those 2 backups
on different types of media (disk or tape)
Keep One offline and offsite
preferably in the cloud
Why? While one backup may need to be connected to the network for recovering data, the other backups need to have an “air gap.”
What is an Air Gap?
Air-gap (AKA “air wall”) is a security measure of physically and logically isolating a given system of computers, networks or backups so that are not directly accessible to the internet or other computers connected to the internet.
Why?
Ransomware. If hackers can breach your network and reach your data in production, that’s bad. If they can reach your backups, that’s checkmate.
How long you need to maintain these backups depends upon your potential data needs and the regulation and compliance standards of your business. AllConnected can help your organization navigate this process.
But there is more of DRaaS then just backups.
What is DRaaS?
Disaster Recovery as a Service (DRaaS) is a managed IT solution that provides remotely hosted Disaster Recovery services to replicate a business’s data and applications so that business can continue even if its primary location is not operable.
DRaaS can be an all-in-one or variable solution but at a minimum, the service should:
- Automatically back up critical systems and data at appropriate intervals
- Provide suitable backup media (“backup target options”)
- Provide flexible recovery options, such as restoring a single application or the whole infrastructure
- Recover from a disaster quickly, with minimal end user interaction
- Provide easy-to-understand billing
Many Managed Service Providers (MSPs) backup primary servers and/or applications and restore data to the primary location after a crisis.
At AllConnected, we think that’s a business of making copies.
Better DRaaS services cover comprehensive remote IT infrastructure, including:
Periodic Testing & Client Review
Without testing
your backup is just a wish.
Failback
The process of restoring operations back to the primary location after remediation is complete
Failover
The process of transferring business critical applications to a temporary disaster recovery (DR) location to keep business running after a disaster makes your primary location inoperable.
What is RPO and RTO?
Since Disaster Recovery is the process of reestablishing access to applications, data, and IT resources after a crisis renders the primary network unavailable, your DRaaS plan must consider two factors: RPO and RTO.
Recovery Point Objective (RPO)
What is the maximum amount of data can your business afford to lose? Or how much time can pass between your last data backup and a disaster without causing serious damage to your business?
Your RPO number can help determine how often to perform data backups. If your fixed backup occurs every night and your RPO is 24 hours or more, you may be safe. If that number is 2 hours, you are not.
Recovery Time Objective (RTO)
After a disaster, how much time can lapse before operations are restored to normal? Can your business survive in a disrupted state for that length of time?
If your RTO is 24 hours, that means your business can maintain operations for that long without having its normal data and infrastructure available.
RPO is just about data. It determines the frequency of back up data, and this function can be set at fixed intervals and automated. and does not reflect other IT needs.
On the other hand, RTO involves your entire business infrastructure, not just data. It involves restoring all IT operations, and because of its complexity, it cannot be completely automated.
An effective disaster recovery plan should consider both RTO and RPO to guarantee the survival of your business.
We find our clients biggest misconception is the expectation that restoring a backup will be quick, bringing them back into production within the day.
Unfortunately, it can take days to restore and download a large database or file. The value of DRaaS is that through testing, our clients know exactly how quickly they will return to production and are able to meet their desired RTO.
Charles Takahashi
DRaaS Director, AllConnected
Common DRaaS Misconceptions
My Backup is my DRaaS
Yes, but...
Isn’t DRaaS just backup?
No
Is DRaaS the same as Business Continuity?
No
Isn’t DRaaS too Expensive? Or only for Enterprise?
Aren’t All DRaaS Solutions the Same?
No
Disaster Recovery with AllConnected
While many IT Companies provide DRaaS as an add-on service to other infrastructure offerings, at AllConnected, DRaaS is our primary service.
We believe that our Co-Managed Disaster Recovery services will not only insure your business against disaster, it will make your organization more effective by:
Freeing up IT Resources. With AllConnected handling your data protection and backups, your IT team has more time to address your business-critical concerns.
Proactive Patch Testing. AllConnected’s DR services can spin up and test software patches and periodic updates in a safe, remote environment, enabling you to see how they will function without risking your production environment.
Verified Recoverability. Most company IT departments test their backups test by opening files to make sure their offsite copy of data is accessible. This may be comparable to verifying your auto insurance policy will include a rental truck or a duplicate product in case of disaster.
Verified Recoverability is more like we periodically drive up alongside your delivery truck with a fully stocked duplicate truck, ready for immediate failover in case of a breakdown.
Our periodic testing does more than provide peace-of-mind that your DRaaS works. It also enables us to plug holes in our business continuity plan.
In our experience, organizations may bring on new mission critical applications or data without adding them to their DRaaS schedule. Our Verified Recoverability report can reveal this missing component and show what will be lost if the plan is not properly updated.
Conclusion
As we have discussed, DRaaS can yield numerous benefits for a variety of business types. By partnering with AllConnected, you can reduce the cost of downtime in a disaster, improve the efficiency of your IT department and rest assured that your organization has implemented the most reliable disaster recovery method available.
To ensure that DR testing, planning, and recovery is organized and effective, many organizations use a disaster recovery “runbook.” A DR runbook is a working document, unique to every organization, which outlines the necessary steps to recover from a disaster or service interruption.
Learn More
Top 10 IT DR Runbook Requirements
A DR runbook is a working document, unique to every organization, which outlines the necessary steps to recover from a disaster or service interruption.
Level-Up Your Disaster Recovery Plan: Prepare with Our Assessment Tool
Our Disaster Recovery Assessment will help you rank your readiness…