DRaaS: Misconceptions of Data Backup & Data Recovery

Regardless of the business you run, your Disaster Recovery plan begins with backup

There are many players in the data protection, backup and recovery space, many who claim to provide a “DRaaS” service, but not many provide for all aspects you should expect in a Disaster Recovery Solution.

AllConnected believes you should have the facts so you can make an informed decision. Our assessments and managed services are based on the NIST 800-171 Cybersecurity Framework.

Regardless of what business you run, your Disaster Recovery plan begins with backup.

Why You Need Backup

Everyone knows backups are important, right? Except we frequently find businesses who acknowledge they don’t do it. Or they don’t prioritize it.

Why? They say it’s not central component of their line of business. It consumes IT man-hours. Nothing has happened so far.

The same can be said about auto insurance. Insurance is not needed for the car to function and it costs money that could be used on gas and other things.

But we still need it.

Your business needs to backup your mission critical information as insurance against:

On the other hand, having a strong backup and recovery strategy means that after a disaster, you save the company, rebound quickly, or potentially gain an advantage over the unprepared competition.

So how much backup “insurance” is enough? Consider the 3-2-1 rule.

What is the 3-2-1 Rule?

The best organizations employ the 3‐2‐1 rule when it comes to backing up data, which means:

Keep 3 copies of data

1 primary (in production), with 2 backups

Store those 2 backups

on different types of media (disk or tape)

Keep One offline and offsite

preferably in the cloud

Why? While one backup may need to be connected to the network for recovering data, the other backups need to have an “air gap.”

What is an Air Gap?

Air-gap (AKA “air wall”) is a security measure of physically and logically isolating a given system of computers, networks or backups so that are not directly accessible to the internet or other computers connected to the internet.
Why?

Ransomware. If hackers can breach your network and reach your data in production, that’s bad. If they can reach your backups, that’s checkmate.

How long you need to maintain these backups depends upon your potential data needs and the regulation and compliance standards of your business. AllConnected can help your organization navigate this process.

But there is more of DRaaS then just backups.

What is DRaaS?

Disaster Recovery as a Service (DRaaS) is a managed IT solution that provides remotely hosted Disaster Recovery services to replicate a business’s data and applications so that business can continue even if its primary location is not operable.

DRaaS can be an all-in-one or variable solution but at a minimum, the service should:

Many Managed Service Providers (MSPs) backup primary servers and/or applications and restore data to the primary location after a crisis.

At AllConnected, we think that’s a business of making copies.

Better DRaaS services cover comprehensive remote IT infrastructure, including:

Periodic Testing & Client Review

Without testing

your backup is just a wish.

Failback

The process of restoring operations back to the primary location after remediation is complete

Failover

The process of transferring business critical applications to a temporary disaster recovery (DR) location to keep business running after a disaster makes your primary location inoperable.

What is RPO and RTO?

Since Disaster Recovery is the process of reestablishing access to applications, data, and IT resources after a crisis renders the primary network unavailable, your DRaaS plan must consider two factors: RPO and RTO.

Recovery Point Objective (RPO) 

What is the maximum amount of data can your business afford to lose? Or how much time can pass between your last data backup and a disaster without causing serious damage to your business?

Your RPO number can help determine how often to perform data backups. If your fixed backup occurs every night and your RPO is 24 hours or more, you may be safe. If that number is 2 hours, you are not.

Recovery Time Objective (RTO) 

After a disaster, how much time can lapse before operations are restored to normal? Can your business survive in a disrupted state for that length of time?

If your RTO is 24 hours, that means your business can maintain operations for that long without having its normal data and infrastructure available.

RPO is just about data. It determines the frequency of back up data, and this function can be set at fixed intervals and automated. and does not reflect other IT needs.

On the other hand, RTO involves your entire business infrastructure, not just data. It involves restoring all IT operations, and because of its complexity, it cannot be completely automated.

An effective disaster recovery plan should consider both RTO and RPO to guarantee the survival of your business.

We find our clients biggest misconception is the expectation that restoring a backup will be quick, bringing them back into production within the day.

Unfortunately, it can take days to restore and download a large database or file. The value of DRaaS is that through testing, our clients know exactly how quickly they will return to production and are able to meet their desired RTO.​

Charles Takahashi

DRaaS Director, AllConnected

Common DRaaS Misconceptions

My Backup is my DRaaS

Yes, but...

as we mentioned for the first point, after a disaster renders your primary site unavailable, how much time can you afford to spend before your critical applications are back in production (RTO)?
How do you test your backups to make sure they are able to replace your production environment? How accessible are older backups in case of a corruption or ransomware infected backup? Many companies discover that standard backups are no match for damaged hardware or crypto-locked backup data. DRaaS gives you the ability to failover to a functioning infrastructure for your business needs as well as virus-scan and test multiple backups before restoring them to production.If your infrastructure is inexpensive to replace, simple enough to be easily reassembled, and/or if you already employ a disaster recovery specialist, BaaS may be enough. However, for complex environments with business-critical processes that cannot afford a long RTO, you should consider DRaaS.

Isn’t DRaaS just backup?

No

Backup as a Service (BaaS) provides data backup, but DRaaS should do more than simply run automated backups on servers and provide the data back as needed. If your infrastructure is inexpensive to replace, simple enough to be easily reassembled, and/or if you already employ a disaster recovery specialist, BaaS may be enough. However, for complex environments with business-critical processes that cannot afford a long RTO, you should consider DRaaS.

Is DRaaS the same as Business Continuity?

No

DRaaS provides a foundation for business continuity. Business continuity refers to a business’s ability to continue operating during or following an unexpected disruption. It requires setting policies and strategies to identify, assess, and minimize the risk of disruptions. DRaaS provides many of the tools, processes and infrastructure, tools necessary for business continuity. Since they are so closely related, organizations commonly combine them into a single business continuity / disaster recovery (BCDR) plan.

Isn’t DRaaS too Expensive? Or only for Enterprise?

Disasters can happen to any organization. You owe it to your business to have some plan to mitigate the impact of a disaster. There are many factors that go into your disaster recovery plan. These include what you choose to backup, the RTO and RPO thresholds for your business, storage requirements, length of hosting, bandwidth, and licensing fees for backup software.

DRaaS solutions can be tailored to your company’s tolerance for downtime. Typically, the closer to zero your RTO number (the duration between disaster and normal operations), the higher the cost. Do you need “high availability” for every part of your organization, or only for your mission critical applications? AllConnected can work with you to design a strategic DR solution that is reasonable and effective.

Aren’t All DRaaS Solutions the Same?

No

Not all DRaaS solutions and DRaaS providers are equal. Some DRaaS products are only BaaS. Some have no failover/failback component, or have limited variations on that service. Consider:
Availability: Does your network require high availability for your whole network? Or can we prioritize separate tiers based on your business needs?
Networking: Do you need an IPSec connection or a direct connection for your network size, security and functionality?
Security and Compliance: What are your compliance requirements? Is a standard multi-tenant environment suitable or do you need a premium-level service offering?
Testing: who performs testing and how frequently? Many DRaaS providers test only a single VM with an IT admin. Better ones test a critical application by a power user to determine if the business can run off the DRaaS service.

Disaster Recovery with AllConnected

While many IT Companies provide DRaaS as an add-on service to other infrastructure offerings, at AllConnected, DRaaS is our primary service.

We believe that our Co-Managed Disaster Recovery services will not only insure your business against disaster, it will make your organization more effective by:

Freeing up IT Resources. With AllConnected handling your data protection and backups, your IT team has more time to address your business-critical concerns.

Proactive Patch Testing.  AllConnected’s DR services can spin up and test software patches and periodic updates in a safe, remote environment, enabling you to see how they will function without risking your production environment.

Verified Recoverability. Most company IT departments test their backups test by opening files to make sure their offsite copy of data is accessible.  This may be comparable to verifying your auto insurance policy will include a rental truck or a duplicate product in case of disaster.

Verified Recoverability is more like we periodically drive up alongside your delivery truck with a fully stocked duplicate truck, ready for immediate failover in case of a breakdown.

Our periodic testing does more than provide peace-of-mind that your DRaaS works. It also enables us to plug holes in our business continuity plan.

In our experience, organizations may bring on new mission critical applications or data without adding them to their DRaaS schedule.  Our Verified Recoverability report can reveal this missing component and show what will be lost if the plan is not properly updated.

Conclusion

As we have discussed, DRaaS can yield numerous benefits for a variety of business types. By partnering with AllConnected, you can reduce the cost of downtime in a disaster, improve the efficiency of your IT department and rest assured that your organization has implemented the most reliable disaster recovery method available.

To ensure that DR testing, planning, and recovery is organized and effective, many organizations use a disaster recovery “runbook.” A DR runbook is a working document, unique to every organization, which outlines the necessary steps to recover from a disaster or service interruption.

Learn More

fire rescue
Top 10 IT DR Runbook Requirements

A DR runbook is a working document, unique to every organization, which outlines the necessary steps to recover from a disaster or service interruption.

Level-Up Your Disaster Recovery Plan: Prepare with Our Assessment Tool

Our Disaster Recovery Assessment will help you rank your readiness…

Want to talk with an expert?

24/7

How ready are you for the unexpected?

Get In Touch