Advances in technology and computing platforms have enabled the creation of complete disaster recovery as a service (DRaaS) solutions that can be used instead of internal IT teams, but every business need to assess carefully if it is the right fit.
With more data being created within firms, it is no wonder the market for DRaaS is increasing. According to figures from analyst company Mordor Intelligence, the worldwide disaster recovery as a service market was valued at $1.94bn in 2017 and is projected to reach S13.74bn by 2023. Other figures from Gartner put the worldwide DRaaS market in 2017 at just over $2bn, growing to over $3.5bn by 2021.
There are two key markets for it, he says: “There is a small group of generally larger businesses who have ‘traditional DR’ – a complete duplication of their IT infrastructure. That will either be at a second site they own or with a DR [disaster recovery] service provider.
“The other, much larger group is of organisations who never really had a comparable solution in place. They [can] recover backups, [but] the site and the hardware to be restored [to] would potentially be sourced at the time of the disruption.”
Groucutt adds that for the first group, DRaaS offers a similar solution, but at a fraction of the cost. For the second group, disaster recovery is now finally affordable and it is in that second group where the growth is occurring.
DRaaS is usually sought when a business has identified a need for it, but does not have the resource, infrastructure, expertise or experience internally.
“Often, it is when an existing solution is not being tested properly. We are seeing that a flexible approach is attractive where a specific engagement or technical solution isn’t dictated,” says Evan Kenty, managing director for Europe at hardware maintenance firm Park Place Technologies.
Groucutt says that with these types of cloud services, there is always a question for enterprises as to whether it is better to buy or to build.
“To ‘build’ means to do it yourself, which includes buying the hardware and software, managing the ongoing replication, troubleshooting daily and then managing the recovery,” he says.
“That threshold used to be around the few-hundred server mark, but as cloud costs are reducing, it is pushing up to perhaps around the thousand server mark, although even those with a higher numbers of servers may still want the benefit of a service.”
How does DRaaS work and what are the benefits?
DRaaS usually follows a clear and consistent consultancy process and begins with understanding their technical, commercial and legislative requirements and constraints before designing the bespoke solution with the assurances that it is reliable and predictable, according to Kenty.
Andrew Wild, product manager at converged IT services firm GCI says that DRaaS involves creating an on-demand, cloud-based replica of a customer’s operational IT environment. In the event of a disaster, any failover must be evoked quickly and easily. The DR service must be tested periodically, and the associated DR plan kept up-to-date with regular reviews.
“In any ideal world, the DR service would never be invoked. But disasters do happen and DRaaS is designed to reduce the impact of these events,” he says.
Read more about DRaaS
- A DRaaS solution from US Signal provides an additional level of data protection and remote replication for its client, a regional health system in western Massachusetts.
- There are four key capabilities DRaaS vendors must have to ensure they can handle the full range of potential disasters.
- Eight warning signs your DRaaS vendor needs replacing.
- Using a DRaaS provider could bring unexpected costs.
From an IT director’s point of view, DRaaS allows the effective outsourcing of the DR plan, testing and ongoing monitoring. According to Paul Burns, chief technology officer of IT services company Technology Services Group, this enables them focus on those projects that drive business value, rather than spending time on risk mitigation and testing.
“While DR is clearly critically important, there are services available today which will allow a good managed service provider [MSP] to deliver this at a cost point that five years ago simply wasn’t achievable,” he says.
Planning and implementing DRaaS
Burns says that organisations should go about planning and implementing DRaaS by running an analysis of the data estate, platforms and services as a key first step. The assignment of a recovery point objective (RPO) and a recovery time objective (RTO) for each service is the next step. He adds that this allows an organisation to prioritise investment based on the business attitude to data loss (RPO) and the length of time the business can cope without a system (RTO). “What is right for one service or application may not be appropriate for another”.
The consideration of software as a service (SaaS) applications is crucial and often overlooked in DR planning, says Burns.
“For example, if you use a hosted CRM [customer relationship management] service, how will the business operate if that service is not available? Relying on the SLA [service level agreement] from a SaaS provider alone is not best practice. Consider whether there is a viable contingency plan, even if it’s a manual process until normal service is resumed. This is often not considered, but can work as a last resort,” he says.
Wild says that for some organisations, the DR plan is as simple as a confidence in the ability to restore from backup. This assumes that backups are off-site, tested and reliable. For others it is the ability to failover workloads quickly, efficiently and securely and that similar hardware will be readily available to recover to.
“The DR plan and runbook are central to this service. These encompasses all aspects of backup, failover, replication and recovery, so that in the event of a network, connectivity or hardware failure, the supplier knows which workloads and which applications need to be available, and in what order they should be brought back up,” he says.
Overcoming DRaaS issues and setbacks
There can be potential pitfalls when it comes to implementing DRaaS. One of the main ones is assuming that a single product or approach will address every requirement.
“Potential pitfalls are best overcome by deploying an appropriate blend of technologies that are reliable and predictable without introducing too much weight or complexity in the technology stack,” says Kenty.
Wild says that DRaaS is not a silver bullet and it should not be seen as a complete DR strategy in itself, but as part of a wider cloud strategy – of which DR often forms the first step.
“Organisations should ensure that their DRaaS provider is resilient enough for needs with geographically separate and operationally diverse datacentres. Be certain on security. Have a DR plan in place,” he says.
The next stage after DRaaS
Key to what happens after DRaaS is implemented is the “as-a-service” part, says Wild. He adds that such services should be backed with service level agreement subject to bi-annual DR tests to provide recovery points of as little as five minutes, subject to internet connectivity.
He also says that the disaster recovery “runbook” should also be reviewed and updated to ensure a simple, non-disruptive test procedure to instil confidence in the ability to recover.
Many data protection practitioners believe that in the future, DRaaS, data protection, and data management are going to become intrinsically linked.
“I expect organisations to be using data virtualisation or data fabric technologies to manage data across on-premise and cloud services as well as using those tools to simplify the management and improve the availability of data,” says Richard Wainwright, CTO at data protection consultancy Tectrade.
“For clients who are already ‘cloud-native’, they will almost look the other way, identifying steady-state workloads to bring on premise to reduce operational cost, or to reduce the risk of having all their data ‘eggs in one basket’.”
With internet bandwidth and cloud servers becoming ever cheaper and more ubiquitous, DRaaS should become a much more viable proposition for virtually every workload and enterprise.
As Robert Rutherford, CEO of technology consultancy QuoStar says, the financial and reputational impact to a business that is not able to operate in a short or extended disaster is so great now, DRaaS in some form, is “pretty much essential for all but the largest of businesses.”