Historically, disaster recovery required a significant investment in physical infrastructure. Organizations had to balance the risk of not being prepared for a disaster with the cost and level of recovery they could afford. As a result, many executives perceive traditional disaster recovery as an expensive “insurance policy” that is only accessible to organizations with big budgets.
However, with the development of cloud computing technology, traditional disaster recovery is being replaced by Recovery-as-a-Service (RaaS), which enables institutions to recover data and systems within the cloud. RaaS has leveled the playing field for small to mid-sized businesses (SMBs) by providing access to comprehensive and cost-effective disaster recovery services that were once out of reach.
Economic conditions have caused SMBs to have to do more with less. SMBs are tasked with protecting a growing amount of vital data. In 2012, Asigra conducted a research study in which 59 percent of respondents cited increasing amounts of data to protect as a driver to consider modernized backup services.
To reap the cost efficiencies cloud technology brings to disaster recovery, business owners are adopting the solution at increasing rates. In February 2012, Aberdeen Research surveyed 136 organizations of all sizes regarding their experiences with disaster recovery and cloud. It found 34 businesses had located their DR infrastructure in the public cloud. Of those, 52 percent used a remote recovery site run by a third party, 24 percent used a shared infrastructure within the cloud and 24 percent used a dedicated infrastructure in the cloud.
At the same time, disaster recovery technology has evolved, and the cost of providing that technology has fallen, which makes the shift towards RaaS more plausible. According Gartner Research, 30 percent of SMBs will have adopted RaaS to support IT operations recovery by 2014. Scrutiny from regulators and raising business costs has caused many SMBs to consider RaaS as a viable business option.
Though the economic recession caused some organizations to maintain old infrastructure, many are starting to question that strategy. During a disaster, SMBs could potentially lose customers, sales, valuable data, materials and equipment. In addition, failing tape drives, the need for recovery testing, technology refreshes and regulatory compliance are all events that drive businesses to reevaluate traditional disaster recovery strategies.
Debunking Recovery Myths
Many business executives assume that disasters happen infrequently. The Center for Research on the Epidemiology of Disasters published a study stating that natural disasters have increased by 233 percent since 1980. Although disasters are increasing, any number of events can put business continuity at risk, including system failure, data corruption, loss of datacenter or facility and human error.
Some executives believe that a disaster is the only event that threatens an institution’s business continuity. In 2011, Forrester’s study on the state of disaster recovery preparedness reported that 24 percent of respondents had declared disaster and failed over to an alternate site in the previous five years. An additional 40 percent of respondents admitted to having a major disruption to business operations. The same survey pointed out that 44 percent of respondents indicated power failure was the cause of their most significant disaster declaration, followed by IT hardware failures and network failures. In 2010, the average amount of data lost was 4.8 hours, and the average reported cost of downtime per hour was almost $145,000.
Many executives and IT staff believe that backing up data and shipping it offsite is where preparing for a disaster ends. SMBs tend to invest in file and system recovery, rather than investing in a solution that ensures total institutional recovery. In a real disaster, however, organizations need to recover more than just data. Full institutional recovery means recovering data, work groups, systems and the institution. Beyond recovery, SMBs need a communications plan, which identifies key team members, a company spokesperson and outlines acceptable response times.
Outsource Vs. In-house
Most SMBs typically realize around a 20 percent savings by investing in RaaS, rather than trying to run a disaster recovery solution in-house. The savings are further amplified when considering the cost of housing standby equipment in preparation for a disaster. Organizations that manage data and recovery internally have to invest heavily in infrastructure and often overextend IT staffs in the process. The cost savings that cloud computing brings to RaaS provides SMBs with a competitive advantage over organizations that manage disaster recovery internally.
Cloud computing’s pay-per-use pricing model enables SMBs to decrease cost by purchasing only the services they use, rather than investing in extra equipment required for physical backup and recovery. If the backup takes four hours, the organization is only required to pay for the four hours that the systems were on. And if a disaster occurs, businesses pay for the time that servers are running while the problem is being fixed. This means SMBs can eliminate the ongoing costs associated with storing “retired” equipment or owning a second secure data center.
This new pricing model removes many of the barriers of entry for SMBs, which is driving adoption of the RaaS model. Today, SMBs can receive enterprise level disaster recovery, including backup software, recovery infrastructure and engineer expertise for a minimum monthly payment. However, while cloud technology offers businesses a less expensive recovery option, it requires experience and expertise to navigate through the complex technology, ensuring that it is used effectively and efficiently. Cloud technology gives SMBs a faster, more cost-effective way to back up data and recover the institution.
Once SMBs are ready to evaluate technology vendors that offer RaaS, there are several factors to consider. Pricing varies but is normally based on a vendor’s expertise and delivery model. Many RaaS vendors can only support virtual environments, so it’s important to find out what percentage of the SMB’s environment can be virtualized. If that organization has legacy equipment, it will require infrastructure, and the institution will need a vendor that can restore physical and virtual equipment to provide access to both environments through a unified interface.
Once an organization has created a short list of RaaS providers that appropriately fit the technology environment, it will need to decide how much it wants to manage. Some services still require software licenses and maintenance or a hardware appliance that sits on premise. Other services completely offload the entire process, transferring the ownership of backup and recovery to the vendor, while still providing IT with control over tasks such as backup scheduling and restores.
Most SMBs have a limited IT staff, so it’s critical to stay focused on the tasks related to revenue. Many SMBs want to get out of managing disaster recovery and the constraints that accompany hardware maintenance. But by the time an environment outgrows its backup hardware, it typically warrants a complete overhaul because the product is no longer supported. Businesses that shift to RaaS not only significantly improve disaster recovery; they also gain the flexibility of cloud offerings, which can be dialed down or up according to business needs.
Contracts are another key consideration. SMBs should avoid signing contracts that exceed one year. With technology advancing so rapidly and profoundly, most business executives do not know what their environment may look like in one to three years, and there is no reason to be locked into a contract in order to get resources that the organization does not need.
With cloud computing and RaaS, SMBs can feel confident in the organization’s ability to recover data without fearing the finance department. The challenge is finding the right vendor that can match the IT architecture, provide the right service level agreement and ensure data security as well as compliance. SMBs should also remember that RaaS is still in the early phase, so it’s important for SMBs to make sure they are working with vendors with longevity and a proven track record.
Many executives do not think about a disaster until it happens. In 2011, Forrester reported that nearly 20 percent of organizations acknowledged that they do not test plans at all. The reality is that until an organization experiences an outage it will not be prepared for a major event. Disaster recovery testing minimizes the risk of losing vital data and ensures organizational readiness in case of a system failure. Recovery testing will also give the institution time to uncover and address legal issues, refine processes and reveal unexpected resources. Another key component of testing is testing an institution’s ability to quickly recover vital data and key systems hours after a disaster, rather than days.
Working with knowledgeable and experienced recovery experts will help to fill in any additional gaps in training. Training team members ensures that everyone understands his or her role in the plan and gives the institution time to uncover and address legal issues, refine processes and reveal unexpected resources–providing an opportunity for team members to practice making decisions in tense situations.
RaaS gives SMBs a more cost-effective, attractive outsourced solution for disaster recovery. By partnering with service providers with proven track records, SMBs reap the benefits of next-generation cloud technology, while having expert staff at their disposal.