newswire_banner

     



    Taking Disaster Recovery to the Cloud

    Jun 23, 2015

    It’s summertime! Children are enjoying a respite from school and families are embarking on long-awaited vacations. Still others are recovering from unprecedented flooding, hurricanes, and earthquakes, which begs the question: when did you last update your business continuity and disaster recovery plans? More important, when was the last time you provided training to all employees on those plans?

    This is such a critical information governance issue that we decided to dedicate this edition of Newswire to the subject. How critical is it? According to an EMC2 study in 2014, global enterprises were losing $1.7 trillion through data loss and unplanned down time. The overwhelming majority (71%) of the respondents were not fully confident they could restore their data if needed.

    Not surprising, this is an area in which the cloud is playing a growing role. An increasing number of organizations of all sizes have made the cloud an integral part of their disaster recovery strategy, spawning the growing disaster recovery as a service (DRaaS) market.

    Cloud-Based Recovery Services

    There are actually three kinds of cloud-based recovery services and they are differentiated by the provider and customer responsibilities. Here’s how Gartner Inc. describes them in its 2015 Magic Quadrant report:

    • Disaster recovery as a service (DRaaS):The service provider manages virtual machine (VM) replication and, optionally, physical machine (PM) replication from the production data center into the cloud, VM/PM activation inside the cloud, and recovery exercising within the cloud.
    • Recovery using infrastructure as a service (IaaS):The customer manages VM replication from the production data center into the cloud, the provider manages VM activation inside the cloud, and the customer manages recovery exercising within the cloud.
    • Recovery using backup as a service (BaaS):The provider manages VM backup from the production data center into the cloud, the customer requests VM restoration (either inside or outside the cloud), and the customer manages recovery exercising (either inside or outside of the cloud).

    Small and mid-size businesses were the early adopters of cloud-based recovery services because they lack the resources to manage a disaster recovery program on their own. Thus, provider-managed disaster recovery is extremely attractive because it requires no capital expense. Larger organizations are also increasingly recognizing DRaaS as a viable option. 

    Gartner estimates the size of the DRaaS market is approximately $1.3 billion and growing at a compound annual growth rate of about 30%. Gartner predicts that by 2018 this market will surpass the traditional subscription-based disaster recovery services.

    The heaviest adoption of DRaaS has typically been in regulated industries such as financial services, retail services, and health care. This appears to be changing – at least according to the providers who participated in the Magic Quadrant study. They have seen strong interest and adoption across all vertical markets. “[T]he number of knowledge workers has increased and dependence on application and data availability has a direct impact on business performance.”

    Room for Improvement

    Despite its growing popularity, there are some areas in need of improvement, according to the customers who participated in the Gartner research. The most-often cited area for improvement is service cost-effectiveness. In many cases, fixed recurring pricing per virtual machine per month can be extremely costly. Many providers have adopted alternative pricing models.

    Bottom line, advises Gartner, is that “Clients [should] include a provider’s maximum usage-duration policy as one of their due-diligence criteria.”

    Additional Cloud Considerations

    Of course, a number of additional criteria should be addressed when outsourcing to a cloud provider. ARMA International’s Guideline for Outsourcing Records Storage to the Cloud provides useful context for understanding the variety of issues that can arise when outsourcing active electronic information to third-party storage providers. In addition, it includes handy checklists of questions to ask potential storage providers.

    The publication identifies issues in three categories: vendor considerations, legal issues, and technology issues. The appendix of the publication is made up of checklists in each of these areas to help the user evaluate the vendor and the organization’s controls over access to information stored with a third party.

    The table below is an excerpt from that publication, highlighting questions particularly relevant to business continuity issues. There are many more questions in the full publication, available at www.arma.org/bookstore.

    (Excerpt from Vendor Concerns Questionnaire in Guideline to Outsourcing Records Storage to the Cloud)

    Where are the vendor’s physical servers located?

    Can the vendor provide international diversification, with hubs in various geographic locations?

    Yes

    No

    How long has the vendor been in business?

    How long has the vendor been providing cloud-based services?

    Can the vendor provide public, private, or hybrid cloud environments? (Check all that apply.)

    Public

    Private

    Hybrid

    Can the vendor separate data depending on the data type?

    Yes

    No

    Does the vendor have a firewall that will adequately address security-related needs?

    Yes

    No

    Are data encrypted when using a public cloud environment?

    Yes

    No

    Does the vendor offer redundant systems?

    Yes

    No

    Does the vendor offer guaranteed uptime?

    Yes

    No

    Does the vendor have redundant Internet connections?

    Yes

    No

    Is the data center location secured with systems to provide authorized access?

    Yes

    No

    Is the data center located in a country where geopolitical instability may be problematic?

    Yes

    No

    Identify the geographic locations the virtual environment spans.

    Is the data center located near known or potential hazards?

    Yes

    No

    Will data be stored so that it is segregated from (rather than comingled with) other organizations’ data? If yes, specify how, i.e., what hardware and software are used?

    Yes

    No

    Has the vendor’s backup strategy been reviewed?

    Yes

    No

    Is a backup done using disk to disk or tapes or other methods? (Check all that apply.)

    Disk-to-disk

    Tape

    Other – Describe:

    Can the vendor demonstrate a business continuity plan?

    Yes

    No

    Are business-critical applications being hosted?

    Yes

    No

    Is the data center designed around a virtualized environment?

    Yes

    No

    Are the data on virtualized servers?

    Yes

    No

     

    In addition to the publication mentioned above, ARMA International offers “Vital Records and Business Continuity,” an online course that is included in the Essentials of RIM Certificate program; and the following web seminars and publications that concern business continuity are available as well. You can reference any of these through the bookstore at www.arma.org/bookstore:

    Web Seminars

    “Business Continuity is More Than Just a Backup”

    “Business Continuity for Records and Information” – part of the RIM Fundamentals Series

    “Vital Records Program Development”

    Publications

    Emergency Management for Records and Information Programs, 2nd edition

    Vital Records Programs: Identifying, Protecting and Recovering Business-Critical Records,

    Evaluating and Mitigating Records and Information Risks

    © 2016, ARMA International