Choosing a disaster-recovery-as-a-service (DRaaS) provider can be an overwhelming task, especially if your organisation is using DRaaS as a first step into cloud services. There are many solutions to choose from including large providers like Google, Amazon, and Microsoft, and also smaller or more focused providers.
The decision to work with a cloud provider for DRaaS can be clearly defined by classifying your requirements and confirming that the provider that you choose completely meets those requirements. Large cloud service providers, or “hyperscalers,” may seem like the best choice for your cloud needs. However, choosing a provider based solely on the size of the organisation is not always the best criteria. Hyperscalers do provide certain advantages, but keep in mind that there are also benefits to choosing smaller cloud providers that will offer individual attention and deliver more customised services. Doing your due diligence while investigating all of your options can benefit you in the following ways.
How to find the best data protection strategy
Part of any analysis needs to recognise that not all application workloads are created equal. Each will have its own requirements and business value. They need different resources, and have varying levels of importance and impact to your organisation. This part of your research is an important consideration when you’re planning data protection and Disaster Recovery (DR) solutions.
For data protection, you could treat all your workloads in the same way and apply identical policies. Although, it is important to remember that a ‘one size fits all’ approach isn’t the most effective or economical. With this type of thinking, you may end up over spending for what you want in order to achieve the highest standard of protection to everything, or you’ll end up with less coverage than is ideal for your most critical workloads.
To find the best data protection strategy for individual workloads, consider each one and its importance to your organisation. Also, be sure to consider the resource requirements for different workload types. In the end, think about which part of data protection will give you the best coverage for the lowest cost.
Data protection is generally split into three different strategies: DR, backups, and archives. Disaster recovery involves keeping two identical copies of a workload running at the same time. If there’s an issue with the production copy, the workload quickly and seamlessly fails over to the DR infrastructure.
Disaster recovery and RTOs
Disaster recovery primarily focuses on Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs). RTO is the measure of time that it takes to get a workload back online, while RPOs measure the age of the data in a backup or DR copy.
A major question for determining your organisation’s RTO tolerance is: “How long can this workload be offline before it creates a major problem for the business?” It is common to think that the only way to think about disaster recovery is to ask “How quickly can I get this environment back up and running?”, but not all applications are equal, budgets are not unlimited, and disaster recovery planning usually prompts the business to determine which applications are critical to the success of the business. In addition, IT organisations need to be concerned about application unavailability creating employee work stoppages or irritable executive management. These types of concerns will determine which workloads are required to use which type of DR product to guarantee high availability in the case of an outage.
Backup strategies needs to be considered
A backup strategy needs to be considered next. Copies of data need to exist in at least two locations at a minimum. This is essential in the event of a ransomware attack or a catastrophic human error that deletes vital data. Workloads with frequent changes will need to be backed up more often than others. Your CRM software may need to be backed up multiple times per day while a web server for mostly static web pages might be backed up less frequently. The discussion around RPOs as part of the overall data protection strategy would be discussed around the above-mentioned scenarios. The key questions for your RPO needs would include: How much data can you afford to lose? How much would be lost if you needed to restore from an image taken three hours ago versus three days ago? The ideal RPO would be near zero and can be achieved with different backup schedules for different workloads.
The data that is frequently used and changed on a daily basis needs to be copied and retrieved often so that it can be brought back with as little loss as possible in the event of any type of failure or disaster. On the other hand, the files from last year’s marketing campaign are unlikely to change often, and can be put on a less frequent backup schedule. The priority here is whether your workload involves a lot of writes (changes) or is mostly read-only. These scenarios will help you decide on backup schedules that make sense and also save you money while still protecting your business-critical data.
Backups and disaster recovery are closely related. RTO and RPO questions and calculations are not entirely united, and discussions about requirements for one often affect requirements for the other.
Organisations must archive their data
The last piece of the overall data protection solution is archiving. Some data must be kept for legal and other compliance reasons, but infrequently needed and may only be required in an audit. In order to decide which data to archive, it is important to determine whether the data will ever be looked at again. If it is decided that it will not, then this data doesn’t need to take up resources in the production data centre. Although, if requested, you will need to be able to get it back within a reasonable time. Tapes are still used by some organisations; however, tapes can be difficult to restore data from when it is time to get that data quickly. A better solution might be to put your archive data in low-cost cloud storage like object storage which will still make it easy to recover any of that data that is needed.
Ultimately, disaster recovery requires the right kind of services to meet a combination of RTOs and RPOs that are required. In the end, choosing the right partner is critical; organisations should always look towards best-in-class solutions that offer leading onboarding, integration, and support that’ll meet the needs of any organisation.
Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.