WhattoConsiderwhen ImplementingDRaaSfor
AccordingtoGartner,downtimecostsmorethan$5,600aminute;therefore,everybusinessneeds areliablemeansofbackupanddisasterrecovery.
DisasterRecoveryasaservice(DRaaS)providesrecoveryinthecloudandisacost-effective andhighlyefficiententerprisedataprotectionsolutiontotackledowntime,datasecurity,and improvedataavailability.
Inthisblog,we’llsharewhatbackupadministratorsneedtoaskthemselvesinordertochoose andsetupaDRaaSsolutionthatworksfortheirorganization.
UnderstandYourCurrentRiskFactor
Thenumberofransomwareattacksisincreasingyearly,andeveryorganizationisatrisk. However,everyorganization’srisklevelwillbedifferent Yourorganizationmightbeatahigherrisk levelifyourcompanybelongstoahighlytargetedindustrysuchasmanufacturing,financeor healthcare
Moreover,complianceregulations,suchasFISMA,FedRAMP,CJIS,HIPAA,SOX,FINRA, requireservice providerstoimplementdatasecurityandprotectionmeasurestopreventdataloss,limit downtime,andensureemployee/customerdataprivacy Whiletheseregulationshaveimproved dataaccessandsecurityforthecustomer,theyhavealsoincreasedtheresponsibilityof organizationstoprotectthedataagainstmisuse,theft,orlossFailingtocomplywiththese regulationscanresultinfinesandincreaseyourorganization’sriskfactor.
Ontheotherhand,inordertocomplywiththeseregulations,organizationsneedtoinvestin cybersecurity,andbackupanddisasterrecoverysolutions;whichcanbeunnecessarilyexpensive, ifnotdoneright
Thebestwaytoascertainyourriskisthroughafullsecurityassessmenttoexposetheunderlining issuesandgapsinyourcurrentinfrastructureandthendocumentthoseareaswhichneed improvement.Thisdocumentwillhelpguidetheservicelicenseagreementconversationwiththe disasterrecoveryasaservice(DRaaS)provider,leavinglittleroomforsurprisesandunplanned downtime.
Herearesomethingsthatyouneedtoconsiderforathoroughriskassessment:
Identifymission-criticalapplications
Whatwillbetheimpactifoneormorecriticalapplicationbecomesunavailable?
Identifythefinancialimpactofeachapplicationbecomingunavailable.
Documentandassesstheproceduresfortheprotectionofmission-criticalapplications
DeterminetherequiredrecoverytimesforeachcriticalapplicationandwhatRTPOsyoucan achievewithremoteDisasterRecoveryversuslocalDRsite.ThiswillthenhelpdecidewhichDR setupworksforwhichapplication/workload
WhatistheCurrentStateofYourDRandBackupInfrastructure?
Ifyourorganizationisusingadisasterrecoverysolutionandyouwanttoswitchtoor complementyourexistingsolutionwithDRaaS,thesequestionscanhelpsimplifytheprocess:
Howfastcanyoursystemsrecover?(recoverytimeandpointobjectivesRTPOs)
Candataberestoredintheeventtheprimarycopy(orcopies)is/areunavailable,corrupted, orencrypted?
Arebackupcopiesprotected,andisolated,frommaliciousencryption/deletionintheeventa hacker/ransomwaregainsaccesstotheproductionnetwork?
Ifahacker,orransomware,weretogainaccesstothebackupserver,aretheyimmutableand safefrommodification,oraretheyatriskofmaliciousencryption/deletion?
Isbackupandrecoveryregularlytested,andupdated?Preferablyinanisolatedenvironment withoutimpactingproduction.
Assesstheperformanceandefficiencyofthebackupandrecoverysystemtodetermineits capabilitiesandtolearnwhatimprovementsyouneedviaaDRaaSsolution
ThefollowingshouldbetakenintoaccounttoascertainthecurrentstateofyourbackupandDR infrastructure:
BackupandDisasterRecoveryPerformance
Isdatabeingbackedupwithintheexpectedtimeframe?
Istheorganizationmeetingitsexpectedservicelevelagreements?
IstheDRsystemcapableofmeetingsetRTPOsintheeventofadisaster?
DeterminingtheBackupQuality
Whatisthebackupsuccesstofailureratio?
Istheinfrastructurecapableoftrackingandresolvingfailedbackupjobs?
Arebackupsregularlytestedtoensurethattheyarerecoverable?
Isbackupdataprotectedatrestandintransit?
AssessingRestoreCapabilities
Candataberestoredifprimarybackupcopyisencryptedordeletedbyransomware?
Howquicklycantheprimarysystemfailoverintheeventproductionisunavailable?
Howoftenarebackupstestedtoensuretheyarenotcorruptedandareavailablefordata recoverywhenneeded?
DoestheITteamperformexposureandgapanalysisbetweenrecoverygoalsandactual capabilities?
Isredundancybuiltintorecoverysystems(RAID,erasurecoding,3-2-1strategy,etc)?
ThesequestionswillsetrealisticexpectationsandwillinformtheDRaaSprovideraboutyour backupandrecoveryneeds.
WhatwillbetheFinancialRamificationsofanOutageDuringa Disaster?
Whilequantifyingthefinancialimpactofadisasterisonepartoftheequation,youalsoneedto considerthelossofreputationandgoodwill,fines,legalimplications,andothercoststhataddto thetotalcostofunplanneddowntime
Notonlydoyouwanttocalculatetheapparentcostofdatalossbutalsothelegalramifications andtheactualimpactofthelostinformationwhengoingforaDRaaSsolutionButitisdifficultto ascertainexactlyhowmuchmoneyyouwillloseifyourcriticalinfrastructuregoesdown Formoreinformation,readhowtocalculatethecostofdowntime
Withclouddisasterrecoveryservices,organizationscangetreliableoffsiterecoverywithout havingtoinvestinhardware.Moreover,organizationscanrelyontheexpertiseoftheDRaaS serviceproviderwhichallowsthemtoinvestsparinglyinhiringprofessionalswithrelevant expertise
Furthermore,cloudDRisanecessarystepinbuildinganinfrastructurecapableofsurvivinga ransomwareattackbecauseitallowsadministratorstostoreoffsitecopies;andsecurethem withdatasecurityfeaturessuchasimmutabilityandair-gap.
UnderstandingtheImpactofaDisasteronYourCustomers
Whathappenstoyourcustomerafteryourbusinessisaffectedbyadisaster?Today’s businessesdemandinstantfulfilmentofcommitmentsEvenasmallamountofdowntimecan resultinlossofcustomerloyalty,andaminuteofdowntimecancauseawell-builtbusiness reputationtocollapse
Additionally,therearenumerouscaseswhereacompromiseofaserviceprovider’snetworkled todisruptionandlossesfortheircustomersThesetypesofattacks,whereasystem/network
compromiseimpactsthecompany’scustomers,arecalledsupplychainattacksAnaptexample istheKaseyabreach
ServiceLicenseAgreements(SLAs)mustalsotakeintoaccountthecustomerexperienceinthe eventofadisaster
Bydeterminingwhichapplication(s)affectcustomersthemostallowsbackupadministratorsto planRTOsandRPOsanddefineSLAsaccordingly.
ChoosingYourDisasterRecoveryasaService(DRaaS)Solution
WhenchoosingaDRaaSsolution,it’simportanttobearinmindthatwhatworksforone,maynot workfortheother That’sbecauseproductioninfrastructureisuniquetoeachorganizationAsa result,thedataprotectionsolutionsmustbedesignedtocomplementitwhichiswhytheytooare unique
TohelpyoufindtherightDRaaSforyourneeds,herearesomequestionsyouneedtoaskwhen analyzingasolution:
Doesitincludeisolation(orair-gap)?
Ifbackupcopiesarenotisolatedandair-gapped,thentheyareasvulnerableasproductionIfa hackerorransomwaregainsaccesstothenetwork,thenthebackupserver(s)canendup encryptedwhichwillpreventdatarecovery.
Arebackupsimmutable?
Intheeventthehackerorransomwareistogainaccesstothebackup(s),aretheyprotected fromchanges/modifications/deletion?Ifnot,thenthemaliciousactorscanpreventdata recoverybyencryptingordeletingthebackups
Furthermore,immutabilityalsohelpscompliancewithindustryregulationssuchasHIPAA, FedRAMP,FISMA,CJIS,andhelpsorganizationsgetcyber-insurancefortheircriticalapplications.
Formoreoncyber-insuranceandimmutability,readmeetcyberinsurancerequirementswith immutablebackups.
Isadminaccessprotectedviamulti-factorauthentication?
Analysisofmultiplesuccessfulransomwareattacksrevealthathackersgainedaccesstothe networkviaacompromisedadminaccount.Therefore,it’snecessarytocontroladminaccessto criticalsystems,productionandbackup,usingmulti-factorauthentication(MFA).
Preferably,MFAshouldbeimplementedforeachendpointinthesystemincludingstorage, backupservers,networkcontrollers,etc.
WhatmanagementoptionsdoestheDRaaSprovideroffer?
Whileitvariesbasedonthevendor,DRaaSisoftenavailablewiththreemanagementoptions:
1.Self-ManagedDRaaS:Theoptionwheretheresponsibilityofconfiguration,management, monitoring,andrestoreistakencareofbyyourin-houseITteamWhiletheserviceprovider providesthebackupsoftware,andthesecureinfrastructureforthebackupcopies
2.PartiallyManagedDRaaS:Inthismanagementoption,partoftheresponsibilityofdisaster recoverylieswithyourin-houseITteamwhiletherestismanagedbytheserviceprovider’s
expertsThespecificsvarydependingonthearrangementbetweentheserviceproviderandthe customer
3.FullyManagedDRaaS:Asthenameimplies,inthiscase,alloftheresponsibilitylieswiththe serviceproviderfrominstallation,configuration,management,monitoring,testing,andtorestore; everything’sincluded
Whoisresponsibleforwhat?
Consideringthespecificityandrequirementsofmostdataprotectionanddataprivacy regulations,it’snecessarytoclarifytheresponsibilitiesoftheserviceproviderversusthedata owner
DependingonthechosenDRaaSmanagementoption,thescopeoftheresponsibilitymayvary. However,it’simportanttonotethatregardlessofwhomanageswhat,whileDRaaSprovidethe backuptoolsandmanagement,it’stheresponsibilityofthedataowner(thecustomer),to ensureeffectivedatasecurityanddataprotectionThisincludesanyliabilitythatmayincurinthe eventofadisaster
Conclusion
DisasterRecoveryasaService(DRaaS)providesthenecessarytoolstoorganizationstoprotect employee/customerdatafromcyber-threatssuchasransomware,hackers,malicious employees,etc.
TheprimarybenefitofDRaaSisthatbusinessesgainaccesstoprofessionaldataprotection capabilitieswithouthavingtoinvestinhardwareorspendingtimetrainingITpersonnel.Moreover, theorganizationremainsprotectedevenifanin-houseexpertisunavailablewhichisafixto situationswhereemployeesaresick,onleave/vacation,orwhentheyleavethecompany
Furthermore,withcapabilitiessuchascloudair-gappedbackupsandimmutability,DRaaScan bethedifferencebetweencompletedisruptionanddataloss,andaminorinconvenience;inthe eventofaransomwareattack.
Lookingtoprotectyourcriticalapplicationsusingdisasterrecoveryasaservice(DRaaS)?We canhelp!
Checkoutourbackupanddisasterrecoveryasaservice(BDRaaS)solutionformoredetailsGot questions?Fillouttheformonourcontactuspagetotalktoourexpertsfordemos,quotes,and moreinformation.
CompareArrayvsHostvsHypervisorvsNetwork-BasedReplication
MirroringvsReplicationvsClustering:ADataProtectionComparison
ComparingHighAvailabilityvsFaultTolerancevsDisasterRecovery
BaaSvsRaaSvsDRaaSComparison–WhichisBest
GETINTOUCHWITHUS
ContactName*
Company*
Phone*(extensionscanbeenteredinthe"Message"field)
EmailAddress*
Message
*Allfieldswithanasteriskarerequired
Send
Bysubmittingthisrequestyouagreetobecontactedandreceiveproductinformationviaemail orcall.Youmayunsubscribeatanypoint.
ABOUTSTONEFLY
Foundedin1996andheadquarteredinCastroValley–StoneFly,Inc wasestablishedwiththevisiontosimplify, optimizeanddeliverhighperformancebudget-friendlydatacentersolutionsforSMBs,SMEs,andlarge enterprises BeginningwithitsregistrationoftheiSCSIcomInternetdomainnameinMarch1996,StoneFlyhas madeiSCSIintoastandardwhichisnowusedbyITprofessionalsaroundtheworld
Withover24yearsofinnovationindatastorage,hyperconvergedinfrastructure(HCI),andbackupanddisaster recovery(DR)industriesandtechnologypartnershipswithmarketleaderslikeVMware,Veeam,MicrosoftAzure, andAWScloud,StoneFly’srangeofever-growingdatamanagementproductscontinuetogrowandinclude physical,virtual,andcloudsolutionssuchasNAS,SAN,S3,unifiedNAS+SAN+S3appliances,storagegateways, backupgateways,completebackupandDRsystems,RAIDsystems,IPvideosurveillancestoragesystems,data migrationsoftwareandmore–poweredbyStoneFly’spatented8thgenerationstoragevirtualizationsoftware StoneFusion™andintegratedwithenterprisefeaturesanddataservices
LearnMore
©2023StoneFly|AllRightsReserved