Think you have the “total package” for disaster recovery with your cloud environments? Take it from someone who has seen many recovery efforts fail to go as planned, your cloud package might not check off all the DR points you think it does. Cloud computing is an excellent means to improve a company’s defensive posture against failure, AS LONG AS the cloud that is being used has built-in redundancy for local and geographic failure. Geo-redundancy, coupled with intrusion detection/prevention and denial of service attack mitigation capabilities, constitutes a total cloud disaster recovery package.
However, many companies who believe they have the “total package” are making a common assumption - one that I’ve seen made time and again – that can backfire with major consequences. Historically, IT departments backed up their critical systems on tape drives or other media and then if/when a failure occurred they used those tapes to recover the data onto a new system and/or disk drives. But these backups assumed that an available physical location (like a datacenter) was there and available. When there wasn’t, all operations stopped.
The same is true of cloud companies. If a cloud provider uses a single datacenter with no data replication to other diverse locations, then there is no ability to recover from a geographic event (electrical, internet based, weather, terrorist, etc…). This is true unless the company also subscribes to services from companies like SunGuard who specialize in providing disaster recovery services by leasing trucks with equipment, providing shared rack space, or providing dedicated rack space. Each of these options carry a hefty price tag. Additionally, the actual success rates when testing them are less than desirable. SunGuard-like solutions when fully tested usually reveal gaps that preclude the test from fully accomplishing the goal.
The next reasonable solution is to work with a cloud provider who uses multiple datacenters. However, even this isn’t sufficient, unless that company can also successfully demonstrate the ability to transition the operations from datacenter A to datacenter B, and meet the Recovery Time Objective and Recovery Point Objective (RTO and RPO).
The optimal disaster recovery solution is for companies to tie themselves to a cloud provider that can supply not only the benefits of cloud computing (flexibility with compute resources, built in local redundancy, limited to zero IT personnel expense, expertise in DB, networking, firewalls, and intrusion detection and prevention, etc…) but also geo-disaster recovery. When bundling these services, the cost factor can be significantly reduced for the company and the successful testing and execution skyrockets.
If you are a Cx0, it’s not enough these days to think your data is safe because it is in the cloud. it is important to pick a provider that covers geo-disaster recovery services and can demonstrate its successes directly with you.
There are some key questions you can and should discuss with any cloud provider as you consider your options:
1. Are you located in more than one part of the country?
2. Will the systems be replicated in entirety (operating system and data) to diverse geographic locations?
3. Can we test the DR process?
Additional questions that should be asked include:
Do you have intrusion detection and prevention services natively?
How will you handle denial of service attacks?
What additional infrastructure services come with your cloud?
If the provider can answer these questions favorably then it’s time to take the next step: ensure strong customer service and uptime are reported and proper certifications are in place. Good luck and see you in the cloud!