Virtualization and the rise of cloud storage have decoupled data from underlying physical hardware. As a result, businesses today have the flexibility and advantage of accessing their data from anywhere in the world. However, while data is more mobile than ever, many organizations do not have a plan in place for recovering their data in the case of a loss event.
This is a critical issue as the number of ransomware and hacker-related incidents continues to rise. Ransomware attacks a new business every 11 seconds and is predicted to do $20 billion in damage this year — a 57X increase from 2015¹. Only 13 percent of affected organizations avoided paying a ransom after suffering a breach², and the average cost of recovery from a ransomware attack is more than $1.85 million³.
Enterprises need technologies capable of scaling quickly, simplifying the complex, and adapting with changing security and organizational needs. This means it is imperative IT teams develop a response plan in the event of disaster to restore clean data and ensure business operations continue unaffected.
Disaster recovery is more than just backup
Disaster recovery (DR) solutions are not the same as traditional backup, though many backup vendors claim to provide DR as part of their solution. For example, a common shortcoming of traditional backup is a result of its scheduling — they may only update during off-peak times (typically at night) and store data on difficult-to-access legacy media. If you needed to recover key business data quickly, it could be weeks before you get it.
Conversely, a backup solution with effective DR stores data in separate locations. Enterprises can restore operations quickly and easily, creating VMs off-premises or in the cloud to run applications for business continuity. With a comprehensive DR strategy in place, companies can achieve a recovery point objective (RPO) of less than 24 hours, and a recovery time objective (RTO) of mere minutes — from an individual file to a complete virtual machine. Learn more about RPO and RTO on the Druva blog.
Historically, on-premises infrastructure was used for backup and disaster recovery, but was limited to the most mission-critical applications. With the transition to the cloud, costs have been dramatically reduced allowing the inclusion of more applications. By leveraging the extensive capabilities of the cloud, there are a number of ways to execute DR, including:
- Duplicating a data center — This method is less than ideal as managing a secondary data center is both time-consuming and costly. Additionally, if the new location is near the primary data center, it could be affected by the same disaster (e.g., power outage, natural disaster, etc.).
- Using a cloud appliance — As an example, Amazon Snow devices can be physically shipped for on-premises recovery. These are ideal in extremely data-intensive analytics use cases.
- Managing self-service recovery — By utilizing enterprise-owned or leased infrastructure hosted in the cloud, one can restore data and applications alike.
- Leveraging a disaster recovery as-a-service (DRaaS) provider — This method is similar to self-service recovery, but the DRaaS provider eliminates IT overhead and infrastructure costs. It backs up and restores operations via a cloud service provider such as AWS.
DRaaS — The comprehensive, ideal solution for recovery in the age of ransomware
DRaaS solutions are architected in the cloud, and comprehensively merge backup with effective DR. It leverages the public cloud for instant availability and long-term retention, while optimizing bandwidth to minimize the impact on its end users. Effective DRaaS uses technologies such as data deduplication, ensuring that only one copy of each file is maintained. This can reduce bandwidth costs by up to 80 percent and ensures that even remote office locations are protected. Public cloud vendors like AWS provide long-term storage at an affordable price.
Creating a DR plan to meet your particular needs
When creating a DR plan for your company there are the four essential steps to follow:
- Perform a business impact analysis (BIA) — Determine the amount of data your team manages, where it is stored, and which data should be considered mission critical. Evaluate how a disruption of this data would affect your business operations.
- Perform a risk assessment — Assess potential external situations that could negatively impact your business and the likelihood of their occurrence. This will allow you to gauge the probability of needing to execute your DR plan in the future. Two good risk assessment resources are this comprehensive guide and FEMA’s Risk Assessment Table.
- Design a risk management strategy — After completing steps one and two, identify a specific DRaaS solution for your business-critical data. Calculate the ROI of competing vendors and select the one that best fits your organization’s needs. As mentioned earlier, utilizing the public cloud provides savings in most major areas. A few elements that may inform your decision making include the following:
- RPO (how much data you can afford to lose)
- RTO (how quickly your business needs to be back in operation)
- Data residency laws (where your data can legally be stored)
- Budget for implementation
- Configure and regularly test your solution — A cloud-native solution allows you to immediately spin up virtual machines in the cloud for development testing (dev-test). Ensure your VMs operate as expected and that data has been backed up in compliance with your RPO. Testing is not a “one and done” affair — it should be a regular and ongoing part of your work. Set a cadence that makes sense for your organization and stick to it.
Putting a comprehensive DR plan in place should be a fundamental step in your IT strategy. With organizations under the constant threat of data loss, and even with the best precautions, it is only a matter of time before disaster strikes. Those implementing an air-tight procedure for overcoming these challenges will prove to be far more resilient and profitable in the long term.
¹ Cybersecurity Ventures, Cybercrime To Cost The World $10.5 Trillion Annually By 2025. Published 13 November 2020.
² IDC, IDC 2021 Ransomware Study: Where You Are Matters!, Doc US48093721. Published 20 July 2021.
³ Sophos, The State of Ransomware 2021. Published April 2021.