IDC says disaster recovery as a service has fundamentally transformed DR planning by significantly reducing the cost of a DR solution and simplifying its implementation. Organisations that do not have a complete DR plan should consider DRaaS solutions to ensure organisational survival under the worst of circumstances.
Phil Goodwin, research director, IDC's storage systems and software says organisations without a complete DR plan are accepting existential risk to the organisation. He goes on to add that disaster recovery as a service can help these organisations address that risk.
“DRaaS fundamentally changes the economics and challenge of disaster recovery, making it both much more affordable and simpler than traditional DR plans," he added.
To get an Asia perspective, FutureCIO spoke to IDC's Chris Morris, VP cloud, datacentre and partner ecosystem research, Asia-Pacific (excl. Japan) to shed light on how DRaaS is evolving in the region, including challenges and opportunities for organisations looking to enhance their business continuity readiness in light of the uncertainties the pandemic continues to bring to the markets.
Setting it straight
“Let’s start by getting away from the ‘Disaster Recovery’ precept – that can imply major impact to whole swathes of IT infrastructure – it’s a common misunderstanding with non-IT people,” said Morris.
Floods, fires and tsunamis do happen occasionally, but the most common causes of IT outages before COVID-19 were smaller and localised – one location or a limited number of applications that affected a part of an enterprise’s operations. Covid changed that.
He opined that it is better to think of Business Continuity (BC), or BC/DR, for maintaining the continuity of business services to internal and external users.
What does Disaster Recovery (DR) look like in 2022's cloud-first, post-pandemic Asia?
According to Morris, BC/DR has got plenty of airtime since this time two years ago when many enterprises around the region were caught unaware by the widespread disruption caused by COVID-19. Probably the biggest change since then is that business and IT do not exist without each other, making the need for IT resiliency very apparent.
“The focus has shifted from that of IT-centric infrastructure and application recovery plans to a bigger focus on the delivery of individual end-to-end business processes that refocuses investment from IT infrastructure recovery to business process resilience,” he added.
He cited the example of support for remotely located employees – perfectly functioning applications in an office are of no value when those services can’t be delivered to remote users because of disruptive demands for new hardware, connectivity bandwidth, altered security responses.
“Along with that has been the change in planning assumptions for the duration of outages and business risk assessment. In the past, for workloads like email and collaboration services, it was often assumed that services would be reinstated within hours and that BC investment was not cost-justified,” he commented.
It could be decided that the business unit affected could do without them until the service was again available. Post covid, plans must cater for a much wider scenario where the bases of the business model are all changed.
BC/DR funding is now linked to the business process, not a discrete budget item shared across the service delivery infrastructure.
What are the benefits of cloud-based DR?
Morris reminds us that BC/DR is an insurance policy – you must have it and may never need it. Some businesses gambled on not having one because of its cost, judging that the risk of a prolonged outage to their business was low and that the cost wasn’t justified. COVID-19 exposed the weakness of that strategy.
“Before the availability of cloud-based systems, infrastructure plans often included multiple datacentre locations that didn’t share power, had different network connections, etc. Should one become unavailable, workloads could be swapped to the other,” he added.
He warned that moving the processing of enterprise applications to another site is a major challenge and has many potential difficulties – activating the DR plan is a big deal and has many consequences that must be quickly assessed before the process begins.
Also, initially setting up and maintaining this environment is complex and expensive and will usually result in IT assets that have low utilisation levels.
Morris noted that using Cloud-based BC/DR brings the inherent benefits of cloud services and can mitigate some of these costs – flexibility of capacity, pay only for what you use etc.
“Cloud enables organisations to set up individual BC/DR plans for different workloads that match the requirements for various workloads with different SLAs, RPOs and RTOs that different business services need,” he explained. “Maintaining a separate warm or cold second datacentre site is not always necessary and heft CAPEX bills can be minimised.”
What DR lessons can we learn from 2020 to 2021?
Morris believes that for any CxO, BC/DR is not a nice-to-have and spending cannot be skimped upon. For the CIO, BC/DR is no longer just about recovering the applications and databases – continuity of the business process is the goal, and all the delivery endpoints may change quickly and without notice.
“It is about strengthening the support services from partners, especially focusing on their ability to provide remote support. Also validating their capability to provide physical support to remote sites. It is about having a cloud-first for BC/DR,” he continued.
When considering a cloud-based DR strategy, what should chief information officers remember?
Morris cautions that cloud access is not guaranteed, especially if many organisations need to activate BC/DR plans at the same time. He reminds us that while cloud services are elastic, they are not infinitely elastic.
He suggests upgrading risk assessment and management capability, any investment in BC/DR should be based on business risks and funded appropriately.
A cloud-based BC/DR plan must be maintained and tested just like any other. SLAs, RPOs and RTOs must be set at appropriate levels for the criticality of the service they're addressing.
As with a traditional BC/DR setup, you need to test the system regularly, including BC/DR strategy within the DevOps cycle, integrating with change management processes, and communicating and educating all users and setting their expectations.