Building the Business Case for Disaster Recovery as a Service
When it comes to enterprise IT, awareness of the scale and scope of things that could go wrong and planning to mitigate them are no longer luxury extras – they are an absolute necessity. Organisational IT infrastructures are too operationally critical, too dynamic and complicated, and also targeted by malicious cybercrime for their managers to sensibly risk not having a disaster recovery (DR) plan in place.
However, approaches to DR are hugely variable. Some organisations maintain their own ‘mirrored’ version of their entire IT infrastructure at a second physical site, handling the whole thing in-house. Others outsource both the back-up storage of their software and systems and the restoration process in the case of an incident to third parties, primarily hiring a back-up datacentre on someone else’s premises. A third option is disaster recovery as a service or DRaaS.
What is disaster recovery as a service?
Like any ‘as-a-service’ aspect of enterprise IT, DRaaS migrates a particular function – in this case, disaster recovery – to the cloud, and enables the organisation in question to pay for precisely the amount of functionality they need, as they need it. Mostly, the chosen aspects of the organisation’s IT infrastructure, whether that’s the whole estate or just the contents of selected servers, are virtualised and replicated in the cloud, either on an entirely private virtual server, or, for a more cost-effective option, a cloud infrastructure shared with other organisations.
In the event of a system outage, whether due to hardware or software failures, human error or a malicious third party – or, indeed, a planned outage due to upgrades or maintenance – those virtualised back-ups of the organisation’s systems are spun up into a replicate estate in a matter of hours, minutes or even seconds.
Building a business case
All of which sounds very straightforward. Nevertheless, shifting from a different DR model to a DRaaS one – or choosing this model as a first foray into the world of disaster recovery – is not always a clear decision. Business leaders in smaller organisations may be unfamiliar with the world of cloud-based services and outsourced disaster recovery – or the need for disaster recovery at all. Business leaders in larger organisations may perceive a loss of control in handing over DR processes in this way.
As such, IT personnel wishing to build a case for DRaaS should adopt a two-pronged strategy in developing their arguments. DRaaS meets a diverse set of challenges, as well as carrying a rich set of benefits. By building a business case around these two areas, as well as drawing a clear narrative line as to why IT disaster recovery is now a more pressing business issue than ever before, IT managers can create a logical, clear, and comprehensive case for investment in disaster recovery as a service.
Part 1: tell the DR story
This part of the business case should focus on explaining why disaster recovery is a critical issue for organisations today, no matter what their size or sector. It should explore the different scenarios that might generate a need for DR, and explain how commonplace those incidents can be. Key areas to cover include:
- Hardware and software failure. Even the most reliable equipment sometimes fails. No vendor, manufacturer or developer has created a product that is entirely immune to breakdowns and outages. At the same time, damaging failures in internet connectivity or power supply can happen to any organisation at any time. Depending on your physical environment, some hardware may be prone to environmental degradation due to rust or air pollution. And of course, all equipment and software are ultimately prone to general wear and tear. Remember that your IT infrastructure operates as a holistic whole. In the worst-case scenario, a single point of failure on the network can cause damage or downtime across the entire infrastructure.
- Natural disasters and one-off events. From fires to floods, organisation’s IT infrastructures are vulnerable to a wide range of natural (or human-caused) disasters. Even something as apparently innocuous or even positive as a sudden uplift in website traffic can be enough to knock vital IT tools offline and cause outages.
- Malicious cybercrime. The cyber threat landscape has never been so dynamic or diverse, and it is growing all the time. Today’s IT departments need to defend against everything from digital vandalism in the form of mass spam campaigns or distributed are forced offline, to far more deliberate and sophisticated attacks that aim to harvest valuable data. The rise of ransomware has become particularly striking over recent years, and this demonstrates perhaps the most apparent need for a well-thought-out DR strategy. If a malicious party manages to encrypt your organisation’s vital data, then returning to a back-up may be your only option beyond paying a hefty ransom.
- Human error. Like hardware and software failures, human error can never be entirely mitigated. From merely saving over the wrong version of a file to misconfiguring a router and bringing down an entire portion of the enterprise network, human error occurs in even the most cautious and process-driven organisations. Furthermore, such outages and downtime can be among the most difficult to predict and prevent.
- Internal outages can become external headlines. It is essential to think beyond the immediate operational impact of a system outage, and also think about the knock-on effects for customers and clients, partners, and suppliers. Many system outages can prevent normal products or services from being delivered. In today’s landscape of digital news and social media, the reputational impact of such failure can be both significant and fast-spreading. Consider, for example, the huge reputational hit taken by American Airlines when a router failure ultimately led to the grounding of hundreds of flights. IT outages and failures can quickly turn into PR nightmares and have very real impacts on the business bottom line.
Part 2: the particularities of a cloud solution
Once you have created a narrative around the importance of DR, more generally, your business case should move on to consider the specific benefits wrought by a cloud-based, as-a-service solution. Here, the areas to cover include:
- Avoid upfront investment. Non-cloud DR solutions, whether managed in-house or outsourced to a third party, almost always involve upfront investment, whether in hardware, software licences or physical facilities – or a combination of all three. These costs can quickly become prohibitive – but they are completely unnecessary. A DRaaS solution, because it is fully virtualised and operates in the cloud, typically requires no upfront outlay at all – instead, it is paid for on a month-by-month or use-by-use basis.
- Pay only for what you use. On a related point, DRaaS solutions, like any as-a-service package, are costed on a scalable basis. Advances in virtualisation and automation mean that you can mix and match different services to suit. In contrast, the ability to run services on shared cloud infrastructure means that the ongoing expenses of DRaaS typically fit the cash flow of small businesses very well.
- Rapid recovery. Many smaller businesses still think that tape-based back-up or offsite disc back-up is enough to cover them in the event of one of the scenarios outlined above. What they fail to consider is that the recovery process from such sources can take as much as ten days. If vital services or data are lost in the outage, your business could potentially be forced to run without them for two working weeks. A cloud-based DR solution, by contrast, can replicate your estate in minutes.
- Redeploy skilled staff to value-add tasks. When DR management is taken out of IT staff’s remit, their time is dramatically freed up to focus more on long-term strategy and infrastructure enhancements.
- Easy to deploy testing. Any DR solution has to be regularly tested to ensure that it works as planned, within the timescales expected, and without dropping any data. DRaaS solutions are particularly easy to test because everything is cloud-based.
- A roadmap for cloud migration. If you have any plans to migrate some or all of your infrastructure to the cloud in the future, then deploying a DRaaS solution can kill two birds with one stone. You have the option to migrate everything to the cloud as part of the initial implementation, or can enjoy the peace of mind of knowing that it forms a clear structure for such a migration in the future.
The complete business case
With this two-pronged strategy, you can create a business case for disaster recovery as a service which not only sets out the necessity for DR in general but also powerfully sets out the benefits of a DRaaS model in particular. Disaster recovery does not need to be an operational headache or a crippling cost; it can be as smooth and straightforward as getting your head in the cloud.
APH can guide you through every stage of a successful ERP implementation, from deciding the best approach and planning your project, through delivery, testing and evaluation. Get in touch with us today.