BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
If you consider your current disaster recovery capabilities nominal -- or perhaps insufficient for your peace of mind -- a DR as a service arrangement may make sense.
Validate your business requirements for DR by reviewing the results of a business impact analysis (BIA), which should identify mission-critical IT assets and data. BIA results specify recovery time objectives (RTOs) and recovery point objectives (RPOs) for your mission-critical IT assets. Make sure the vendor is aware of and can support your RTOs and RPOs. You should then analyze this data and determine what tasks the DR as a service (DRaaS) vendor will perform -- for example, data backup, server backup, DR plan development or DR plan testing.
Once you have verified that the DRaaS vendor supports your requirements, take these eight steps to ensure DR as a service is implemented correctly in your organization:
- Consider a phased migration to DR as a service. For example, migrate certain applications, databases and data to the service for a few months and use that time to examine vendor support.
- Verify that vendor data centers used for your business comply with standards and regulations, such as the Health Insurance Portability and Accountability Act, Gramm-Leach-Bliley Act, Payment Card Industry Data Security Standard, ISO 27001 and NIST Special Publication 800-34.
- Determine how a DRaaS vendor ensures access to your data is limited and data integrity is protected. Find out what happens if your data is lost or corrupted.
- Determine if servers and other devices used for your computing environment are dedicated to your organization. Be wary if the vendor houses data from multiple users on servers.
- Establish service-level agreements and an emergency remediation process in case the provider does not fulfill its SLA obligations.
- Take advantage of all available DR plan development and testing resources to ensure your DR plan is appropriate and will work when needed.
- Get details on DR as a service vendor staff, especially the people who will manage your infrastructure. Examine credentials and references.
- Find out how the vendor plans to handle the security of your infrastructure, such as firewalls, antivirus, encryption and intrusion prevention systems.
Disaster recovery as a service not limited to large providers
When a large DR as a service provider might make sense
Cloud DR service provides affordability, flexibility
Weigh options for DR in the cloud