Among the many managed services, typically based on cloud computing and technology, are the as-a-service offerings such as software as a service, platform as a service and infrastructure as a service. Popular adaptations of these resources include disaster recovery as a service, backup as a service and even cybersecurity as a service. They can provide end-to-end support for the specific requirement or can supplement legacy activities by adding cloud resources to help maintain continual operations.
For organizations with an established technology disaster recovery (DR) program, disaster recovery as a service (DRaaS) can automate specific functions, such as updating procedures, providing real-time analytics on the status of the program and DR plan exercising. Organizations with minimal or no DR activities can use DRaaS resources to configure a suitable and cost-effective program in a relatively short amount of time. Depending on the resources available from the DRaaS vendor, additional activities such as monitoring critical infrastructure elements, backing up data and applications and even monitoring of production environments can be selected.
Among the critical steps to take in advance of a DRaaS implementation include the following:
- Ensure that senior management supports the program and its associated investments. Be prepared to brief management on your recommended actions, prepare operational and financial justifications for the system and how the organization will benefit, and work with the company's finance and accounting departments to understand the financial implications of the new service.
- Determine the role(s) the DRaaS platform will satisfy. Establish program objectives, review the original DR program and its activities, and determine which activities will be transferred to DRaaS.
- Identify and interview multiple vendors and their customers. Examine documentation provided by the vendor, check vendor references and financial positions, find out about vendor teams that will be assigned to your project, consider using a third party to help facilitate the vendor selection process, and prepare a service-level agreement and remedies in case of vendor non-performance.
- Conduct an organized request for proposal process. Obtain suitable proposals, evaluate all submissions, conduct follow-up interviews as needed, perform a financial analysis of the finalists, and submit a recommendation to management for approval. Also, be prepared to respond to management questions as well as questions from the organization's finance and accounting departments.
- Work with the selected vendor to prepare a project plan. Determine if you and your team will be active participants or will let the vendor handle most of the work, find out how the DRaaS vendor ensures access to critical data and other resources is limited and data integrity is protected, and determine what the vendor does if your data is lost or corrupted.
- Modify internal DR resources to accommodate the new DRaaS program. Update network resources as needed to support the program and install any additional supporting equipment on-site, such as an equipment rack, backup power supply or a secure area for DRaaS equipment.
- Prepare internal training and awareness activities, if they are needed, and schedule their rollout to coincide with the new DRaaS program.
- Schedule periodic status meetings to ensure system deployment is aligned with the project plan.
- Complete pre-cutover tests of the service to ensure all contracted resources function properly, the service can be accessed securely and training is completed for employees who will be regularly using the service.
- Complete the service cutover, transition all existing DR activities to the new DRaaS platform and update documentation on the service.
- Conduct acceptance testing of the DRaaS resources to ensure a successful deployment, ensure that documentation has been provided, schedule an initial run-through of the service's basic and contracted functions, brief senior management on the system's operational capabilities.
- Schedule an initial run-through of the DRaaS testing capabilities in a production environment and coordinate with the vendor to set up a monthly schedule of activities for the service.
Once the system is operational and in production, review all components of the original DR program that have been moved to the DRaaS system. Ensure that all employee contact lists, vendor lists, emergency contact lists, and emergency response, recovery and restoration procedures are up to date. Provide refresher training to employees who are likely to use the service, and make sure the service is used on a regular basis so employees will know how to respond in an emergency.
The DRaaS implementation process is pretty much the same as for most IT projects. Consider using the software development lifecycle as a framework for conducting the project. Keys to success in this project are:
- understanding exactly how the DRaaS system is going to support your DR efforts;
- working closely with the selected vendor to ensure that all requirements are satisfactorily fulfilled;
- keeping management informed during the project; and
- conducting acceptance testing and testing of system functions once the system has entered into production.
Dig Deeper on Disaster recovery planning - management
Related Q&A from Paul Kirvan
A strong data protection strategy must follow applicable standards and regulations to protect data and comply with privacy laws. What are some key ... Continue Reading
A major element in maintaining business continuity during a pandemic is taking care of employee health. Pandemic-specific planning must be a part of ... Continue Reading
This backup and recovery audit checklist offers a comprehensive group of controls and evidence examples to get you ready for the important process of... Continue Reading