Article Disaster Recovery Solutions: Top 6 Questions to Ask
By Insight Editor / 28 Jun 2016 / Topics: Cloud Modern infrastructure
When it comes to disaster recovery, no two solutions are the same. Understanding exactly what you’re getting, how secure your data is, and the exact processes required to restore your data and systems is integral to maintaining an environment that can withstand a manmade or natural disaster.
According to the International Working Group on Cloud Computing Resiliency, the average IT downtime is 10 hours a year, making the average availability 99.6%. The costs of this downtime can range from $8,000 an hour in a small business and up to $700,000 an hour for enterprise businesses.
Implementing a disaster recovery plan that covers all your bases and ensures the safety of your data is an important step for businesses of any size, but once you’ve realized you need a disaster recovery plan, how do you know what you need to realize that plan?
When shopping around for third party providers of disaster recovery solutions like Insight, you need to understand exactly what you’re getting and what kind of support you’ll receive. Some plans may be completely hands-off, allowing your IT team to access backups and recover your systems. Another option is a completely managed disaster recovery service where the provider is hands-on, supporting you and your business completely on the backend.
There are a few concepts that you should understand when entering into a contract with a disaster recovery provider, and these 6 questions can help to decipher exactly what it is they’re offering.
What kind of support do they provide?
First, you need to understand exactly what the role allocations are going to be in the case of an actual disaster. Are they going to take complete responsibility for the regular backup, maintenance, and monitoring of your data? Or is your team responsible to schedule and implement routine backups and testing?
Clearly defining roles and responsibilities ensures that in the face of your worst-case scenario, everyone knows what they are meant to do.
Where is your information stored?
Traditionally, data backup was downloaded and stored on tapes and servers, archived for future reference or in case of a disaster. With colocation, we’ve moved past the idea of storing all of your backups in your office building. This means that if your building is damaged, you can still access your backed-up data, because it was stored off-site.
However, Gigaom.com reports that data centers are traditionally located close to populous areas so that data can be transfered faster. When cross-indexing the locations of data centers with the Federal Emergency Management Agency’s emergency declaration reports, it’s clear that the highest concentrations of data centers are also near disaster locations.
Ideally, your data should be backed-up on the cloud. Whereas before, the farther away your data center, the longer it took to backup or recover your systems. With cloud-based disaster recovery solutions, you could easily achieve a 4-hour recovery time objective (RTO) within a 24-hour recovery point objective (RPO). Clearly establish your provider’s average RTO and RPO before you sign on the dotted line, so that you know what your business continuity looks like in the face of disaster.
How is your data stored for security and compliance?
If your business has strict compliance regulations, it’s important to make sure the solution you choose adheres to those regulations. This is an obvious question. However many other important questions to ask are not so simple. Such as, who manages the encryption keys?
Most cloud providers give you the option to encrypt your data for you, and store the key through a 3rd party encryption. Maybe you’re required, through industry compliance regulations, to have your data encrypted before migration.
Clearly define how secure your data is during both transit and while at rest.
What are their testing & reporting procedures?
Are they managing the monitoring and auditing of your data, or are you? Can you use your own tools?
A disaster recovery plan should not be setup and forgotten. For the safety and security of your business’ data and processes, your disaster recovery plan should be tested at least once a year to understand your vulnerabilities. Some common data vulnerabilities include deployment failures, data leaks, and database inconsistencies.
Storage Newsletter reports that 58% of companies test once a year or less, while 33% test infrequently or never. Those infrequent testers are leaving themselves open to network connectivity issues, or improper configurations that could result in downtime.
What are the characteristics of your cloud server database?
You need to understand the quality of the data center where your sensitive data will be stored. While we mentioned above that you should know the locations of your backup locations, you also need to understand the components and redundancies that make it secure. These are called “Tiers”.
- A Tier 1 data center is at the heart of your operating network with non-redundant components and a single uplink.
- A Tier 2 data center adds redundant capacity components to ensure your data won’t be lost if your drives fail.
- At Tier 3, you have all of the above features, plus multiple uplinks to ensure connectivity and network speed.
- Tier 4 acts as the most secure of all data centers. With fault-tolerant components that are dual-powered, you can ensure that your storage, servers, uplinks, heating, ventilation, air conditioning, and chillers are always on, guaranteeing a 99.999% availability.
While Tiers 2 and 3 are often suitable for smaller businesses, enterprise business requiring dedicated servers for their backups should rely on Tier 4 for constant availability. Cloud services clearly define their uptime guarantee based on their servers capacity and functionality. For example, Microsoft Azure and VMware both promise at least a 99.5% uptime for disaster recovery solutions.
What does the SLA include?
Once you’re ready to sign on the dotted line, there are some things in the contract that you need to clearly understand before you get your pen out. First of all, you should have an understanding of your provider’s disaster recovery plan in the case of damage to their data centers, and how that affects any force majeure clauses they may have slipped into the contract.
Not understanding the key aspects of your disaster recovery plan could leave your business in the lurch when a true disaster occurs.
