Disaster planning has been put in place by many businesses over the years, but as digitalisation changes the way we work, it also changes disaster recovery – and makes it much more complex – which means increasing numbers are looking to outsource it.
For any business, a disaster that results in downtime and not being able to run – anything from a flood to a cyberattack – can be, well, disastrous.
For instance, 33% of UK businesses say they have lost customers following a disaster, according to CSO Online, while 40% of SMEs experienced eight or more hours of downtime due to a cyberattack.
This is why disaster recovery (DR) plans should be essential. But while most businesses have a plan of some sort, it is not always kept up to date as it should be – especially in smaller businesses due to the time it takes – and this is why disaster recovery as a service (DRaaS) is gaining in popularity.
Blake Jeffrey, general manager – security and identity at Intelliworx, says that DRaaS is becoming increasingly essential. “Organisations have stopped relying on the more traditional disaster recovery methods, including backups, and their reliance on cloud services claiming high availability,” he says. “This has been driven in part by a compliance shift within organisations, with cybersecurity insurance requiring more thorough methods to protect data in case of loss.”
Matt Paynter, vendor alliances director, UK and Ireland at Exclusive Networks, agrees that DRaaS is gaining significance. “We’re seeing more businesses favour DRaaS over traditional plans due to its scalability, cost-effectiveness and automation,” he says. “In the ever-evolving digital landscape, DRaaS is becoming more prevalent in businesses cyber resiliency plans.”
Jamshaid Anwar, IPI’s director of product management adds: “For businesses looking for a robust DR solution but without the large capital expenditure typically associated with traditional on-premise solutions, DRaaS offers a viable alternative. Not only are DRaaS solutions quick to enable, fully scalable to meet fluctuating requirements and offer more resilience than separate DR solutions, but they help organisations fulfil their green commitments, requiring less space and resources than their traditional counterparts.”
Changing threat landscape
Greg Jones, VP of business development for Kaseya within EMEA, says that while DR is the last line of defence, businesses should lead with it and look at the threat landscape, asking the question of when bad actors get into a business, what are the plans to mitigate that? “It’s not a case of if they get in because you need a mindset to think they are sophisticated enough to get in,” he says. “Businesses need to plan for the worst-case scenario. And anything better than that is a win.
“MSPs need to be leading with this for all their customers, explaining to them the narrative behind this is not just backing up data, it is true business continuity. What happens if there’s a flood and everything’s down? Can you set up virtually and work from coffee shops, or from home? Whatever happens, can employees get into the system?
“It’s a changed landscape over the last few years. It used to be about protecting business systems in the event of floods, fires, that sort of thing. But now it’s a lot more varied with online, cloud, data etc which means there’s more threats but also more opportunities.”
This changing landscape means there is more focus in DRaaS on online threats. “Having been in the industry for 20 years, I can comfortably say that backups, and more specifically immutable backups, have never been a hotter topic or more in demand as they are today,” says Rob Mackle, managing director (EMEA) and co-founder, Assured Data Protection.
“Since the evolution of ransomware, more of our customers have been victims of ransomware attacks,” he adds. “In fact, it seems that ransomware attacks continue unabated, with the greatest number of attacks occurring in 2023. According to Statistica, as of 2023, more than 72% of businesses worldwide were affected by ransomware attacks. Any data that is needed for a business to function or has relative value and cannot be simply recreated needs to be protected.”
Cloud changes
The growth in use of the cloud also helps with DR services. As James Watts, managing director of Databarracks, notes, using the cloud as a DR site is one of the best use cases for cloud computing. “Costs are kept low, but you can rapidly scale up resources when you need them for testing or in real disaster invocation,” he says.
“It’s also ideal for outsourcing, meaning customers can rely on getting the highest standard of DR whenever they need it, but don’t need to overstretch internal resources. It means organisations have more freedom to focus on core business and innovation.”
Jamshaid agrees that the cloud has changed DR services. “Traditionally, organisations had to integrate DR into their existing technologies, resulting in duplicate infrastructure footprints that required regular and time-consuming upgrades and support,” says Jamshaid. “In addition, those legacy solutions that share upstream services between primary and backup systems quickly become unusable in critical situations due to single points of failure – rendering them unfit for purpose.
“The cloud presents an ideal alternative for DR services – offering a cost-effective, quick-to-enable and more reliable solution for organisations.”
But Jamshaid warns that it would be unwise to think that a move to a cloud-based DRaaS solution automatically equates to success. “Not all cloud solutions are made equal,” he says. “Indeed, cloud solutions are at the mercy of providers, who are in turn reliant on public or private cloud infrastructure that can incur technological failures, and some solutions don’t offer the appropriate business continuity planning that is vital to the success of cloud-based DR solution. Organisations considering a move to a cloud-based DR system should do their research, considering smaller providers as a more reliable alternative.”
The cloud also brings complexity, as Andy Brown, technical services director – advanced solutions UK at TD SYNNEX, notes. “The introduction of services and deployment options such as IaaS, SaaS, PaaS and external data services, has brought an element of complexity to creating a business-focused DR strategy,” he says. “As businesses transition to the public cloud from legacy infrastructure their needs change, and so will the DR requirements.
“Traditional DR required time, technical skills and huge upfront costs, such as Capex purchase of infrastructure to be deployed and managed at a secondary data centre location, along with power/cooling costs and additional carbon emissions. This has led to a shift towards DRaaS in recent years. DRaaS pushes this complexity to an external partner who provides a fully managed service and expertise.”
Reseller conversations
The changes also bring opportunities for resellers that they should discuss with customers. “Advancements in technology offer new opportunities for our reseller partners to re-engage with their customers and get a deeper understanding of their current state and business goals,” says Andy. “For customers to be successful in their approach to IT modernisation, there needs to be a focus on what’s required for specific applications. However, deciding on the right technology can be a difficult and complex process.”
Blake adds that at Intelliworx, they always discuss business plans for disaster scenarios with customers. “In these conversations it is crucial to identify important applications and services for the customer, assess potential system impacts due to unavailability and have discussions around classifying which services are considered most important and more impactful,” he says. “It is also important to develop a detailed plan for bringing the customer back online in the event of a disaster.”
But for successful DRaaS implementations, resellers need to thoroughly understand their customer’s needs first, Jamshaid notes. “This starts with identifying the financial impact on their business in the event of a disaster,” he says. “Within these early conversations, it’s essential to identify other business-critical services that need to be integrated into the DR strategy to improve operations during downtime. This will ensure that operations can continue at the necessary level if the DR plan needs to be invoked.
“Only after these crucial conversations take place can resellers delve into more detailed considerations. These include evaluating the ease of invoking the solution, determining whether the customer’s current business continuity plan covers potential loss in cloud operations, and assessing whether the reseller’s DRaaS Solution is designed to span different geographical regions. These questions prompt customers to think critically about the specific design aspects they desire for their DRaaS, allowing resellers to tailor options to best meet business needs.”
James adds that customers are typically doing one of two things. “If they have a traditional DR solution, they are usually looking to reduce cost and potentially decommission one of their data centres,” he says.
“If they don’t have a traditional DR solution, they are looking to add the capability and improve their recovery speeds. Understand what they are looking to achieve and tailor your discussions around that.
“The shared driver across both cases is that everyone is also looking at how to mitigate cyber risk and recover from a cyber incident.”
Matt adds that IT resellers should discuss ransomware protection within DRaaS. “They should emphasise its proactive security measures, data integrity checks, and quick recovery capabilities,” he says. “Conversations should focus on tailored plans and role of DRaaS in fortifying business continuity against ransomware attacks, ensuring customer data safety.
“DR trends prioritise ransomware protection, with AI-driven defences customers seek proactive solutions offering rapid recovery, data integrity checks, and real-time monitoring against ransomware attacks. They demand scalable, cloud-centric DRaaS, emphasising robust security measures, compliance, and minimised downtime for uninterrupted operations.”
Testing times
Rob adds that resellers should emphasise the importance of testing DRaaS solutions to customers. “Test, test and if in doubt do another test,” he says. “All modern solutions should have built-in integrity checks and data continuity checks. However, you only really know if you can recover your data if you do it. All sorts of issues and unforeseen circumstances arise when you try to recover your systems.
“We encourage resellers to do DR testing annually for customers, to guarantee that the DR solution continues to function and perform, and that data can be recovered according to company RTO and RPO objectives.
“A top tip is to distinguish between a DR test and a DR invocation, as tests should never pose any risk to the production environment and will be conducted in total isolation from all production and cloud connectivity. Assess what applications you need to have backed up and running to operate as a company. This analysis often helps you to better form RTOs, which in turn helps to form a cost benefit analysis on the different types of backup and recoveries available on the market.”
Immutable backups
Resellers also need to keep on top of the trends within DRaaS when they are talking to customers, such as the importance of immutable backups. “Seeing that data is the lifeblood of most organisations, and the loss of your data or access to your data would affect the running of your business, immutable backup is the ultimate safeguard against data loss in the event of ransomware attack or other serious data related event,” says Rob.
“Having immutable backups in place provides the assurance that if the worst does happen, your servers, applications and data can be brought online quickly, allowing your business to continue operating with minimum disruption – addressing one of the major concerns of businesses today.
“We suggest that businesses beg, borrow and steal from other budgets in order to ensure they have a good backup and DR solution in place. There are cost effective solutions out there that can be employed, but the old adage of you get what you pay for comes into play – especially when it comes to dealing with a data loss scenario that involves a ransomware attack. The key thing is to ensure that the backup data is immutable, and whatever DR solution is put in place, it is tested on a regular basis.”
Greg agrees on the importance of immutable backups. “When a bad actor breaches a system, they go for the business’ backups,” he says. “They destroy the backup first because they don’t want you to be able to recall that. Now that’s why you have multiple copies of the backup off site that they can’t get to and delete them. Ours is an immutable cloud, and we can’t even delete that.”
Trends
Cost management is a key focus from customers when it comes to DR, Blake adds. “There is demand from customers for paying only for what is used in the DR environment, leading to more organisations wanting to leverage public cloud services,” he says.
Another trend is the increasing desire for greater customer control, adds Jamshaid. “Today’s customers want to manage things like billing and be able to scale their system based on demand, all while maintaining a comprehensive view of all interactions and operational data when transitioning back to their primary system,” he says. “As a result, providers are developing solutions that ensure uninterrupted visibility of the customer journey, even as system usage shifts during DR.”
Future
DraaS is growing in popularity, and this is set to continue for the foreseeable future. The evolution of services will also continue, with artificial intelligence (AI) set to play an ever-increasing role.
“Generative-AI will play a larger role in disaster recovery,” says Blake. “AI will provide engineers and leaders with a better understanding of events. AI offers better insights into the scope of disaster recovery environments based on usage patterns and administration, meaning emotional elements will be reduced as AI can diagnose issues and suggest potential solutions.”
Jamshaid added that AI is already having a bearing on DR solutions. “That will only grow over time,” he says. “We’re already seeing organisations making large investments to their legacy systems to implement AI tools such as self-service and knowledge management for agents and supervisors. However, these all have varying degrees of success.
“In contrast, modern DRaaS solutions will have AI inbuilt and offer greater value than their traditional predecessors. Such is the extent of the capabilities on offer in DRaaS solutions that AI can be used to provide customer services, allowing agents valuable time to transition to the DRaaS solution and bridge knowledge gaps. Offering greater maturity in capability and ease of use, exposure to these modern DRaaS solutions will leave adopters reluctant to return to their legacy systems.
“The capabilities that AI offers are clearly extensive – allowing users to influence the customer journey, back-office workflows, and operational quality management. Within the world of DRaaS, when systems are configured appropriately with AI at the core, users can access a complete solution that provides the required business continuity assurance. It’s an exciting time for the sector with much in store, but one thing is for certain – all signs are pointing towards increased DRaaS adoption across businesses going forward.”