Disaster Recovery in 2018: The More Things Change, the More They Stay the Same

The year 2018 continues to see big changes in the practice of IT/Disaster Recovery, but the core concepts for achieving an effective solution for IT and disaster recovery in 2018 remain the same as ever.

In today’s blog, we’ll take a helicopter tour of what has and hasn’t changed in IT/DR recently, then look at how you can determine what approach is best for your organization.

Cloudy Weather

The big trend in disaster recovery is the continued growth in the use of DR in the cloud, where organizations store their data and servers to a cloud computing environment and recover and process from there in the event of a disruption. Organizations use cloud-based infrastructure to recover virtual servers (and potentially physical servers via a physical to virtual migration process).

Also associated with cloud-based recovery, organizations use DR as a service where a third-party vendor keeps the company data and cloud environment in sync. When there’s a need, the service provider spins the replicated data up from the cloud.

Given the importance of technology in business processes and the lack of workarounds, there is an increased emphasis on an application-specific or component-specific resiliency. This is especially the case with applications that are leveraged across many departments, such as ERP, SAP, and PeopleSoft.

If one of those goes down, it has a ripple effect across the organization.

Cloud-based infrastructure or high-availability solutions are being used along with replacing these apps with the same functions in a SaaS solution..

For those staying in the front of the storm, moving to a virtual data center or using the cloud for all processing which includes SaaS and IaaS may be the next step. Not a lot of organizations have done this yet. Companies that do are able to stop maintaining a traditional DR environment. They no longer “failover” in the event of a disruption. They have complete, cloud-based redundancy across everything they support. Such a solution is likely to be over-architected  in the sense that longer RTO environments will be recoverable in less time than required, but can still be cost-efficient due to economies of scale in both technology and maintenance.

For more on the shift toward cloud computing in IT/DR, see our post from the end of last year, “2017 in Business Continuity: The Year of the Cloud.”

Not Everyone Needs a Porsche

Despite the buzz about cloud-based DR solutions,  non-cloud solutions continue to be the appropriate choice for many organizations.

Some families are better served by a minivan than a Porsche, and it’s the same with DR.

In many cases, DR as practiced 15-20 years ago, might be most appropriate, either for the organization as a whole or for different aspects of the processing environment.

For example, if your business processes can handle 12 hours or more of downtime, and you are in a hardened, colocation data center, the chances of your experiencing a data-center related outage are extremely low. In such a case, the best solution might be a traditional one where you have standby servers that you recover to via replication or backups using test equipment kept in a different location. However, the use of cloud-based recovery may be more beneficial for ease of maintenance and testing vs. actual technical need. It may also alleviate the overhead related to an alternate site if one does not already exist.

How to Decide

The more things change, the more they stay the same.

Even with all the new technologies, the underlying approach to deciding on an appropriate DR solution remains the same.

What is that approach? In other words, how do you decide which type of DR would be best for your organization?

Look to your Business Impact Analysis (BIA) and risk profile. Let these guide you in coming up with a proper strategy for protecting your technology (and also your business processes).

How much risk are you willing to take? What are your Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs)?

How much data can you afford to lose in the event of a disruption? How long can you afford to be down?

Just because a cloud solution is often the next big thing, does not mean it is right for you. We believe it is a good solution and one which most organizations should consider. For smaller organizations or those with no DR environment it is a nice solution; for organizations already heavily invested in infrastructure in hardened data centers, it may not make sense.

Many organizations will be best served by a combination of solutions. One size definitely does not fit all.

For more on Recovery Time Objectives, see our recent post, “All About RTOs: What They Are and Why It’s Important to Get Them Right.”

A Question of Culture

We mentioned at the beginning that organizations today have more choices than ever before in terms of how to protect their critical data.

At the same time, the culture of an organization can limit the number of options they are open to or capable of utilizing.

Sometimes this can mean they are incapable of using the solutions that actually make the most sense.

If your organization is relying on internal people for DR, and those people have only been exposed to your traditional DR environment, the option of turning to the cloud for some of your needs might effectively be ruled out.

Don’t let the culture of your organization dictate which DR methods you use.

We have seen organizations with very capable, well-run departments where a movement to the cloud was done internally. In these cases, the entire staff was learning the new technology together.

Another solution would be to bring in an outside consultant with cloud experience to help you determine to what extent, if any, backing up to the cloud might make sense for your organization.

Disaster Recovery in 2018 and Beyond

In some ways, the world of DR today can be compared to that of books. Books live in many formats today, but the essence of a good story is the same as it has always been.

In IT/DR, organizations have more choices than ever before in terms of how to protect their critical data and applications. Nevertheless, the principles used to determine how much capability you need to remain unchanged.

Do what is right and what fits your organization.