Disaster Recovery as a Service (DRaaS) is a service by third-party providers to help prevent and temper the effects of business disruptions. Anything that causes your business to stop operations for more than a day falls into the disaster category. It could be a cyberattack or a big storm, or anything in between the bookends of human error and acts of God. Every minute of downtime costs dearly, not to mention the cost of recovery. DRaaS exists to help companies plan for the worst (or even just a little bad) so that when it strikes, you are prepared to handle the disruption and get back to business as usual in the shortest time possible.
Every organization should have a plan in case of an emergency. In our digital world, disasters come in all shapes and sizes. Natural disasters, cyberfraud, human error, and plain bad luck can throw any well-functioning team off its tracks at the drop of a hat. Groups based in volatile weather areas know this all too well, as our friends at ITDRC can attest. Targeted hacks like spear phishing have high success rates. And as the entire world experienced in 2020, there are some disasters the likes of which haven’t appeared in a century.
There’s a parallel between Covid and cyberattacks in terms of business management. Lack of preparedness is unfortunately common in the workplace—just Google “cybersecurity stats” to see how unprepared organizations are for well-documented threats. As for Covid, scientists had long warned of deadly new viruses emerging as the climate warms, but their message wasn’t amplified to the point that businesses had plans in place for such a drastic disruption.
We often write about the importance of cybersecurity training and precautions as well as weather-related emergency plans. In March 2020, shortly after OnSIP sent all of its in-house employees to the land of remote work, we made sure to publish a blog on our approach to the pandemic to reassure our customers that business would proceed as usual from their perspective. That’s but one part of a disaster plan—clear communication with employees and customers alike. Disaster recovery takes many forms. From basic backups to risk evaluation to a dedicated DR team, you can tailor your emergency plan to your priorities. And where there’s a need, there’s a market. Enter DRaaS.
Doesn’t it feel like there’s everything-as-a-service these days? DRaaS should be more common than it is, but as we briefly mentioned in our top cloud trends for 2021 blog, disaster recovery is having a moment. If you’re unsure how to approach a disaster recovery plan or your organization is too large for any simple plan filed away, DRaaS is worth looking into. There are so many avenues to cover that it’s worth your while to invest in a well-rounded action plan that covers prevention and analysis as well as recovery.
Any disruption to daily business comes with a cost. A literal cost, often quite high, and time lost. Some situations are out of your control, like devastating hurricanes or wildfires. Some come with high price tags that may have been avoided with proper training and permission controls (looking at you, hackers). Some are just bewildering and terrifying, like going from normal one day to “Go home for the foreseeable future and get right back to work as normal.”
Depending on your particular business, downtime loss estimates range from triple to quintuple digits. But don’t for a second think that you’re less at risk because you’re a small operation. Roughly half of small businesses whose systems go down without a disaster recovery plan in place never recover. And three-quarters of small businesses do not have such a plan in place. Did you skip cyberthreat training? DDoS attacks will run you upward of $50,000, and the downtime and recovery associated with ransomware attacks clock in at $100,000.
Investing in DRaaS helps you mitigate the potential and realized losses from emergencies, and fast-track your team back to the status quo. The main objective of DRaaS is to provide the shortest recovery time and recovery point. So plans revolve around backup servers, both physical and virtual. OnSIP has a patent based around this, actually. Our geographically dispersed servers prevent our customers from feeling any effects when one data center goes down. Take Hurricane Sandy, for example. We were prepared for the worst, so we preemptively switched our customers from the NYC data center to the Los Angeles data center. When Lower Manhattan was without power for a week, we kept LA on standby even though NYC was still powered by a generator.
Hurricane Sandy hit in 2012. Yet on-premise disaster recovery systems are only just seeing the end of their days in favor of third-party recovery providers. This is quite astounding when you look at the stats (again, too many parallels to in-house cybersecurity norms).
If you haven’t experienced a downtime event that took longer than a day in the last five years, consider yourself in the lucky minority. It’s up to you to decide which of these stats you’d rather be part of:
The most important tip we can give you is to implement immediate cybersecurity training. And make it a regular mandatory occurrence! That stereotyped training you watched during onboarding several years ago is outdated already. Do you even remember all of it? We’d guess no.
The fact is that most data breaches result from human error. It could be that your IT person waved off a flagrant spear phishing attack, a la the 2016 DNC catastrophe. Or a low-level employee got hacked and has much more data access than he should. Heck, even non-cyberthreat issues can disrupt a day or week or month. Have a new team member trying to organize files? Well, if she accidentally deletes the folder holding every image on your 15-year-old website, you have your work cut out for you.
Audit your organization for existing backups, and see what needs to be upgraded. Know how often your data is backed up—is it once a month or every day? The longer the gaps, the higher the risk when crises emerge.
Establish an interim emergency plan and make sure all employees are familiar with it. This might be as simple as having a rotating list of people on call or dividing responsibilities for important physical items in your office.
Remember what your teachers told you: Back everything up. But in a business use case, you may need more than a thumb drive.