Getting Started with Disaster Recovery – Part 2: Aligning Needs & Technologies
In part 1, we defined business continuity and disaster recovery, explained how they’re different, and explored ways to get started building DR plans. In part 2, we’re diving into tech configurations for disaster recovery.
What are the different options for backup and disaster recovery solutions?
The following are a few of the different ways DR can be configured:
- Hybrid: Production environment is on-premises and DR involves using public cloud as the recovery site
- Full Cloud: Both the production environment and DR run on the cloud
- Multi-cloud: Production environment uses one public cloud provider, and the DR plan involves using another cloud as the recovery site
When it comes to disaster recovery, don’t put all your eggs in one basket
One DR best practices is known as “3-2-1:”
- 3: Create one primary backup and two copies of your data.
- 2: Save your backups to two different types of media.
- 1: Keep at least one backup file offsite.
Google Cloud is unique among cloud providers and backup solutions
The Google Workspace security whitepaper outlines Google’s approach to security and compliance for Google Workspace. “We make security a priority to protect our own operations. Our customers run on that same Google infrastructure, so your organization directly benefits from these protections.”
Additionally, Google Cloud is one of the only clouds that can provide a fully-compliant, self-contained DR solution. Google Cloud and Google Workspace are two separate platforms, running in different data centers on different networks. This configuration makes it secure and compliant to store data on Google Cloud, with another region remote on Google Workspace with backups on Google Drive.
Cloud and IT infrastructure complexity is disaster recovery complexity
As cyber risks increase and the world becomes more cloud-native, cloud complexity continues to increase, with multi-cloud as the new normal. According to a Gartner study, about 75% of enterprise customers using cloud infrastructure as a service (IaaS) will adopt a deliberate multi-cloud strategy, up from 49% in 2017. Another Gartner survey of public cloud users found that 81% of respondents are working with two or more providers.
Organizations typically need multiple tools to perform the recovery process of their cloud and hybrid workloads, which increases costs and complexity, while also delaying recovery times. In addition to the cost, lack of integration makes it difficult to comply with regulations. An expert cloud consultancy like Wursta can help you cope with this complexity and make smart decisions with your cloud technologies.
Understand your data retention and recovery needs
For most consumers, losing a mobile phone no longer means losing all the photos and videos taken with the device because of the cloud.. Automated cloud backups such as Google Photos and iCloud save the data, while also enabling easy sharing.
But this isn’t adequate for most business and nonprofit organizations.
SaaS providers offer a service-level agreement (SLAs) for availability, which means how long data will be available or retained. Note – this is not the same as recoverability, which means how much time you have to recover lost or stolen data. Be sure to understand exactly what retention and recovery SLAs are part of your toolkit.
The leading SaaS providers only allow retention and recovery of deleted data for a limited time:
- Dropbox: 120 days
- Microsoft 365: 30 days
- Google Workplace: 30 days
- Salesforce: 15 days
- Box: 14 days
This fact illustrates that just because you’re in the cloud doesn’t mean you automatically have a DR plan.
While Google has a variety of excellent tools, remember that backup alone is not disaster recovery. For example, Google Vault is an information governance and eDiscovery tool that enables you to retain, hold, search, and export users’ Google Workspace data. However, the Google Vault support page clarifies, “Vault isn’t a data archive. When retention rules expire, any data deleted by users or admins that isn’t on hold is subject to standard deletion processes.”
Disaster recovery is an ongoing process: iteration is key
As most security experts would agree, evaluating and putting your disaster recovery plan to work must be an annual exercise. Check every box to be sure that your plans are still valid and functional. Test and conduct tabletop exercises so you know that your plans will function as intended.
Testing to evaluate efficacy can provide that necessary confidence your team needs to know the safety net is firmly in place to catch your business when a negative event occurs.
The priority of disaster recovery: aligning needs and technologies
Every organization and IT environment is unique. That’s why Wursta builds customized solutions. We work to understand your business, goals, and risk tolerance while collaborating to develop the best solutions to meet your objectives.
Customization is equally important with DR. For example, you might need to back up servers offsite to comply with regulations. A hybrid approach with backup both locally and in the cloud might be the best fit. This is something our team can dive into one-on-one and help you create the best plan for your business. Additionally, Wursta can evaluate any existing disaster recovery plans you have, then suggest and implement optimizations.
Reach out to our team to set up a consultation and learn more about creating the best disaster recovery plan for your business.