Every year, companies spend millions of rands mirroring their IT operations as a precaution against the possibility that their main data centre will fail. The entire system is often replicated in a second physical location, ready to take over instantly if the main centre is disabled by a fire, flood, civil disruption, terrorism or ransomware. Others duplicate only the essential systems, believing they can survive some data loss and tolerate some delay in restoring the less vital components. But that can expose them to weeks or months of inconvenience while everything is revived.
A third approach, particularly seen amongst small and some mid-size companies, is to opt against the cost and complexity of creating a mirrored IT environment because it simply isn’t justified by the risk/reward equation as the likelihood of a catastrophic IT failure is minimal. But if the unthinkable does occur, they realise that the risk was far higher than they thought when it’s too late to recover.
No matter which category your company falls into, there’s now a far cheaper and more convenient method: disaster recovery as a cloud-based service.
Traditionally, a disaster recovery plan means buying extra servers to hold back-up copies of the operating system, apps and data; building or renting a separate location to house them; paying for computing power and air conditioning to cool them; and linking the primary and backup sites via a private fibre network.
The cloud-based version is not only far cheaper, it’s generally more secure as cloud service providers invest heavily in top quality physical and cyber security around their data centres. With cloud-based services you only pay for what you use, so a back-up copy in the cloud can be setup to incur nothing but storage fees because nothing is actually running. Uploading information to the cloud is also free, so there’s no cost to backing up the data as often as necessary.
A company only starts to pay in the unlikely event of its primary site failing, when the cloud copy can be spun up onto as many servers as necessary. The cloud-based back-up then becomes the company’s main operating environment until the primary site is restored. Even if that takes several weeks, the running costs will still be only a fraction of the cost of hardware needed for a physical back-up site.
For a cost-comparison, take the example of one medium-sized company in South Africa. It spent R7 million on hardware for its primary location, then an additional R5 million on servers for a physical back-up location. That second site cost R50,000 a month to run, adding up to a total investment of R8 million over five years for something that may never be needed.
An equivalent cloud-based back-up version would cost about R25,000 a month for storage, with no upfront payment for extra servers. The total over five years would be R1,5-million, an 81% saving.
The cost and sophistication of any back-up system is affected by two metrics: RTO and RPO. RTO is the Recovery Time Objective, measuring how quickly you need to recover your IT operations to guarantee business continuity. In other words, how long a business can survive without its normal data and infrastructure after a disaster. If your RTO is 24 hours, the solution is cheaper and simpler than for a company that calculates its survival time in minutes or seconds.
RPO is the Recovery Point Objective, which measures the maximum tolerable amount of data that can be lost, and how far back in time is acceptable as a restoration point. Some businesses can measure this in hours, or even days, but sectors like financial services measure it in milliseconds.
A cloud solution can be as simple or as sophisticated as these two measurements dictate. Even companies that aren’t planning a cloud migration can opt for a virtual disaster recovery plan. As well as protecting their operations far more economically, it’s also an excellent way to test the cloud environment and understand its benefits.
The public cloud providers will happily take on such projects, although they make very little money from it, because it’s the ideal testing ground to introduce potential clients to the cost and productivity gains of eventually moving everything to the cloud.
As well as securing a business against physical disasters that might strike IT systems, a cloud-based back-up also offers strong protection against increasingly common cyber-attacks. The number of attacks has grown phenomenally during the Covid-19 lockdown, when employees were forced to work from home. This extended corporate networks way behind the usual secure perimeter, and saw users log in using a plethora of unsecured devices. It was the ideal breeding ground for ransomware, when a hacker accesses your systems and encrypts your data until you pay a hefty ransom.
A well-configured disaster recovery system in the cloud prevents this scenario from becoming a catastrophe. The hacker can’t infiltrate the back-up in the cloud, since there is nothing for them to log into. The hijacked company can then switch to the back-up environment and restore the system to the time to just before the attack occurred.
For companies already in the cloud, implementing a cloud-based disaster recovery model is even easier. Ideally, your service provider will have already designed a high-availability, disaster-resistant solution by dividing your operations across separate data centre facilities with high capacity bandwidth between them. If one goes offline, the other instantly takes over and your business isn’t affected.
Whether your business is already cloud-based or still firmly grounded, putting your disaster recovery plan in the cloud provides the cheapest and most secure protection against potentially stormy days ahead.
About the Author
Niël Malan is a managing partner at Tangent Solutions, an Advanced Consulting Partner for Amazon Web Services (AWS). He holds a Masters’ Degree in Computer and Electronic Engineering (North-West University) as well as an Advanced Certificate for Executives in Management, Innovation, and Technology (MIT). Niël has more than 20 years of experience in the Telecommunications and IT industry of which the last 10 years has been focused on Cloud and A.I.
