When Gartner talks, IT leaders listen. That's why Gartner's new DRaaS (Disaster Recovery as a Service) Report
is so significant, not only for its content, but simply because Gartner is covering this nascent market. It's not just Gartner that's investigating this market. Forrester Research, a competitive IT research firm, has also published an overview of the DRaaS marketplace
. In short, this set of offerings has garnered a lot of attention for a service that, according to Forrester, has only achieved a 19% penetration.
Gartner has identified three different 'flavors' of cloud-based recovery services:
Full DRaaS, in which the vendor takes responsibility for managing all replication, of both virtual and physical machines, as well as all recovery services,
Infrastruture as a Service recovery, with the vendor provisioning virtual machines for the customer to use in replicating and recovering their data, and
Backup as a Service, with the provider managing the backup of client data to their cloud and providing recovery when requested.
Forrester adds to this definition by specifying DRaaS as “services that enable customers to failover their on-premises infrastructure to a multi-tenant cloud environment that they purchase on a pay-per-use basis.” With these definitions in hand, let's explore why this market deserves scrutiny despite its limited uptake.
Security breaches, hack attacks, and even cyber-terrorism have crossed from the IT trade press to the mass media, and enterprises large and small find themselves in the news when IT disaster strikes. Unwanted media attention is a risk, but the loss of data, or of access to critical technology, is the real danger. Despite these perils, however, disaster recovery is often neglected, as shown in a survey performed by Storage magazine
, with half the companies surveyed having no DR plan, and only 20% expressing high confidence in their approach. Amazingly, 40% of those responding still use on-site tape backup as their only DR technique.
IT complexity is also a complicating factor, especially for small to medium businesses. Most large, regulated industries have redundancy in both infrastructure and location, and have detailed recovery plans and DR testing protocols. Because of their massive data requirements, large enterprises also need to factor in the tremendous bandwidth costs associated with moving that many bytes to a DRaaS provider. For smaller enterprises, however, the ever-increasing mix of hardware, software, devices, and operating environments creates a DR scenario too complex for their tiny IT shops to manage. It's no surprise, therefore, when Gartner reports that, of the approximately 18,000 active DRaaS production instances, most cover less than 75 servers and fewer than 10 production applications.
Apart from these apparent dangers, why would businesses contemplate DRaaS, and what should they consider when choosing this option? The opportunity to offload the complex and tedious work of managing backup and recovery is one obvious attraction. Paying a cloud provider to deal with the various virtual machine environments, applications, and utilities that make up a modern IT instance is compelling. Add in the chance to satisfy regulatory requirements, and to manage DR as an operating cost rather than an infrastructure expense, and it's clear why an additional 27% of shops surveyed by Forrester plan to migrate to some form of DRaaS.
One of the dangers of unbridled enthusiasm for DRaaS is the fact that most enterprises, especially small ones, are struggling to find the time and money to invest in DR at all. Forrester reports that even though 66% of respondents view DR as a high priority, the budget for managing it has shrunk from 6.6% of IT spending in 2010 to 5.8% today. Storage magazine reports that 60% of those surveyed only apply DR to critical apps, and that 50% either don't test DR at all, or do so only once a year. The growth of DRaaS may be hampered by both the immaturity of the IT community's DR management, and by the lack of investment.
Still, DRaaS will obviously grow exponentially. If you are considering DRaaS for your business, here's a brief roadmap:
First, enhance your DR maturity: Firms that think they can just shovel a mess towards a DRaaS provider and solve their DR problem are mistaken. The lack of a clear, documented DR plan, with critical apps and capabilities prioritized, is a major impediment to DRaaS implementation. Apply the basic hygiene of DR; have a plan, prioritize your critical needs, communicate your plan so everyone knows their role, and test it quarterly.
Define your DRaaS requirements: the multiple models of recovery services force clients to determine where they fit: do they prefer a self-service model, saving some costs but requiring them to manage DR more actively, or do they want a full DRaaS relationship in which the vendor provides SLAs and all recovery services?
Research the technical elements: there are hot, warm, and cold-cloud variants of DRaaS, and providers vary in the environments they service, the service levels they'll commit to, and the details of recovery. Investigate potential partners for a technical match, and for SLAs that fit your needs.
Go DRaaS incrementally: Scrutinize carefully the real needs of your business in case of disaster, prioritize your critical applications, and then incrementally migrate highest-priority DR to the cloud. Test your vendor, test your plan, and illustrate the benefit to build consensus around your DRaaS program.
The rewards, and the risks, or DRaaS are apparent. With a bit of due diligence and patience, enterprises will gain tremendous efficiencies from these offerings.