Public Cloud BC/DR Best Practices

March 23, 2021 | By IANS Faculty

What are the key differences between public cloud BC/DR and traditional on-premises BC/DR? What role does the cloud provider play in public cloud BC/DR? This piece addresses these specific questions while outlining the main issues to consider when creating a public cloud BC/DR plan.

BC/DR Plan: Getting Started

Your BC/DR plan should start with an understanding of continuity requirements. A good initial question to ask is: How much downtime and data loss can the business accept? It is not unusual for the initial response to that question to be “none,” but this is often before the cost and complexity of achieving that is fully assessed.

Once the full costs are understood, businesses discover how long an outage and how extensive a data loss they can endure. Those become their recovery time objective (RTO) and recovery point objective (RPO). This is important because the difference between an infrastructure that delivers zero downtime and data loss versus one that has more flexibility is technically and financially significant.

Public cloud’s real strength is its technical and commercial flexibility and elasticity, so operating infrastructure that remains always-on may not be the best way to utilize it. However, public cloud may be a viable approach when businesses are willing to accept some level of downtime and data loss in a BC/DR plan.

Key Topics for Public Cloud BC/DR

To operate BC/DR infrastructure as a platform for quick recovery, key topics to consider include:

  • How to replicate copies of the environment. This can be done per region or per zone.
  • How to replicate data frequently enough to meet recovery goals. Data classification is a must to help control costs.
  • Ensuring the supporting infrastructure is in place. This is where many organizations decide to go the multi-cloud route and replicate to a different cloud provider.
  • Ensuring procedures are in place that allow the business to quickly recover in the event of failure. Start with tabletop exercises and then start recovery plans based off of region or zone outages.
  • Determining what regions or zones must be covered. Start with critical data first like intellectual property (IP) and personally identifiable information (PII).
  • Determining whether data sovereignty is an issue. Make sure data stays within it’s designed region. Leverage EU Privacy to audit and test. There are numerous ways to deliver these, but it’s all dictated by your current environment, defined RTOs/RPOs and financial considerations. One issue that is often forgotten is ease of use, but simplicity is crucial to delivering successful BC/DR.

 

READ:  The Importance of Supplier Continuity Exercises

 

Public Cloud vs. On-Prem BC/DR

The cloud’s flexibility is very attractive. It allows a business to quickly build environments and only pay for what it needs, instead of funding a dormant asset awaiting use. However, if the requirement is for a BC/DR infrastructure that is constantly operational, this become expensive, and a fixed-cost service may be more appropriate.

Complexity cannot be ignored either. With the cloud, supporting teams must deliver an appropriate platform that is maintained, supported and available in the event of an incident. When it comes to BC/DR, it’s crucial customer organizations fully understand what they need from the environment and what skills are required to operate it. Once those are defined, they will be in a better position to understand whether public cloud should be part of their BC/DR plan.

The biggest area of difference is the amount of collaboration required. You have to work with the cloud service provider (CSP) or multiple CSPs to get the right plan in place, because in the shared responsibility model, you own the data, but they own the infrastructure (see Figure 1). Once you fully understand your requirements, you can work with the CSP(s) to build a plan that fits your needs and budget.


BC/DR aws shared responsibility model diagram


BC/DR Strategy in the Cloud

The cloud can effectively deal with most issues of traditional BC/DR. Key benefits include:

  • No secondary site required: You don’t need to build a secondary physical site and buy additional hardware and software to support critical operations. With DR in the cloud, you get access to cloud storage, which effectively becomes your secondary DR site.
  • Scalability is built-in: Depending on your current business demands, you can easily scale up or down by adding required cloud computing resources.
  • You pay only for what you use: With the cloud’s affordable pay-as-you go pricing model; you are required to pay only for the cloud computing services you actually use.
  • Anytime, anywhere failover: Disaster recovery in cloud computing can be performed in a matter of minutes from anywhere. You just need a device connected to the internet.
  • Backups are resilient: You can store your backed-up data across multiple geographical locations, thus eliminating a single point of failure. You can always have a backup copy, even if one of the cloud data centers fails.
  • Superior tech and support: State-of-the-art network infrastructure help ensure any issues or errors can be quickly identified and taken care of by a cloud provider. Moreover, the cloud provider ensures 24/7 support and maintenance of your cloud storage, including hardware and software upgrades.

Third-Party Solutions for Multi-Cloud DR

With all those benefits, it sometimes makes sense from a cost/relationship perspective to do BC/DR within the same provider. This could potentially work if the organization is careful to spread those workloads across zones and watch any data sovereignty requirements.

Other organizations decide they are uncomfortable using the same cloud provider for BC/DR and go the multi-cloud route. Challenges in using multi-cloud BC/DR include:

  • Each CSP has its own management portal and different services that require different skill sets.
  • For IaaS implementations, each CSP uses different on-disk formats for their virtual machines (VMs). Microsoft Azure uses the VHD format, while AWS uses the AMI format and GCP uses images.
  • Generally, each cloud provider’s BC/DR services are not designed to deal with other CSPs or other CSPs’ infrastructure.

However, some third-party DR-as-a-service (DRaaS) solutions – such as Veeam, Iland and Zerto – bridge multiple clouds, making it far easier to implement a multi-cloud BC/DR strategy. If you’re looking to implement a multi-cloud BC/DR plan, consider beginning with a smaller scoped proof of concept (POC) before expanding to the rest of your organization. And like all BC/DR plans, regular testing is a must.

Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in connection with such information, opinions, or advice.


Find additional resources from our security practitioners.


Learn how IANS can help you and your security team.