When it comes to DRaaS, there are so many facets that go into a reliable service. As a service provider, you have the expertise to ensure a smooth recovery, that applications are recovered and reconnected in the proper order and that everything has been tested and documented so when a system goes down unexpectedly the client can recover with ease. In all these details, sometimes the basics can get lost. So, here is a list of five best practices to keep in mind.
Follow the 3-2-1-1-0 Rule in Your Off-Site Backup Offering!
First, the basics. A backup copy of all data should be kept in the event of total loss and the 3-2-1-1-0 rule is one way to ensure it will be valid and recoverable. You may be familiar with the 3-2-1 Rule? The added “1-0” helps ensure cyber resiliency. With so many frequent ransomware attacks, ensuring you have a copy of data that is immutable or unchangeable with zero errors is critical. Cybercriminals have been known to change the data in backups in advance of attacks to ensure you can’t recover, ultimately leaving companies the only option to pay the ransom. So be sure you have a copy of clean data that cannot be changed.
Perform a BIA and Risk Assessment
A Business Impact Analysis (BIA) and Risk Assessment is a great way to understand what is important to your client in terms of business priorities and the associated resources to ensure business continuity. The BIA helps determine the recovery time objectives (RTO) and recovery point objectives (RPO) for workloads which can then lead to defined service level agreements (SLAs). This consultation process helps you determine the recovery requirements to effectively build and develop a strategy and DR plan that meets your customer’s needs.
Leverage Workload Tiering to Ensure the Proper Coverage and Pay Only for What You Need
Once the BIA is established, you can then begin strategy development. Workload tiering plays a role here since you now know what workloads are most critical to business operations and which workloads can recover at a slower pace. The tiering should align the SLAs and recovery objectives with the appropriate data protection strategy — recovering from backups, replication and/or CDP. In doing so, the client pays for the protection they need and aren’t overpaying to protect all resources say with CDP for example. The client is also at ease knowing their critical data meets their recovery objective requirements, not taking additional risk for select workloads. For more information on workload tiering, check out this article.
Maintain Documentation and DR Plans Regularly
The DR plan should be specific to each client and cover priority in terms of execution (the BIA should help determine this), pertinent information about the business processes, order to start (what applications come online first? What are the proper networking components needed online before the application boots?), what are the SLAs/RPO/RTOs we agreed to, what are the recovery locations, who are the people involved, contract details including backups, infrastructure details, application details, support contract numbers.
The most important thing is the plan must be up to date. As applications are added, migrated, upgraded, infrastructure is replaced/maintained, etc. the documented DR plan must also be maintained. It is a living, breathing document that should never be at the bottom of the to-do list to update. Lastly, keep a hard copy printed as opposed to the only copy stored in a file server that could be compromised.
Test and Practice DR Plans!
When you ask IT leaders in organizations compromised by ransomware their best advice, I have heard two common threads: have a plan and practice it. Going through the defined plan in a mock attack identifies gaps and training opportunities. It helps with “muscle memory” because when a real incident does occur, they already know what to do! So, as you are updating and maintaining DR plans, ensuring the updated plans are practiced in different scenarios can be extremely helpful when the real thing occurs. Especially as a service offering, your team may know what to do, but does your customer? They also need to know what their role is in executing the DR plan.
This may seem like one to overlook with all the other tasks being more pressing, but it is the most important outside of the basics. Once you have that clean copy of data that can be restored, having the capability to bring it back to production so business operations resume is key. Make this one a priority!
In summary, these five best practices should be considered as you build your service offering. All these elements combined can support your DR efforts when the unexpected happens. This can easily be a reality with the proper technology to support, including a single platform that can help you manage a multi-tenant service offering. To learn more about Veeam-powered DRaaS and how you can build a scalable offering with backups, snapshot replicas and CDP in a single platform, check out this partner success kit on ProPartner Portal.
