In March of 2018, Atlanta, Georgia, was having a pretty bad day.
When the SamSam ransomware attack hit Atlanta on March 22nd, it devastated the city government’s computer systems, disrupting vital city services like police records, courts, utilities, and parking services. Computer systems were shut down for five days, forcing many departments to complete essential paperwork by hand.
It took Atlanta months to recover fully. And even though the attackers demanded a $52,000 ransom payment, the full impact of the attack was projected to cost more than $17 million. They spent nearly $3 million alone on contracts for emergency IT consultants and crisis management firms.
The Atlanta ransomware attack is a lesson in inadequate business continuity planning. The event revealed that the city’s IT was unprepared for the attack. Just two months prior, an audit found 1,500 to 2,000 vulnerabilities in the city’s IT systems, which were compounded by “obsolete software and an IT culture driven by ‘ad hoc or undocumented’ processes,” according to StateScoop.
Atlanta is not the first to face widespread computer system failures and shutdowns—and it certainly won’t be the last. In fact, in a recent survey conducted by IDC, almost all of the respondents, 93%, have experienced a tech-related disruption in the last two years, commonly resulting in employee overtime and a loss of productivity, in addition to the direct costs of recovery or lost revenue.
The threat of severe downtime and data loss due to ransomware and server corruption is just one reason businesses need more sophisticated disaster recovery solutions. And increasingly, that means ditching traditional, on-premises disaster recovery tactics in exchange for modern cloud-based solutions.
Today, cloud-based disaster recovery has exploded from a nice-to-have solution to a crucial component in business continuity planning. A cloud disaster recovery plan allows organizations to replicate their primary sites to either a public or private cloud, from which data, servers, and applications can be restored as needed in the event of a disaster. This technological shift often means lower costs thanks to minimal hardware and software, and increased capabilities due to the cloud’s rich functionality.
Here are the four key drivers pushing more and more businesses to adopt a cloud-based disaster recovery solution.
The Need for a More Predictable Operating Cost Model
Traditional disaster recovery does not come cheap. Even worse, it involves regular (and hefty) capital expenditures—enough for servers and resources to cover maximum potential usage that you may never actually require.
Typically, your disaster recovery solution lies idle without returning value on investment—all while incurring more costs. This investment can include everything from the cost of your data center, storage, labor, connectivity, power, infrastructure, and software maintenance. These elements result in large upfront capital costs and ongoing operating costs associated with owning your solution. Compounding these costs is the need to ensure your disaster recovery solution upgrades alongside your production environment.
Cloud-based disaster recovery shifts the total cost of ownership (TCO) into a commodified operational expense that focuses on performance required to maintain replication instead of trying to predict hardware needs years in advance. This throttling means that organizations can plan around a fixed monthly cost that might only fluctuate if additional resources are needed to offset heavy demand.
Cloud disaster recovery includes enterprise-grade, preconfigured hardware, maintenance, and support tailored to a business’s specific requirements. This encapsulation effectively moves the burden of maintaining the alternative site to the vendor, eliminating upfront costs and reducing overall operating expenditures.
Pressure to Meet RTO and RPO Objectives
Atlanta’s ransomware attack is just one example of how crippling an outage can be, forcing businesses to shut down production and leave customers and clients in the lurch. That’s why recovery point objectives (RPOs) and recovery time objectives (RTOs) must be extremely fast and short to preserve business continuity and reduce downtime as much as possible.
Using cloud disaster recovery to shorten RTOs: The RTO defines how long it will take an organization to get their servers back online. This measure is critical to your business because it’s the core of disaster recovery: the actual recovery part. In traditional disaster recovery, it’s common to set an RTO in the 24-to-48 hour range, or even longer. That’s because companies based traditional disaster recovery on deploying a secondary physical set of servers in an offsite, geographically-dispersed location. Each night, the organization backs up to those servers. Then, when disaster strikes the primary center, it takes time for staff to bring up the servers from the secondary disaster site and restore from backups. For businesses that need to be up and running 24/7 (which, today, means most businesses), that approach just doesn’t work.
The automation behind cloud-based disaster recovery, however, makes a shorter RTO possible. Without having to spin up new hardware, new servers, and restore from backups, cloud disaster recovery can compress traditional disaster recovery processes from days down to hours or even minutes.
Using cloud disaster recovery to meet RPO goals: The RPO defines how much information is saved or lost once servers are restored. For example, does an organization recover to a point-in-time that was 15 minutes ago (losing only 15 minutes of data) or 24 hours ago (losing an entire day of data)? That gap can make a big difference in getting a business back on its feet and fully operational, quickly.
In traditional disaster recovery, the communication between primary production environment and secondary site typically happens on a set schedule (usually this occurs overnight). That creates a 24-hour RPO. With cloud disaster recovery, however, your recent data is constantly being replicated to the secondary cloud-based site. That means in the event of a disaster, you’re restoring near-current data, helping your business get back on its feet quicker with very little data loss.
A Need For Higher Reliability and Greater Security
Traditional disaster recovery relies on the availability of the second solution—and that can be a big problem if your secondary solution is near your main data center. For example, back in 2012, when Hurricane Sandy hit New York and New Jersey, many companies with secondary data centers close to their primary data center suffered a double whammy when both facilities were knocked out by the same storm. The Huffington Post website went down when their provider in Manhattan was flooded by Sandy. Other areas of the country, such as New England, experienced sweeping power outages and damaging winds, which also created crippling disaster recovery issues by wiping out primary and secondary data centers alike.
In pursuit of greater reliability, more businesses are turning to cloud disaster recovery solutions. With cloud disaster recovery, your company gains access to a geographically-redundant cloud, hosted in data centers located a reasonable distance from your on-site environment. In the event of a disaster, your secondary location remains completely separate from your primary location—and, as a result, protected.
Cloud disaster recovery is also designed to keep data in sync, asynchronously, over long distances, regardless of database network conditions. In contrast, most legacy replication products are designed to be used within a data center with low network latencies and are not designated to protect data across long distances. With a higher tolerance for network interruptions, cloud disaster recovery protects your data center from any unforeseen hiccups.
A Lack of Skilled Resources to Properly Maintain a Disaster Recovery Solution
With traditional disaster recovery, building, maintaining, and supporting a secondary data center used only for disaster recovery purposes places a huge burden on IT staff. For many businesses with limited IT resources, that takes time away from business-critical functions—or even makes disaster recovery a lower operational priority altogether.
With cloud disaster recovery, on the other hand, you have access to an entire team of experts that manage and monitor the cloud environment on your behalf. These experts can also offer migration and project management expertise to take you through planning, implementation, and management of your disaster recovery solution. By offloading all of this responsibility, your IT staff gains more time to focus on issues that affect the day-to-day business-critical functions.
Perhaps most importantly, however, a cloud disaster recovery takes the heavy lifting of annual testing off your shoulders. Only 28% of enterprises test their disaster recovery programs regularly (weekly or monthly)—50% test once a year, and 20% never test their program at all. Without regular testing and optimization, there is no way to know whether your disaster plan will work when you need it. Many cloud disaster recovery providers have the ability to initiate continuous, non-disruptive fail-over tests of applications and related workloads. This type of testing gives you peace of mind that any shortfalls or potential issues are identified in the recovery process before they happen—without requiring extra work from your own team.
Interested in exploring a cloud-based disaster recovery solution for your business? Learn more about Velocity’s cloud disaster recovery services, and how it can help your business benefit from lower costs, faster and shorter RTOs and RPOs, more reliability, and a team of experts.