Gajus - Fotolia
Cloud disaster recovery services evolve, but gaps remain
A severe outage can cripple a business, which is why a disaster recovery plan is critical. While today's DRaaS offerings make it easier to recover, there's still room for growth.
For many enterprises, disaster recovery was an early on-ramp to the cloud, which is why vendors continue to invest in services that address that use case. Most recently, cloud providers look to meet the needs of users who demand more transparency and ease of use around disaster recovery services.
Enterprise IT departments struggled to support DR in the past. Typically, they had to set up multiple data centers, which created management challenges and cost overhead. But disaster recovery as a service (DRaaS) unburdened organizations, and interest in these cloud-based services continues to rise -- as has the number of potential suppliers.
"We have found more than 2,000 vendors offering various types of DRaaS, and the numbers grow every day," said Phil Goodwin, IDC analyst. "We are seeing small vendors emerge and provide DRaaS for a specific region of the country or for a vertical market, like healthcare."
Meanwhile, both established and emerging suppliers of cloud disaster recovery services aim to meet the evolving needs of enterprise customers.
More service flexibility, but more compliance complexity
Initially, DRaaS was delivered similarly to on-premises-based products, as organizations had to sign multiyear contracts with strict usage requirements. Now, the market continues to move toward a public cloud model with more flexibility and contract options.
"Microsoft has been at the head of the pack in offering customers service flexibility," said Mark Jaggers, analyst at Gartner. The vendor does not require a long-term commitment for cloud disaster recovery services, such as Azure Site Recovery, which businesses can deploy as needed and turn on for any time period to gain more flexibility.
Meanwhile, recent regulations, such as GDPR, force organizations to dig into DRaaS vendors' system architectures. GDPR aims to protect user data that's hosted in Europe and to determine where that customer data is stored. However, it is broadly defined and includes any data that travels through European cloud infrastructure.
In light of regulations like these, organizations need to put compliance checks in place to protect and recover that information.
"Previously, customers did not pay much attention to their provider's backup locations," said Naveen Chhabra, analyst at Forrester. "Because of GDPR, now, that is something that they need to account for."
Users slowly gain visibility
Fortunately, enterprises have increasingly gained more transparency into their cloud providers' infrastructure. They also no longer assume that those providers' disaster recovery services will always be fail-proof.
"Initially, many companies assumed that their cloud provider had robust data protection and [DR] capabilities, but history has proven that is not always the case," Goodwin said. For example, Code Spaces -- a company that offered source code repositories and project management services -- ran on AWS but went out of business after a security breach compromised its cloud environment.
Cloud providers were unwilling to provide much transparency into their own DR processes because of competitive pressure, but that is slowly changing, Jaggers said. Vendors are more open to sharing interface and configuration information privately with large enterprises but have not made that information generally available -- something he expects to change as the market moves forward.
The bulk of corporate workloads remain on-site, despite the availability of public cloud disaster recovery services. In the past, enterprises were responsible for ensuring their compute infrastructure and business could get back online, but this new model means a corporate IT team and its cloud vendor's support staff have to work cooperatively when the main systems go down.
Some cloud providers now work with their customers to develop best practices to outline and automate that process. For example, Bluelock is a supplier that has tried to develop DR best practices and write recovery workflow so companies can recover after an outage, Chhabra said. Expect more work in this area in the future as vendors try to deliver more of what companies need to fully recover if disaster strikes.