What is disaster recovery as a service (DRaaS)?

Importance of DRaaS

DRaaS is an important cloud service because it provides a cost-effective way for organizations to minimize downtime, protect critical IT assets and maintain business continuity without the expense of building, staffing and managing a secondary data center.

Before cloud computing became widely accepted, an organization would need to purchase duplicate hardware, maintain an additional facility and hire additional staff to support their disaster recovery plan. Because this could end up costing millions of dollars, disaster recovery was only realistic for large enterprises in regulated industries, such as banking or telecommunications.

In recent years, however, cloud delivery models have made disaster recovery (DR) services more affordable and easier for organizations of all sizes to acquire and use. Essentially, the cloud changed DR services changed from a capital expense to an operational expense. Typically, the cloud service provider's responsibilities are documented in a service-level agreement (SLA), and the customer pays for DR services on a pay-per-use or subscription basis.

How does DRaaS work?

DRaaS workflows typically have three stages: replication, failover and failback. Together, these three steps allow DRaaS cloud customers to maintain business continuity during and after a disaster.

• During the replication phase, specific customer-defined IT assets are copied from the cloud customer's infrastructure to the CSP's infrastructure.
• During failover, orchestration tools shift operations from the customer's infrastructure to the service provider's cloud.
• Once the primary site has been restored and verified, orchestration processes synchronize any changes made during failover and return operations to the customer's original infrastructure.

DRaaS workflows usually begin by having a dedicated software agent or virtual appliance in the customer's IT environment periodically (or continuously) replicate customer-defined virtual machines (VMs), applications and associated data and store them in the cloud. Failover can be initiated once replication is in place if the primary site becomes unavailable.

Failover and failback

Technically, the failover process temporarily moves I/O operations from the customer's data center (the primary site) to the service provider's cloud (the standby site). Once the primary site is restored and changes are synchronized, I/O operations move back to the primary site and normal I/O operations resume.

Throughout this cycle, the service provider is typically responsible for owning and managing the underlying infrastructure, and the DRaaS customer is typically responsible for defining what technology and data should be duplicated off-site, how quickly IT resources need to be restored after a disruption and how much data loss will be acceptable after failback.

The time it takes to execute a failover depends on how the cloud customer and/or provider set up recovery time objectives (RTOs) and recovery point objectives (RPOs). Recovery time objectives define how quickly systems must be restored after a disruption, and recovery point objectives define how much data loss is acceptable.

Failover speed can also depend on whether the provider's standby site (cloud infrastructure) was designed to be hot, warm or cold.

• A hot standby is a fully functional, real-time replica of the primary environment.
• A warm standby has pre-configured systems and some replicated data, but the environment requires additional setup and data replication before workloads can run.
• A cold standby is an empty or minimally prepared environment that still needs hardware, software and data to be provisioned and loaded.

DRaaS advantages and disadvantages

Like any IT service, disaster recovery as a service has both benefits and challenges.

DRaaS advantages include the following:

• Eliminates the need to establish and equip a secondary data center for DR.
• Doesn't require storage hardware to be duplicated like-for-like.
• Allows SMBs that lack budget and technical expertise to create and implement an effective DR plan.
• Makes DR an OpEx instead of a CapEx.

DRaaS disadvantages include the following:

• DRaaS can still be expensive, depending on the type of service level.
• Businesses must trust the CSP's ability to implement their plan in the event of a disaster and meet the defined RTO and RPO.
• Potential for bandwidth challenges, particularly with continuous data replication.
• DRaaS providers may restrict or charge extra for features like full failover testing.

The cloud shifted DRaaS from CapEx to OpEx by replacing costly upfront investments in hardware, facilities, and staff with subscription-based or pay-per-use services.

DRaaS vs. BaaS

Disaster recovery as a service and backup as a service (BaaS) are both cloud-based services designed to protect data, but they serve different purposes and work in different ways.

BaaS focuses on copying and storing data off-site. If a system fails or data gets lost or corrupted, the customer can retrieve the backup and restore files or applications.

DRaaS goes further by protecting the entire IT environment, including data. It provides a standby infrastructure in the service provider's cloud so that an organization can continue to operate during a disaster.

BCaaS vs. disaster recovery

Business continuity as a service (BCaaS) and disaster recovery as a service are closely related, but they are not the same thing. The key difference lies in scope.

DRaaS focuses on IT operations, and the goal is to minimize downtime. In contrast, BCaaS focuses on business resilience, and the goal is to adapt to any type of disruption as quickly as possible. BCaaS includes information technology and people, processes and other types of resources that keep an organization operational.

DRaaS models

Disaster recovery as a service models can be categorized by the division of responsibility between the service provider and the customer. This distinction helps businesses choose the right level of service based on their needs and budget.

Customers can choose from one of the following three DRaaS models:

• Managed DRaaS. The service provider is responsible for the entire disaster recovery process. This model is ideal for organizations with a DR plan but lacking the time or expertise to implement it.
• Assisted DRaaS. The customer is responsible for implementing some or all of their DR plan, and the CSP offers some level of support or guidance. This "hybrid" approach is ideal for organizations that can handle some aspects of DR themselves but want the service provider to handle the most complex or time-sensitive tasks.
• Self-service DRaaS. The customer is responsible for planning, writing, testing and managing their DR plan. The customer handles each stage of the DR process while using the vendor's service. This approach is ideal for organizations with a large IT department that want maximum control over their data and recovery process.

What to consider before choosing a DRaaS provider

Disaster recovery as a service is useful for maintaining business continuity during power outages, equipment failures, cyberattacks and natural disasters such as floods, hurricanes or earthquakes. Before implementing a DRaaS service, an organization should consider the following criteria to select the best model and service provider for their needs:

• Cost and pricing model. Organizations should understand what is included in the DR cloud service and be aware of potential extra charges for testing services and data transfers.
• Service level agreements. The SLA should guarantee RTOs and RPOs and clearly outline the provider's responsibilities and procedures for failover and failback.
• Security and compliance. The cloud provider should offer robust security measures and have HIPAA, PCI DSS and/or ISO 27001 compliance certifications.
• Scalability and flexibility. The chosen DRaaS solution should be able to scale easily. Compatibility with existing on-premises or hybrid cloud environments should also be a consideration.
• Testing and support. DRaaS customers should be able to conduct non-disruptive disaster recovery drills to ensure their DR plan works. Support teams should be available 24/7 during an incident.
• Data center locations. Organizations should consider the geographic locations of the provider's data centers. They should be far enough from the primary site to be safe from the same regional disaster, but close enough to minimize network latency during replication, failover and failback operations.

DRaaS providers

Disaster recovery as a service has a broad vendor landscape. At one end, cloud service providers specialize in backup and data protection technologies. At the other end, hyperscale cloud service providers offer DRaaS as part of their broader cloud service portfolios.

The following are just a few examples of vendors and their products:

• 11:11 DRaaS for Veeam. Provides DRaaS by integrating the customer's on-premises Veeam environment with an extension to 11:11's cloud infrastructure.
• Tierpoint. Provides DRaaS services powered by Zerto; offers continuous data protection and fast failover for hybrid and multi-cloud environments.
• Infrascale. Focuses on SMBs; known for providing affordable cloud backup and disaster recovery solutions.
• Databarracks. A mid-market provider that sells managed DRaaS on a pay-per-use basis; known for its strong compliance reporting capabilities.
• VMware Cloud Disaster Recovery. Offers on-demand disaster recovery for VMware workloads; integrated into VMware Cloud on AWS.
• AWS Elastic Disaster Recovery. A fully managed DRaaS option known for quick failovers.
• Expedient DraaS. Provides seamless failovers to ensure business continuity during disasters; known for providing excellent support.
• Unitrends. Offers fully managed, white-glove disaster recovery as a service; known for guaranteeing on-hour recoveries in its SLAs.
• Intervision. Guarantees swift, cost-effective recovery with 100% test success, robust security and seamless hybrid cloud protection.

The effect of artificial intelligence on DRaaS

Artificial intelligence (AI) is transforming many "as a service" offerings, and disaster recovery as a service is no exception.

As the technology continues to evolve, AI is helping DRaaS move away from being primarily a reactive safeguard that restores operations after a disruption to becoming a proactive safeguard that can minimize downtime, reduce costs and improve business continuity.

Some of the key areas where AI is influencing DRaaS include:

• Risk management. AI-supported analytics can process large volumes of system, network and incident data to detect anomalies, vulnerabilities and threats that may disrupt operations. When organizations can identify risks early, they can take corrective measures before downtime occurs.
• Recovery and restoration. AI can accelerate disaster recovery workflows by automating data replication, failover and failback tasks.
• Data backup. AI can analyze usage trends and cloud performance metrics. The insights gained can be used to optimize backup schedules, storage tiers and data deduplication strategies.
• Scenario-based testing and simulation. AI models can generate realistic disaster scenarios and run simulations autonomously to assess how well a DR plan will perform.
• Security intelligence. AI-enhanced threat detection can flag suspicious activity in DRaaS workflows. Threat detection algorithms examine system and network data to identify potential cyberattacks and prevent data breaches and unauthorized system access.

DRaaS can help your information technology stay running, even when disaster strikes. Learn how to get started with DRaaS so your organization is prepared for the unexpected.