Now that early adopters have proven the deployment feasibility and the management and cost reduction advantages of the cloud, businesses are increasingly adopting it for core business applications and IT services. In fact, after successfully piloting cloud usage with SaaS applications such as CRM and ERP, many businesses are now looking to replace their traditional onsite backup and disaster recovery (DR) solutions with cloud-based DR. Gartner states that by 2014, over 30% of midsize companies will have adopted DR in the cloud or recovery-as-a-service. This begs the question: is your business ready to take the leap?

Drivers behind the change

Implementing traditional DR solutions typically involves overcoming a number of hurdles. First, they can be difficult for already overburdened IT staff to deploy, configure, and administer. Moreover, some require the complex integration, coordination and scheduling of disparate systems at multiple backup sites.

Traditional solutions can also be difficult to budget. They often require significant upfront capital expenditures for hardware, software. and networking infrastructure, duplicated across multiple sites. And, once established, they can be costly to scale incrementally. Additionally, these multiple infrastructures must be managed and maintained, adding to administrative overhead costs.

Yet another traditional concern with DR is uncertainty. Many DR administrators simply do not know if they can rely on being able to recover the data they back up.

All else considered, the worst DR is no DR. Yet the awful truth is that most companies have found it difficult to get any DR plan or solution off the ground.

Can taking it to the cloud help?

Cloud-based DR services have the potential to address many of these concerns with traditional approaches. First of all, they are inherently easy to use and manage, as they are typically deployed as turnkey solutions, with the backend all hosted and managed by the provider. Because they operate in virtualized environments, they are generally easier to scale as needed, providing more deployment flexibility, and future-proofing against unanticipated growth. This scalability also provides broader DR options (such as supplementing or enhancing VMware, NAS, or bare metal recovery solutions), thus enabling a best-fit deployment. Perhaps most importantly, by making the process easier, they can enable many overburdened IT organizations to actually get a DR solution deployed in the first place.

Using cloud services can also be more budget-friendly. By eliminating significant hardware costs, they cut out large upfront capital expenses. Instead, DR becomes a flexible, pay-as-you-go operating expense, where companies only pay for the capacity they consume, and can fine-tune or terminate services altogether on demand.

Recovery-as-a-service can also help assure reliability. With no upfront investment, it is easier to test a solution before adoption. Moreover, cloud-based DR technology has matured to the point of providing reliable quality of service and uptime levels, as well as cloud-based validation of backed-up data.

Not all silver linings

Still, there are many challenges that businesses must consider that are unique to cloud-based DR. For example, placing your backups on the cloud may create greater dependency on network availability and, subsequently, in the service levels of your providers.

Likewise, with cloud-based DR, companies can have less control over throughput, and any degraded performance can potentially generate transactional lag time. While this might not significantly affect recovery of static files or email, it can make cloud-based DR inappropriate in other scenarios, such as in recovering dynamically replicated databases. Increased demand for additional bandwidth might also result in unanticipated cost overruns.

Compliance can be another serious concern for many businesses looking at cloud-based DR. While cloud-based security and encryption technology has matured, there may still be gray areas when it comes to meeting regulatory standards, such as with healthcare or financial data.

Ready-or not

Ultimately, DR is about shifting the uncertain to the certain. We cannot be certain when a disaster event may occur, but we should-and must-be certain of the systems and procedures we put in place to recover when they do. To determine whether your business is ready to bring DR to the cloud, you need to consider factors pertaining both to your own organization and to your service provider. The viability of implementing recovery-as-a-service in your organization hinges on both business and technology criteria.

On the business side, you should calculate return on investment by contrasting the projected costs of cloud-based DR against the costs of traditional onsite DR (including equipment and staffing)-as well as against the projected business costs of enduring a catastrophic system failure while having no DR solution in place at all.

As with any DR planning, you should determine your recovery time objective (RTO) within which your core systems must be restored so as not to create a revenue-impacting break in business continuity. You should also identify any system elements which would be negatively affected by potential transactional lag times. Specify what is required to meet compliance with your particular industry’s regulatory mandates (such as end-to-end encryption of data in-flight and at-rest, or granular recovery of transactional data).

You will also want to consider what options you need to meet the specific recovery needs of your business. Potential data recovery capabilities your organization might require include file-based backup, multi-platform device and OS support, and archiving. Potential system recovery capabilities might include block-based backups, and being able to rapidly restart applications in the cloud with a subsequent phased recovery on-premise.

On the cloud service provider side, you need to verify that their service level agreement (SLA) meets your defined business requirements, particularly in the areas of reliability, performance and compliance. Closely examine the fine print on costs associated with scaling up capacity or bandwidth.

Be sure you are willing to house your data on your provider’s cloud. Confirm your provider’s cloud data center security and availability features, such as AES 256-bit encryption for data-in-flight, uninterruptible power (UPS), and seismic rating, as well as physical security measures such as biometric identification and motion-sensitive CCTV monitoring.

The underlying technology used by your service provider can also provide insight into the viability of your solution. Look to providers with a comprehensive, full-featured offering on a mature, established platform, with central management of data and policy, as well as granular reporting.

By closely evaluating all of these criteria, you can determine with certainty whether cloud-based DR will work for your organization.


Implementing a DR solution is never simple. But for some companies, the emergence of cloud-based DR services can make it much easier, affordable and reliable. Whether your business can take advantage of these benefits will depend on taking a hard look at your unique DR needs and matching them to a service that fits. An uninformed decision will only add more uncertainty, rather than alleviate it.

Patrick Sweeney is Vice President, Product Management, for Dell SonicWALL.