If you live in Washington, D.C. — or any of the dozen states affected by the recent Colonial Pipeline hack — you know ransomware can have a direct effect on your life. Thousands of drivers were forced to wait in line for gas, while many more had to do without. Elsewhere, cyberattacks have even more significant consequences — hospitals were targeted at the chaotic height of the COVID-19 crisis, and 911 call centers are not sacrosanct, either.

Businesses should be prepared for anything that may occur. Still, among the many stats recently cited by Forbes, nearly 80% of senior IT and IT security leaders believe their organizations lack sufficient protection against cyberattacks, despite their increased IT security investments.

Attackers go for the low-hanging fruit — companies that are easy to strike will be hit again, which is a significant reason to invest in a disaster recovery (DR) plan as part of a comprehensive ransomware protection strategy.

The Cost of Downtime

There are many reasons why disaster can strike your tech stack beyond a ransomware attack. For example, human error, a power outage, or natural disasters (such as the surprise wintry weather in Texas or the raging wildfires on the West Coast). Any unforeseen problem can cause considerable damage to your business.

Worse, that damage is magnified to an even greater degree as many corporations move their operations online. Because of the pandemic, grocery stores that once had online food delivery services as a sideline came to depend upon having a digital presence. The same dynamic has held for every business today.

Losing your digital presence because of a disaster is the same as shutting down and locking the door because it not only impacts customers but also employees, suppliers, and partners — they all require online or IT services. With Gartner estimating the average cost of network downtime is $5,600 per minute, or $336,000 per hour, having a working (and constantly updated) DR plan is no longer just an IT decision but a business decision, too.

According to The National Institute of Standards and Technology (NIST), the Cybersecurity Framework says businesses faced with disaster should identify, protect, detect, respond, and recover. Your DR plan should also be regularly updated and monitored for changes. For example, adding a new application to the IT operations changes the business resiliency surface. And, when someone in IT makes a routine upgrade at an organization, it introduces a new configuration that needs to be accounted for.

DRaaS: The Last Line of Defense

Anything could happen to a tech stack. Of course, there are protections in place to prevent it in the first place, but DR is the last line of defense — the last point of safety. A traditional option is to have a second DR data center and absorb the cost and complexity of that, which is helpful but expensive and difficult to maintain. Something more is required — an on-demand disaster recovery service that provides an easy-to-use, software-as-a-service solution (DRaaS). This leverages cloud economics to keep disaster recovery costs under control while meeting business SLAs.

The traditional DR option is a CapEx headache as it requires owning or leasing additional facilities as well as purchasing both hardware and software. And that’s not to mention the OpEx costs of support, upgrades, and failures.

Operating a second data center is a valid solution, indeed — if you can bear the expense and manage the complexity. But DRaaS allows businesses to shift from a hardware-intensive, high-upfront investment model that amortizes over time to a subscription that is up and running rapidly. For example, an environment with approximately 200 virtual machines and 20 tebibyte (TiB) of data can be up and running with a DRaaS solution in as little as five days.

The process has five discrete steps: plan, protect, configure, test, and report. On Day 1, you will plan. That means you’ll map your applications and select your SLAs. You will also organize and prepare your on-premises infrastructure. On Day 2, you’ll build your sites and define policies. You will also begin data copy.  

On Day 3, you’ll deploy your cloud test and align your sites. You will also define your DR plans. On Day 4, you’ll want to test failovers, measure results, and adjust your plans accordingly. Finally, on Day 5, you’ll review your runbooks and monitor sites. As needed, you will then revise and repeat your steps.

The entire process is straightforward but vital because, as the last year taught us, businesses must be prepared for anything. A crisis can come from cyberattacks, human error, or natural disaster. Opting for DRaaS as a last line of defense is easy-to-use, cost-effective, and fast to deploy.