With the large amounts of data organisations are responsible for, cloud adoption is growing. IT DR managers are hailing the benefits of the cloud for DR — specifically disaster recovery as a service (DRaaS).With this new delivery method, there are fundamental compliance concerns that are becoming more notable as well.
Prediction 1: Hybrid-infrastructure DRaaS is the way of the future.
The movement toward cloud-based DR was led by organisations on opposites ends of the spectrum — large enterprises and start-ups — which vaulted data in public clouds.
But there are fundamental problems with this approach to DR: the cloud is simply a repository for data. After moving data to the cloud, businesses check DR off their list of to-dos without creating a legitimate recovery strategy. What would happen if the network went down? How would the organisation connect to its data? And what about businesses that have a mix of physical and virtual infrastructure along with unique apps that are hard to run in various environments? Is cloud-based DR off the table for them?
DRaaS was born in response to these challenges. In fact, global research company MarketsandMarkets projects that the DRaaS market is expected to experience a compounded annual growth rate of 55.2 per cent from 2013 to 2018. Rather than simply vaulting customers’ data in the cloud, cloud DR providers began helping businesses vault and recover their data to physical hardware, virtual machines or another cloud environment.
While standard DRaaS delivery models revolutionized the cloud industry, there still existed a subset of businesses that needed hybrid strategies — they required the ability to manage specific data or applications on-site while having the ability to offload data to the cloud.
Over the last couple of years, several providers have begun offering hybrid-infrastructure DRaaS, which allows organisations to store critical data in an on-site appliance and manage their other backups in the cloud. This model has resonated well with organisations. During interviews with storage and IT professionals at more than 250 midsized and large enterprises worldwide, 451 Research's TheInfoPro service confirmed that businesses are steadily adopting dedicated storage appliances for DR.
The benefits of using hybrid-infrastructure DRaaS are manifold. These solutions not only help secure and recover data, but they also help meet several of IT DR managers’ top challenges.
Prediction 2: Compliance concerns are becoming more critical.
When it comes to compliance, businesses often have difficulty keeping up with the constant changes. There are several aspects to keep up with, so it sometimes gets pushed to the back burner.
Some businesses are struggling with efficiently responding to regulatory changes, and 57 per cent say a communication breakdown with the government is to blame. To help deal with this challenge, some businesses, particularly in the banking industry, are creating positions for dedicated regulatory program managers. But this creates another problem with companies reporting a shortage in regulatory program manager talent.
This leads 48 per cent of companies to think senior management lacks integrated responses to regulatory reform. It's essential for all business functions to mesh, especially when it comes to compliance. If only half of the departments are considered compliant, the business is still noncompliant.
Compliance is a pressing issue for UK businesses, as both individual organisations and any third-party providers they use should comply with operational standards required by PCI-DSS, EU Data Protection Regulation and ISO standards as needed.
In addition, businesses have to be mindful of mandated data retention time frames for specific types of data, which can vary by industry. Employee payroll information, for example, must be retained for six years as required by the Taxes Management Act 1970.
There are often guidelines surrounding how data is used as well. When an organisation manages any personal information belonging to customers or employees, the UK government requires the business to take adequate measures to protect that data. These measures include informing individual people and the Information Commissioner’s Office how data is used (and if it will be passed to other organisations, such as cloud services providers) and responding to data protection requests as needed.
Cloud-based solutions such as DRaaS can help businesses take control of their data by automating backup processes and making electronic records easily accessible. However, before vaulting data in the cloud, organisations need to ensure the provider employs stringent security practices, including encryption of data in transit and at rest, compliance with BCI standards, 24/7 data centre monitoring and employee background checks.
It’s also important that businesses are aware of where data stored in the cloud is transferred. Compliance obligations – whether explicit or implicit – sometimes restrict the flow of data across EU borders, and many cloud-based solutions have multiple back-end data centres spanning multiple regions.
A business’s requirements for the cloud vendor should be backed by a service level agreement with predefined, clearly outlined remedial processes. While the growing amounts of data is presenting new challenges to security professionals and BC/DR planners, organisations can take advantage of the resources available to them – such as BYOD program planning services and DRaaS – to ensure the data explosion helps rather than hinders business operations.
Brandon Tanner, senior manager, IT Specialists
Image Credit: Olivier Le Moal/Shutterstock