Disaster Recovery as a Service: Preliminary steps a CIO must take

By CIOReview | Tuesday, July 26, 2016


The U.S. Department of Energy (Las Alamos, New Mexico) was struck with a potential disaster in June, 2011 when a blazing wildfire almost swallowed its southern section. Two of the most powerful supercomputers were housed in this lab, which stimulated a wave of anxiousness among the authorities. Fortunately, ‘the land of enchantment’ witnessed the combination of sudden rain and gritty fire-fighters which saved the day. But you can still imagine the repercussions of disaster the U.S. Department of Energy could have faced.

Yes, no doubt that every organization doesn’t host a supercomputer, or a power plant, or a nuclear reactor for that instance! But that doesn’t lessen the significance of the disaster recovery management systems.

When an organization is hit by a catastrophe, obviously there are mutilations of physical resources that add to the reason of worries but loss of important data can push anyone into the oblivion. Disaster recovery management systems have been significant in recovering the lost data when a disaster strikes, brining the firm on its feet again. So how can an organization employ this? And what are the preliminary steps that a CIO must take? Let’s discuss!

The Evolution

Disaster recovery was developed in the mid- to late 1970s as computer center managers began to recognize the dependence of their organizations on their computer systems. But it was the mid 21st century when it all started to evolve. Suddenly conglomerates started to replace Disaster Recovery (DR) Systems with Disaster Recovery Service.

The reason behind this subtle evolution was to save resources and time.

Disaster Recovery (DR) systems were difficult to operate, and to configure. They also got quickly outdated, and were much more expensive than just backups. On the contrary, Disaster Recovery as a Service (DRaaS) is a cloud based service, which offers testing flexibility, costs much less than DR, is easier to deploy, keeps pace with the organization changes and strategies, and delineates the ability to test the ongoing plans on a regular basis.

Preliminary steps a CIO must take

As a CIO, you must consider that whether your current disaster recovery capabilities are nominal or perhaps insufficient. If it is that way, DRaaS is an option to consider. Carrying out a Business Impact Analysis (BIA) can validate your business needs for DRaaS. Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs) will be specified by BIA that would assist you in identifying mission-critical IT assets and data. It must be made sure that your vendors are fully aware of these objectives and can support it when it comes to implementation. The vendor tasks such as data backup, server backup, DR plan development or DR plan testing can also be analyzed though this process.

Once the vendor verification has been carried out and a potent vendor has been chosen, there are some preliminary steps that you, as a CIO must take.

Phased Migration is the best migration

The best way to approach resources migration to a DRaaS model is through a phased migration. Certain applications, databases and server data which are not mission-critical can be migrated for a few months. This can also be beneficial to examine your vendor support credibility.

Vendor Data Center Verification

You must try to evade any unnecessary cost that may incur through fines and penalties. Make sure that the vendor data centers used for your business comply with standards and regulations, such as the Health Insurance Portability and Accountability Act, Gramm-Leach-Bliley Act, Payment Card Industry Data Security Standard, ISO 27001 and NIST Special Publication 800-34. Defying of such guidelines can not only incur penalties but also can play a foe in customer retention.

DRaaS vendor access determination

Your data is the most valuable asset in business operations migration to DRaaS process. Thus it is imperative for you as a CIO to determine that your DRaaS vendor ensures that access to your data is limited and data integrity is protected. You also must find out the consequences in case your data is corrupted or lost.

Checking the servers

Make sure that the servers and other devices that are present and used for your computing environment are dedicated to your organization. You must not allow the vendor to house data from multiple users on servers. This cause confusion and data can be lost if the servers are not properly managed.

Service Level Agreements

The preliminary steps which you take must involve establishing Service Level Agreements (SLAs). This will give your vendor a clear indication about the services expected from them. You should also establish an emergency remediation process in case the vendor does not fulfill its SLA obligations. This will help you survive if for some reason your DRaaS migration process fails.

DR Plan Developments

To ensure that your DR process is appropriate and will work when it is needed the most, you must take advantage of all the DR plan development available. Resources must also be tested in a disaster type-environment to ensure that the system in working in the intended way.

DRaaS Vendor staff detail

The credentials and references of the staff which belongs to your vendors must be checked thoroughly. All the possible details must be assembled about their staff such that you can really trust your vendor with your crucial and confidential data.


Security of your infrastructure can play a crucial role in the success or demise of your DRaaS process. You must know how your vendor plans to handle the security of your infrastructure. Is there a proper procedure in place or not? And does your vendor have the competency to install a high-end security process if needed?