5/5 - (1 vote)

Disaster Recovery solutions restore IT infrastructure to health after a failure or attack. We explain how to use it in conjunction with backup. The material will be useful to specialists who are starting to work with the cloud and are just getting acquainted with its capabilities.

Why are we talking about this

Last year alone, the number of cyberattacks increased more than fivefold, but the situation is gaining momentum. The likelihood of large leaks is increasing, and in practice even large IT companies face them. According to experts from the University of Texas, half of the organizations that have allowed data loss stop working within two years. For small businesses, which obviously have less margin of safety, this figure rises to 70%, and the shutdown period is reduced to one year.

But even if the company manages to survive after the leak, it still bears reputational risks. Affected partners and customers are beginning to have less confidence in the products offered by the affected business. As the current situation shows, it is not so difficult to face such problems. It’s not just about cybercriminals who are constantly developing new tools and methods of hacking, including those based on artificial intelligence systems. But also in the fact that frameworks like ISO 27001, NIST Cybersecurity Framework and other methodologies related to information security often do not keep up with changes and lose relevance for certain organizations. They move away from the real cases that information security specialists have to deal with.

At the same time, a significant part of companies, of course, consider cyber risks the main threat to business and invest in personnel. Resources are also directed to the purchase of cyber defense systems. In 2021, this market was estimated at $165 billion, but analysts expect it to grow to $366 billion by 2028. A variety of hardware and software tools for combating data theft and other attacks, from network perimeter protection tools to antivirus software , contributes to this growth rate. security . Today we would like to talk about specific solutions.

The essence of Disaster Recovery

The average company spends up to two months patching infrastructure vulnerabilities. During the current crisis, this time may be extended, and as a result of intense attacks, organizations are more likely to act in a hurry and experience severe disruptions. Backups and Disaster Recovery solutions help to minimize damage. With their help, you can restore data and infrastructure in the event of a hack, employee error, or hardware problems.

At first glance, these tools solve the same problem – they allow the business to continue working if the infrastructure fails or data disappears from the database. But there are still differences between them.

The frequency of data copying . BaaS involves sending copies of virtual machine images on a schedule – for example, once a day – to the cold storage of a cloud provider. When data is lost, it is simply restored from the backup. If we talk about Disaster Recovery systems, then an additional platform is formed in the cloud with constantly updated replicas of virtual machines, corporate applications and services – while replication occurs regularly throughout the day. So, in the event of difficulties, the load is switched to the “alternate airfield”.

The relevance of the data is the second difference related to the previous point. The fact is that a backup involves storing multiple copies of data, and you can restore them to any saved version. But it is obvious that at this moment some of the information will be lost – its amount depends on the backup schedule that determines the RPO (recovery point objective) parameter. At the same time, restoring data from cold storage takes a lot of time, which is determined by the RTO (recovery time objective) parameter. This task can take from several hours to days, depending on the amount of information. All this time, corporate services are idle.

As for disaster recovery systems, their RPO and RTO indicators are much lower. Replication takes place in the background throughout the day, so the backup site always has an almost complete copy of the main infrastructure, and switching to the “alternate airfield” after an emergency occurs within a few minutes. As a result, the business does not notice the consequences of the failure. For example, among our clients there is a logistics company for which the Disaster Recovery solution reduced system downtime by 20%.

However, it is worth noting that disaster recovery systems do not allow you to “roll back” the infrastructure to earlier states, since the backup site contains a complete copy of applications and databases. In this context, it makes sense to use backup and disaster recovery systems in pairs to eliminate a wider range of risks.

Fault tolerance . Finally, backup is not a business continuity tool. But disaster recovery provides a foundation that is more resilient to various risks, further increases the security of the infrastructure, and helps to avoid losses due to downtime.

In this vein, the work of Disaster Recovery implies two scenarios. The first is when corporate services are launched on-premise, and the cloud acts as a reserve. In the second case, the provider’s geo-distributed cloud infrastructure plays the role of the main and backup site. Which option to choose depends on the needs of the organization and the required recovery plan.

What else can be done

There are a few things to keep in mind when working with backups and disaster recovery systems. It is necessary to regularly evaluate the health of backups and infrastructure at backup sites so as not to end up in a situation where it is impossible to restore the system after a failure.

To do this, it is enough to conduct regular spot checks and test migrations to the backup site. In parallel, it makes sense to revise the stored data in order to exclude irrelevant information. This approach will save resources and disk space with copies.

These obvious recommendations will seriously increase the fault tolerance of the infrastructure. But unfortunately, not everyone follows them – according to statistics, more than half of the backups are in an inoperable state.

To increase the reliability of the infrastructure, it is worth paying attention not only to backups and replicas, but also to the applications themselves, which are subject to protection. During development, experts recommend following graceful degradation practices. They determine the system’s ability to continue working even if some of its components fail – this is especially important in the context of a corporate infrastructure that includes thousands of interconnected services.

What to remember

Backups allow you to save a copy of the data, and then restore it in case of loss. But Disaster Recovery creates a working copy of the services and restores their performance in case of serious failures within a few minutes – so much is needed to switch traffic. We offer the implementation of the DRP, please contact as [email protected]