Jul 19 2023

Disaster Recovery as a Service Is Vital to State and Local Government’s Defense

Experts share insights into the value of DRaaS and all that cloud services can do for restoring operations.

Disasters come in all shapes and sizes. So too do new offerings to help state and local governments recover as quickly as possible. Government agencies often turn to Disaster Recovery as a Service to ensure a rapid return to operations. The goal is to replicate both data and infrastructure offsite — often in the cloud.

In the past, large organizations facing a disaster situation often operated an existing mirror production location, duplicating the entire IT stack. That included hardware and software.

“DRaaS eliminates the need for a secondary physical site,” says Phil Wandrei, director of product marketing for OpenText. “No iron, no cooling.” And agencies don’t require staff devoted to maintaining the infrastructure.

A lower cost means it’s more attractive to small government agencies, Wandrei adds: “The cost shifts from being a capital expense to an operating expense.”

Click the banner below to learn how Backup as a Service can enhance data protection.

What Is DRaaS?

VMware defines DRaaS as “a cloud computing service model that allows an organization to back up its data and IT infrastructure in a third party cloud computing environment and provide all the DR orchestration, all through a SaaS solution, to regain access and functionality to IT infrastructure after a disaster.”

The on-demand nature of DRaaS also makes it easier on the wallet, says Mark Chuang, head of product marketing for cloud storage and data solutions at VMware. “DRaaS removes the long pole in the tent, setting up a disaster recovery site and doing all the hardware and software procurement that made traditional disaster recovery so expensive.”

Third-party management of backup IT infrastructure is a key part of DRaaS. But there are some variations on how it gets used. A customer can choose to maintain control of the software or hand that off to the disaster recovery service as well. There are three primary models of DRaaS, according to Kevin Cole, global director of technical product marketing for Zerto.

  1. Disaster recovery to the managed service provider: The customer runs production itself and replicates to a remote target that the provider manages. (This is the most common model.)
  2. Disaster recovery from the cloud: The customer runs production in the managed service provider’s cloud and replicates to a remote recovery target that the customer manages.
  3. Disaster recovery in the cloud: The customer runs both production and recovery in the MSP’s cloud, i.e., in-cloud or intracloud DRaaS where everything is fully hosted and managed by the managed service provider.

“The customer knows its hardware and continues to run it offsite,” Cole says.

That’s important, agrees Chuang. The DRaaS provider should supply the same IT stack so everything is familiar during an emergency.

Kevin Cole
BaaS is focused on compliance and the storage of data.”

Kevin Cole Global Director of Technical Product Marketing, Zerto

How Does DRaaS Differ from Backup as a Service?

DRaaS is more than simply backing up an agency’s data. To better understand it, consider Backup as a Service, or BaaS.

HP defines BaaS as “a managed, third-party service where data is stored in a secure, hybrid cloud or offsite cloud repository — safe from unauthorized access, corruption, hacking or theft. The data can include anything of business value, from files and images to entire application workloads and data sets. Backup frequency is determined by customer needs.”

It does not include the backup of servers or software.

“BaaS is focused on compliance and the storage of data,” Cole says. “I want cheap and deep. It’s a check box.” By contrast, DRaaS “is about minimizing data loss and downtime. It much more prioritizes performance rather than breadth.”

BaaS recovery times tend to be longer (hours or days) because large data sets must be transferred back from the managed service provider to the on-premises data center. With DRaaS, vital information is resident and accessible in the cloud in minutes or seconds.

READ MORE: How backing up data in the cloud ensures smooth cyber recovery.

Why Do State and Local Governments Need DRaaS?

Hurricanes, tornadoes, floods and other natural disasters tend to grab headlines, but ransomware is the top driver of disaster recovery for public sector organizations.

The unique difference in getting hit by a hurricane is that IT staff know when it happened and where the exact restore point rests. A ransomware attack is far more complex, Chuang says. “What’s the best recovery point to go back to? If I go back too far, I might lose business data. If it’s too close, it’s likely ransomware is in that restore point. You could end up infecting more of the production environment.”

Mirrored servers and data living in a DRaaS configuration can suffer the same contagion unless they are continuously monitored by artificial intelligence to pick up odd behavior, experts say.

“DRaaS takes more time to fix” in a malware situation, Wandrei says. “You have to do some validation.”

Click the banner to learn how your agency can increase its ransomware recovery capability.

What Is Recovery Time Objective for DRaaS?

Disaster recovery of any flavor is built around the presumption of a catastrophic failure. “They’re having to restore their entire environment,” Wandrei says. “What is the priority of restoring those systems?”

That means asking some tough questions about data hierarchy and how quickly an organization must be back up and running, also called the recovery time objective.

The moment that the tornado rips off the roof is not the time to start puzzling out these details. Wandrei suggests a comprehensive strategy that includes recovery (in the case of physical disaster) and detection and investigation (when malware is involved). The next most important thing to do is test the disaster recovery system — and do it often.

An IT chief has a hundred plates in the air at any given moment. Experts say it’s easy to set up a recovery scheme and then assume it will work in the crunch, but that’s not the best move.

“Testing equals confidence,” Chuang says. VMware runs a mini test every 30 minutes. At the very least, a disaster recovery system should be put through its paces once a month.

Van Flowers, senior systems engineer for Cloudian, agrees. “You need a test plan that runs without warning, a non-scheduled exercise,” he says.

Hays is a disaster recovery service based in Tallahassee, Fla. The company uses the Cloudian platform in its work with a multitude of state and local government organizations. “Not a lot of folks are wanting to hand off management of DRaaS,” says Jeff Chaffin, director of cloud and sales operations for the company.

Higher cost is the issue. Hayes charges much more to manage data because it’s a liability. “Governments want to offload risk and point fingers if something goes bad,” he says.

EXPLORE: What are the benefits of hybrid cloud environments?

How Does DRaaS Help with Business Continuity?

Government officials must understand the differences between disaster recovery and business continuity, as they are often lumped together. 

Disaster recovery encompasses the plans an organization establishes for handling a catastrophic event. It’s focused on what a business must do to return to normal operations as fast as possible.

Business continuity is a blueprint of exactly how a business will proceed during and after a disaster. It’s a fire drill on steroids, with clear plans and contingencies on how an agency can continue operations during a crisis. That includes staffing, addressing supply-chain difficulties and possibly working from an alternate location.

Businesses are increasingly forced to deal with discontinuities, says IT researcher Navid Sahebjamnia. “It is almost impossible to predict their nature, time and extent. Therefore, organizations need a proactive approach equipped with a decision-support framework to protect themselves against the outcomes of disruptive events.”

Or take some good advice from time management guru Alan Lakein, who famously said, “Planning is bringing the future into the present so that you can do something about it now.”

Vladimir_Timofeev/Getty Images

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT