Backup vs. Disaster Recovery: can you use the public cloud for it?

2023 06 01 · 4 min read

Disruptions of IT systems are inevitable in any company. Factors such as human error, natural disasters, or malicious cyberattacks disrupt companies’ applications that can result in financial losses, reputation damage, or compliance breach. 

IDC states the annual cost of systems downtime in 2020 was between $1.25B to $2.5B. Such figures indicate how important it is to have disaster recovery as an essential component of companies’ business continuity strategy. Understanding the core concepts of disaster recovery, the differences between disaster recovery and backup, and best practices for planning and implementing disaster recovery can help to void huge losses.

This blog will explore the benefits of using the public cloud as a recovery site for on-premises and cloud-based applications. In many cases, cloud-based recovery both lowers’ costs and improves resilience.

The difference between backup and disaster recovery

Before developing a disaster recovery plan, it is important to understand what disaster recovery is and how it differs from backup.

Some companies mistake backup for disaster recovery. But as they may discover after a severe IT disruption, having a copy of data (backup) does not mean you can keep your business running (disaster recovery). 

Backup

Backup is the process of making a copy (or multiple copies) of data to protect against data loss. Backup solutions keep extra copies of data locally and in a remote location, or both, so that it can be recovered if any data is lost or corrupted. Local backups can be restored more quickly than remote backups, but remote backups have the advantage of increased resilience due to geographic redundancy.

Disaster recovery

Disaster recovery refers to the plan and processes for quickly re-establishing access to applications, data, and IT resources when a disruption occurs. This plan might involve switching over to a redundant set of servers and storage systems (also known as failing over to a secondary or recovery site) until your source servers are functional again. Switching to a secondary site is not done automatically but is instead performed based on an explicit decision of an authorised team.

The main differences between backup and disaster recovery:

How to choose between backup and disaster recovery?

Backup and disaster recovery are not mutually exclusive. Business requirements may ask companies to apply a combination of these solutions, depending on the resilience requirements of each application. In terms of similarities, both backup and disaster recovery solutions maintain copies of historical data that may have changed in the source server. Often they are referred to as “snapshots” or “point-in-time copies”.

The main difference is that backup solutions can restore a previous version of data if it was incorrectly modified or corrupted on the source server. Meanwhile, disaster recovery solutions can launch copies of applications in an operational state.

In addition, disaster recovery solutions can launch applications from a previous point in time, which allows a successful recovery if the latest state of the source application prevents normal operation. Database corruption, ransomware data encryption, and incorrect software configuration also fall under this category.

When deciding whether an application needs a backup or disaster recovery solution, consider the following differences:

• Purpose. Backups can help if you need to access lost or damaged files. It could be an email, Excel file, or database. They are also useful for long-term data archiving and data retention. Also, if you need to restore a particular chunk of data, it is better to do it from a backup rather than from the entire application. But if your goal is to recover functioning applications after IT disruption, disaster recovery solutions would help to achieve it faster. Disaster recovery solutions enable you to perform a failover and launch replicated workloads from the secondary data centre. In such a way, a business can continue operating even if the main IT systems site is down.
• Speed of recovery — a practice of restoration of data from backups does not help with the quick recovery of business operations. Disaster recovery replicates your critical applications to perform failover for affected applications under certain circumstances rapidly. With disaster recovery solutions, you can achieve a recovery time objective (RTO) of minutes and a recovery point objective (RPO) of seconds. Backup solutions are not able to meet such SLA requirements.
• Resource allocation. Backups are usually stored in a compressed state as they do not have quick restoration requirements. Therefore, companies use low-cost, low-performance storage (often off-site) for backup. Disaster recovery requires a separate site with operational IT infrastructure that should be ready for a possible failover at any time. Due to such prerequisites, you would need to dedicate additional resources.

What could be the business impact?

A well-planned and implemented disaster recovery solution helps mitigate the damage that a disaster can cause, including direct and indirect financial loss. 

The impact of direct financial loss is most relevant for applications that are critical for revenue-generating processes. For example, free external-facing IT systems that are provided to your customer. It also can be an internal IT system that processes data required for revenue generation. Indirect financial loss may occur when your customers abandon your solution and switch to a competing product because your service was unavailable for a significant amount of time.

Reputational damage. Downtime caused by unexpected IT disruptions significantly harms your company’s reputation. You can lose trusted provider status in a day while gaining it back might require years. A recovery plan that can be executed efficiently in the short term can help avoid irreversible damage to a company’s corporate image.

Failure to abide by compliance standards. Compliance standards, including System and Organization Controls (SOC), Payment Card Industry (PCI), and the Health Insurance Portability and Accountability Act (HIPAA), require a disaster recovery solution to be in place. Some even add specific requirements, such as minimal physical distance between the source adsnd recovery sites. 

How to analyse the risk?

It is important to remember that a disaster’s negative impact is not equivalent to all applications. Conducting a business impact analysis for each application will help to quantify the business impact of a disruption to each application. When calculating the business impact, consider application downtime’s consequences on internal and external customers. Furthermore, consider the cost, reputation, and compliance effects on your business.

The business impact of a disaster may differ depending on time. For example, a disruption of the payment system will likely have a higher impact during the seasonal retail peak period (October-December).

Determining recovery objectives

When planning a disaster recovery solution, you should define each application’s recovery time objective (RTO) and recovery point objective (RPO). Use the risk analysis to help you determine how quickly the application needs to be made available (RTO) and how much data loss can be tolerated (RPO).

The recovery time objective (RTO) describes the longest acceptable period from the IT application disruption until the service is up and running again. This metric is an agreed-upon time window that all stakeholders determine as acceptable.

The recovery point objective (RPO) describes the biggest acceptable gap between the original data and the recovered data of the application. This metric is an agreed-upon amount of lost data (measured in time units) that all stakeholders determine as acceptable. 

RTO and RPO for each application depend on many factors, such as business impact, service level agreements (SLAs), and external compliance requirements.

Here is an example of common standards:

Use the risk analysis and recovery objectives to choose the most appropriate disaster recovery strategy and tools for each application. Your goal should be meeting RTO and RPO requirements while reducing TCO.

Public cloud services for disaster recovery solutions

You can use public cloud services to implement disaster recovery solutions meeting your company’s needs. The disaster recovery industry has changed dramatically in recent years due to the advancement of cloud technology. In addition, cloud providers such as AWS and Microsoft Azure allow paying only for the used resources, which is not the case with most on-premises data centres.

The public cloud’s elasticity, scalability, and security benefits make it an ideal disaster recovery site. It reduces disaster recovery TCO by decreasing both capital expenditures (CapEx) and ongoing IT operating expenses (OpEx).

Advantages of choosing public cloud for disaster recovery:

• Hardware — no hardware is needed when using public cloud services as your target recovery site. You pay for recovery resources only when you use services, in this case, during a disaster. This means no CapEx investment or unnecessary duplicate provisioning of resources.
• Software licenses — when using the public cloud as your recovery site, you can minimise the need for duplicate software licenses. Software vendors usually do not require duplicate licenses for standby systems. With a cloud disaster recovery tool, you can sync servers to cloud providers’ data centres without running operating systems or application licenses. 
• Disaster recovery infrastructure resources — typically, disaster recovery solutions require duplicate compute and storage infrastructure in the recovery site. With the public cloud, you can replicate your applications into a low-cost storage area and reduce the cost of infrastructure. Following this way, you also eliminate the costs of maintenance for computing resources. 
• Management and monitoring — public cloud disaster recovery services give you advanced automation functionality, which means fewer IT resources require manual maintenance. Automation minimises the time for converting servers from one infrastructure to another.

Regarding business continuity, all applications should not be treated equally. Conducting a proper business impact analysis for each application will help determine whether it requires a lower-cost backup solution focusing on data retention or a more robust disaster recovery solution that can minimise downtime during an IT disruption.

After determining which applications require disaster recovery and their objectives, consider leveraging public cloud services to establish a recovery site. This will allow achieving a win-win of meeting the SLAs requirements and keeping the TCO low simultaneously.

So, if you want to consult about backup and Disaster recovery, please contact us – the Baltic Amadeus team. We take pride in being experts in the field, and we are committed to ensuring that your project runs smoothly and efficiently.