How to Get Started with Disaster Recovery as a Service (DRaaS)

1. Assess the current Disaster Recovery environment size, projected growth, and functionality.

An IT readiness and security assessment is the best starting point to plan a DR strategy that adequately protects mission critical and sensitive data. This process also helps determine your organization’s current security posture by identifying and documenting areas of weakness and possible intrusion. It assesses the financial risk to the organization in the event that critical applications become unavailable. An IT assessment should also compare RPO and RTO in the event of a failover. Lastly assessing the environment should inventory all data to be protected and the resources needed to operate that environment in another data center.

2. Perform a consequence analysis, risk assessment or complete DR test against expected benchmarks.

Several approaches exist for moving DR operations to the cloud. A consequence analysis helps determine if the entire operations should be migrated or only certain pieces of it. This step also identifies the DR functions that are most critical for the organization, which involves defining the performance risks of moving each DR component to the cloud.

A risk assessment provides an organization with a clear understanding of its current DR preparedness and what may be missing, in turn helping to categorize data into priority tiers. This allows organizations to build out a DR migration plan that protects mission critical data while remaining budget friendly. The risk assessment should also identify parts of the production environment that aren’t a good match for cloud hosting.

3. Determine the solution requirements and expectations for the new Disaster Recovery solution.

Once you’ve identified the data sets that are good candidates for migration, you can define the capabilities that your DRaaS provider must provide and SLAs associated. These primarily include the RTO and recovery point objective (RPO) targets for each application. Some applications may also have specific backup requirements, typically critical healthcare business applications such as Epic and MEDITECH require data retention policies to be strictly adhered to. DRaaS vendors also need to meet applicable regulatory requirements through documentation such as a Business Associates Agreement (BAA) and HITRUST certification.

In addition, it’s important to define general requirements such as ensuring that the DRaaS solution will properly protect data during storage and transit. Solution deployment timelines and other expectations related to DR testing and remediation are also key requirements for a DRaaS solution, as are the IT resources needed to deploy the solution.

4. Select the DRaaS solution with the best ROI for now and future growth.

Several types of DRaaS solutions are currently available, ranging from an on-site private cloud to a fully hosted cloud platform. Many organizations use a mixed approach based on the specific objectives of their DRaaS solution. If you want to recover applications as quickly as possible, a DRaaS that uses cloud replication is the best choice. Replication, especially continuous, provides maximum protection for critical applications with the best RPO and RTO. This advantage over traditional backups allows organizations to recover quicker, resulting in less downtime and protection in the event of a cyberattack.

Get a second opinion on your DR preparedness by requesting a DRaaS Assessment from ComportSecure. Our certified IT experts analyze your current environment to identify gaps and improvements that ensure data protection.

GET YOUR ASSESSMENT

Author: Bill Flatley, Field CTO for Healthcare

Bill is responsible for technical strategies and recommendations for Comport’s Healthcare clients. His extensive experience includes four healthcare systems in leadership roles supporting Clinical Applications, Digital Health, and Office of the CIO as the primary liaison between IT and the business.