Cloud Disaster Recovery and Security Template
Cloud Disaster Recovery and Security Template - IT managers have eagerly implemented cloud applications to reap its many benefits: lower hardware and energy costs, more flexibility, faster responsiveness to changing and new applications, and improved resiliency.
But when disaster strikes, some IT managers find their disaster recovery techniques and hardware configuration have not kept pace with their changed production environment, and they're stuck, along with their recovery times, in the pre-cloud era. They falsely believe the improved day-to-day resilience of their cloud environment lessens their need for disaster recovery (DR) planning. In fact, the opposite is true: Catastrophic hardware failures in the cloud environments bring down many more applications than in non-virtualized environments, making DR planning and implementation more critical, not less.
Protecting business means protect ongoing access to functional applications, servers and data; traditionally that means backing up data. However, backing up the data is only part of the equation. If you can't restore the data, the backup effort is useless. If a business relies on tape backup alone, restoration is easy only for the simplest failure, and only if everything goes perfectly. If a hard disk fails and all the backup tapes are good and the staff is practiced at doing the repair and restore, then you might be able to simply buy a replacement part and get things up within a couple of hours - though the data will be from last night's backup. If the problem is more complicated and involve s a replacement server for instance, you will probably need a day or two to get new hardware in place before you even begin to recover.
The right way to evaluate the quality of your system and data protection is to evaluate the Recovery Time Objective (RTO) and Recovery Point Objective (RPO). These metrics define how long you think it will take you to get back online and how current the data has to be.
The best way to ensure a fast recovery is to have replacement equipment standing by at an off-site location with the necessary software and configuration to quickly transfer users and data. The best practice includes a remote data center with servers, storage, networking equipment and internet access.
Restoring to this remote data center from backup tapes will likely take too long, assumes that the tapes were not affected by the original problem and still leaves the risk of only recovering old data. Instead, replication software can be used to keep the backup systems constantly updated.
A four hour RTO and RPO requires:
- Off-site hardware and infrastructure to run servers and applications
- Data updates to the DR site more often than every four hours; preferably real-time
- Continuous updates of the application and OS configuration (without this, recovery may fail after a patch or an upgrade).
- A method to deal with any hardware differences between production and recovery environments.
The template is provided in WORD and Adobe Reader PDF format. It is can be used in whole or in part to plan for, negotiate, and manage the cloud outsourcing process. In the 126 pages included are a job descriptions for Manager Cloud applications, Cloud Computing Architect, sample contract, service level agreement, ISO 27001 - 27002 - 27031 security audit checklist, Business and IT Impact Questionnaire and much more.