When an enterprise gets migrated to a virtualized environment, it makes sense strategically to pursue a cloud disaster recovery (DR) initiative. A cloud DR initiative implies that instead of depending on an organization’s resources for system and backup, a third-party organization can fulfill the former’s DR requirements.

Potential benefits and concern of DR services

•    Benefits

1. A Secure disaster recovery environment for organizations.
2. Sufficient resources to backup and secure critical data.
3. Support for DR program activities like facilitating and documenting DR tests.
4. Commitment towards providing long-term support for DR requirements.

• Concerns

1. A robust and secure framework around the data concerns about strategies to prevent unauthorized access to the systems and data.
2. Strategies to avoid rouge cloud implementations using an enterprise’s data.
3. Strategies for optimization of performance and resource management.
4. Vendor’s disaster recovery planning, testing and documentation, and deployment capabilities.

An effective strategy to deploy cloud DR services begins with launching a pilot cloud DR program. Scheduling and conducting tests to recover (e.g., failover) systems and data to their backup peers, followed by a subsequent recovery (e.g., failback) to the original production status will be crucial. With review of the pilot, launch a production schedule depending on the RTO and RPO to the cloud of selected production systems and data. Initially, one would like to establish a balance between on-site DR resources and cloud DR services, but as they gain more experience and confidence with the cloud DR service, they can consider shifting backup and recovery for additional production systems and data to the cloud DR service. Note that, due to legal considerations, it is advisable to maintain in-house backup and recovery for the company's significant assets.

However, one has to make sure that they are confident that the cloud DR service provider encourages periodic testing of recovery capabilities. Also, from an audit perspective, there should be assurance that the service provider can deliver documentation of all its proposed activities, including testing.