8 cloud disaster recovery best practices Posted on October 24, 2013 by Tim Burke As the virtues of cloud-based data backup and disaster recovery/business continuity become increasingly apparent, it’s important to remember that moving some or all of your backup and DR functionality to cloud services involves more than a quick signup. Here are eight cloud disaster recovery best practices that can make the difference between success and failure: Look for a provider capable of conducting a business impact analysis and helping you develop an effective DR plan. Identifying and then prioritizing your systems and their dependencies (think databases, middleware) is essential if you’re going to protect them. Numerous processes, procedures, and metrics also must be defined during your disaster recovery planning process. Your provider should be able to help your planning efforts as you answer questions like: Can you get by with only replication to failover core systems, or do you require backup? Do you need your cloud based disaster recovery service to support rolling back your data to your enterprise infrastructure? Do your due diligence The right cloud DR service provider will help you identify the risks your enterprise faces as well as the impacts those risks can have on your IT systems and business processes. The right service provider also can aid you in figuring out the comparative cost benefits of various recovery time objectives (RTOs) and recovery point objectives (RPOs)Make sure, too, that your cloud DR provider can deliver what you need, whether it’s meeting SSAE 16 standards or HIPAA, GLBA, PCI-DSS. Verify the security your provider uses (including physical security). Plan for smaller as well as large-scale recoveries Plenty of disruptions are small and localized — so in addition to full backups, perform multiple point-in-time image or snapshot copies of your data so you have more frequent recovery points. You can also use replication services to provide continuous data protection that complements full backups. Anticipate the changes virtualization hath wrought If a virtual server fails, all virtual machines (VMs) on that server are at risk — but remember: Backups at the hypervisor level will limit your restore to a VM-only levelIf you lose your entire site, where should you restore your backups? One option is to run your systems in a cloud environment.Combining virtualized data replication, secure data storage, and disaster recovery capabilities in a resilient cloud environment makes data recovery smoother and less costly, since data replicas and data backups can be managed with the same software. Your provider should be able to ensure the safety, security, and integrity of your data whether it’s replicated to a shared environment or a discrete, dedicated one. Encrypt the data you back up Opt for a backup solution that encrypts data both during transmission and storage — and conduct a search for any ‘back doors’ that might allow unauthorized viewing of your data. Pay attention to that DRaaS SLA Your service level agreement (SLA) spells out precisely what will and will not be provided with your cloud service, and you need to understand it well before any disruption occurs. Make sure you understand …Which operations are essential for service, What data and applications are included, What data and apps must be accessible — and how quickly, How often testing and upgrades are performed, How data integrity is guaranteed. Look for a cloud DR service provider with deep experience and a willingness and ability to customize your SLA to meet your enterprise’s needs. Keep your DR/BC plan up to date and test it often Given how quickly your technology infrastructure changes, your DR/BC plans should be updated at least annually. Also, you should include a brief DR/BC plan review with every significant technology deployment, process improvement initiative, product launch, acquisition, or new branches merger.Proper testing should be undertaken regularly at various levels. For example, you’ll want to conduct cross-functional tests on mission-critical processes during which you engage involved internal and external partners and test multiple scenarios as well as your alternate site.And don’t assume that third-party cloud or managed services providers perform this testing unless it’s been explicitly included in your service-level agreement. Regularly conduct a comprehensive plan review At least once a year, you should review your plan top to bottom and adapt it to reflect changes in your organization.