Disaster Recovery as a Service (DRaaS): Is It Right for Your Organization?
Building and maintaining a disaster recovery site is expensive, complex, and often neglected. Disaster Recovery as a Service (DRaaS) promises to solve all three problems by moving DR to the cloud. But is it the right choice for your organization?
What DRaaS Actually Is
DRaaS is a cloud-based service that replicates your critical workloads to a cloud environment and provides automated failover capabilities. When a disaster strikes your primary site, DRaaS can bring your applications online in the cloud within minutes to hours.
Key components:
- Continuous or near-continuous replication of VMs and data
- Automated failover orchestration
- Network and DNS management during failover
- Recovery testing capabilities
- Failback procedures when your primary site is restored
The Business Case for DRaaS
Traditional DR costs:
- Secondary data center lease or colocation: $50,000-500,000/year
- Duplicate hardware and licensing: $200,000-2,000,000
- Network connectivity: $12,000-60,000/year
- Staff to maintain DR environment: $150,000-300,000/year
- Regular DR testing: $20,000-100,000/year
DRaaS costs:
- Monthly subscription based on protected workloads: typically 30-50% less than traditional DR
- No capital expenditure on hardware
- Testing included in the subscription
- Managed service reduces staff requirements
When DRaaS Makes Sense
Good candidates for DRaaS:
- Mid-market organizations (100-5,000 employees) without a secondary data center
- Organizations with straightforward VMware or Hyper-V environments
- Companies with RTOs of 1-4 hours and RPOs of minutes to hours
- Organizations that struggle to maintain and test traditional DR
Poor candidates for DRaaS:
- Enterprises with complex, highly customized application stacks
- Organizations with sub-minute RTO requirements
- Companies with strict data sovereignty requirements
- Organizations with very large datasets (petabyte-scale) where replication costs become prohibitive
Evaluating DRaaS Providers
Key Questions to Ask
- What is the actual RTO guarantee? Not the marketing claim — the contractual SLA with penalties
- How often can you test failover? And is it a non-disruptive test or a full failover?
- What's the failback process? Getting data back from the cloud to your restored primary site can be slow and expensive
- Who manages the failover? Is it fully automated, or does someone need to push a button at 3 AM?
- What's the network architecture during failover? How do users access applications running in the DRaaS cloud?
Red Flags
- Provider can't demonstrate a successful failover for a customer your size
- No contractual SLA for RTO and RPO
- Failback is described as "we'll work with you" rather than a defined process
- No support for application-consistent replication
- Testing requires advance notice and scheduling
Implementation Best Practices
- Start with a pilot — protect 3-5 non-critical servers first to validate the platform
- Document your runbook — don't rely on the DRaaS provider to know your application dependencies
- Test quarterly — a failover you've never tested is a hope, not a plan
- Plan for failback — the disaster ends when you're back in your primary site, not when you fail over
- Monitor replication — set up alerts for replication lag and failures
The Hybrid Approach
Many enterprises are adopting a hybrid approach: DRaaS for Tier 2 and Tier 3 applications, with traditional DR (or active-active) for Tier 1 applications that require the lowest possible RTO.
This gives you the cost benefits of DRaaS for the majority of your workloads while maintaining the performance and control of traditional DR for your most critical applications.
Bottom Line
DRaaS has matured significantly and is a viable option for most organizations. The key is matching your recovery requirements to the provider's capabilities — and testing, testing, testing.
Want More Data Protection Insights?
Listen to 300+ episodes of the Data Protection Gumbo podcast
Browse Episodes
