Ultimately, DR is about shifting the uncertain to the certain. We cannot be certain when a disaster event may occur, but we should -- and must -- be certain of the systems and procedures we put in place to recover when they do. To determine whether your business is ready to bring DR to the cloud, you need to consider factors pertaining both to your organization and to your service provider. The viability of implementing recovery-as-a-service in your organization hinges on both business and technology criteria.
On the business side, you should calculate return on investment by contrasting the projected costs of cloud-based DR against the costs of traditional on-site DR (including equipment and staffing) -- as well as against the projected business costs of enduring a catastrophic system failure while having no DR solution in place at all.
As with any DR planning, you should determine your recovery time objective (RTO) within which your core systems must be restored so as not to create a revenue-impacting break in business continuity. You should also identify any system elements which would be negatively affected by potential transactional lag times. Specify what is required to meet compliance with your particular industry's regulatory mandates (such as end-to-end encryption of data in-flight and at-rest, or granular recovery of transactional data).
You will also want to consider what options you need to meet the specific recovery needs of your business. Potential data recovery capabilities your organization might require include file-based backup, multi-platform device and OS support, and archiving. Potential system recovery capabilities might include block-based backups, and being able to rapidly restart applications in the cloud with a subsequent phased recovery on-premise.
On the cloud service provider side, you need to verify that the service level agreement (SLA) meets your defined business requirements, particularly in the areas of reliability, performance and compliance. Closely examine the fine print on costs associated with scaling up capacity or bandwidth.
Be sure you are willing to house your data on your provider's cloud. Confirm your provider's cloud data center security and availability features, such as AES 256-bit encryption for data-in-flight, uninterruptible power (UPS) and seismic rating, as well as physical security measures such as biometric identification and motion-sensitive CCTV monitoring.