Why cloud computing must be included in disaster recovery planning

It is now official. 2010, according to the United Nations, was one of the deadliest years for natural disasters experienced over the past two decades.

Statistics are both shocking and heartbreaking in equal measure. Some 373 natural disasters claimed the lives of more than 296,800 people last year, affecting nearly 208 million people at an estimated cost of nearly $110 billion. To put this in perspective the loss of life equates to losing the entire population of a UK city the size of Nottingham or Leicester.

The research was compiled by the Centre for Research on the Epidemiology of Disasters (CRED) of the Université catholique de Louvain in Belgium, and supported by the UN International Strategy for Disaster Reduction (UNISDR).Unfortunately according to the same report, the disasters that befell 2010 may just be the start of an unwelcome trend. Indeed the U.N. assistant secretary-general for disaster risk reduction, Margareta Wahlström, stated that last year’s figures may simply be viewed as benign in years to come.

“Unless we act now, we will see more and more disasters due to unplanned urbanization and environmental degradation. And weather-related disasters are sure to rise in the future, due to factors that include climate change.”

Ms. Wahlström then moves on to state: “that disaster risk reduction was no longer optional.” “What we call ‘disaster risk reduction’ – and what some are calling ‘risk mitigation’ or ‘risk management’ – is a strategic and technical tool for helping national and local governments to fulfil their responsibilities to citizens.”

As if we needed further reminding of the impact that natural disasters can have on communities, at the same time as Ms.Wahlström was spearheading the UN’s media activities, the Royal Australian College of General Practitioners (RACGP) was issuing guidance to help GP’s overcome the challenge of restoring Information Technology functionality after the recent Queensland floods.

Professor Claire Jackson, RACGP President and GP in Brisbane, stated: “This will be a time that will test the disaster recovery and business continuity planning of many general practices. The RACGP’s IT disaster recovery flowchart and fact sheet will provide guidance with the often technically difficult challenges of restoring IT systems and procedures to their full functionality.”

It is a sad fact of life that once the world’s media turns its cameras towards the next news story, we soon forget about the impact that a disaster has had on a particular community, and for some perverse reason, no matter how graphic the images or how sad the stories, we move on, safe in the knowledge that ‘it can’t happen to us.’And whilst for a whole host of geographic or socio economic reasons, the majority of us will never thankfully, experience the pain and devastation that a large scale natural disaster can bring, everyone of us can, and will, suffer some type of ‘personal disaster’ for which we could have taken some basic precautionary measures thus negating their effects.

As the world, and its citizens, is ever reliant on technology to function on a day to day basis, it is of little surprise that IT is viewed as both a key enabler of risk management and a key threat. We can assume that all of the Queensland GP’s patients’ medical records were stored electronically to improve both service and process delivery, and can only hope that they were not stored in a single data centre location that has now been washed away.

How many times have you heard people complain that they are ‘suffering the day from hell’ as their laptop has been stolen/lost/damaged and they’ve lost all their work/photos/contacts (delete as appropriate)?, and for some bizarre reason, we are supposed to empathise with them. Much in the same way that folks without basic desktop protection are filled with indignation that someone with a dubious moral compass has dared plant a Trojan on their PC or attempted to steal their bank account details.

In the recent past, two of the reasons oft quoted by business and consumers for not to taking disaster recovery too seriously, has been cost and complexity. And who could argue with the business logic? Purchasing and maintaining a full set of servers to mirror an existing infrastructure could be viewed as an expensive overhead, particularly if considered simply an ‘insurance policy’ that will in all probability never be ‘claimed.’ Many an IT department’s justifiable claims for additional DR Capex have fallen on ‘deaf ears’ over the years – usually dismissed out of hand as ‘expense for expense’ sake.

Likewise consumers have probably been baffled by the thought of regularly archiving and backing up their treasured holiday snaps. Where too and how?

As stated earlier, technology does have a major role to play in disaster recovery.

Cloud computing is now being considered as a genuine viable disaster recovery/business continuity solution at all levels and for all markets. According to the Cloud Convergence Council, cloud service providers are currently reporting that one in four end-users are asking for cloud-based disaster recovery and backup services.

The reason is simple. As mentioned previously, you don’t need DR services until something goes wrong – making them a cost centre, not a profit center. Moving disaster recovery into the cloud can deliver greater efficiency, security, scalability, and much desired cost savings.

There can be no doubt that the ability to store, back up and archive data to an offsite third party, via the cloud, is compelling but as with anything ‘risk’ related there are several considerations to make before deciding upon a solution.

You will need to consider whether you want your data to be held within a physical geographical boundary. If you do, you will need to ensure that you contract with a cloud provider who can guarantee that their data centre is within your desired territory. You will also need to know how and where your data is stored, once it is in your provider’s cloud. Will it be stored within one physical location, thereby increasing the risk of a single point of failure, or will it be distributed across nodes in more than one data centre? You may be happy that the providers ‘resilience’ simply involves separate racks in separate data halls, in which case you will need to be convinced that their site is served with diverse power supplies, and is free from potential natural hazards etc.

On the other hand you may feel that this level of cloud service equates to ‘all eggs in one basket’ approach, in which case you might opt for a cloud supplier with multiple data centres offering multiple resilience options across the DC estate. This will be in all likelihood a more expensive option but one which less ‘risky.’

This leads us to the question of cost. Many cloud services are charged on a per MB, GB or TB usage basis, which can make predictable budgeting a challenge. One blue chip company that recently considered moving to cloud for data replication estimated that it would cost them, over a period of three years, $55,000 more when compared with running a comparable in house system that would regularly and automatically fail over as required, due to the variable nature of the cloud provider’s billing.

Once again, you should seek to find a cloud provider that can provide some element of inclusive fixed pricing/packaging or will provide you with an agreed fixed tiered pricing model.

Finally, and most importantly, seek a provider that offers cast iron service level agreements for cloud. If their marketing blurb states that they can have you ‘fully restored and running’ within an hour, determine exactly what, contractually, ‘fully restored and running’ means and a definition of an ‘hour’ might also be useful.

As with any form of insurance policy, the more ticks you place in the boxes – the greater the degree of protection – the higher the premium. You should not expect a full cloud ‘belt and braces’ DR solution to be cheap. Total peace of mind does cost.

No one has yet stated that the cloud will solve every disaster recovery/business continuity issue, but it should certainly be considered as a workable solution to an age old problem.

It would however appear to be somewhat ironic that we are turning to a meteorologically named technological DR solution in a week when we are being advised to plan better as “weather-related disasters are sure to rise in the future.”

Phil Worms is the director of corporate communications for iomart Group, one of Europe’s largest providers of managed hosting, cloud computing and business continuity services. Having spent 25 years working in the IT industry he is recognised as one of its brightest thinkers. He regularly contributes internet and "new media" related features for trade publications and national newspapers and is a Fellow of the Royal Society of Arts. He is an advocate of social media using it for both business and charitable causes. Phil has sat on several national advisory committees ranging from the provision of broadband access to online safety initiatives. He is now heavily involved in the debate surrounding the greening of IT with energy efficiency and carbon emission reduction a particular topic of interest. In his spare time Phil is dedicated to raising money in an attempt to bring a new arts and music centre to his hometown of Helensburgh. It is this venture that has given him his finest moment – being mentioned on David Bowie’s official website when he organised a mass community recording of the classic song Heroes!