What are the main challenges associated with DRaaS SLAs, and how should cloud providers approach them?
The terms for a Disaster Recovery as a Service (DRaaS) service-level agreement (SLA) need to be carefully reviewed and negotiated upfront by the cloud provider and customer, followed by the customer paying for the appropriate SLA required. It is a good idea to discuss a potential SLA with all the stakeholders in the business, along with a lawyer specializing in IT SLAs in order to ensure that all areas and challenges are addressed properly. The time spent preparing an SLA is well worthwhile and will greatly reduce future problems, frustration and dissatisfaction.
A well-thought-out SLA should address a number of challenges associated with information transfer to and from the cloud. It should also touch upon mobility, availability, business continuity, scalability and elasticity. In addition, in regards to physical location information, it's important for providers to disclose in an SLA where the data will be stored. The reason for this is that cloud providers may federate with other providers to provide elasticity, and this could result in noncompliance or a privacy breach, making it all the more important to have full disclosure.
Being up front about data validation and ensuring data integrity in the cloud at all times is also key. Customers also value immediate verification of backup, replicated data and disaster recovery (DR), along with a solid guarantee of information recovery and business continuity.
Replicas of all protected systems should be frequently updated by incremental backups or snapshots. These should be scheduled by the user for each system according to recovery point objectives. In regards to these snapshots, customers must be able to monitor who will be granted access to them for security reasons. Similarly, it's critical for security reasons to set a standard for when snapshots are allowed, where they are stored and for how long they are stored by the provider's system administrators.
It's also important for SLAs to include full site, system, disk and file recovery services that are completely user-driven, self-service portals to allow the user the flexibility of choice as to what system or file disk they want to recover. The ability to converge backup and replication silos into one homogeneous system that supports both disk and tape is also a differentiator. Backup is all about recovery, and customers won't compromise in that area when choosing a cloud service for backup and DR.
Security is another differentiating factor. Security policies that are consistent with the security policies of a customer's organization are ideal. One way to accomplish this is by making sure temporary files and data are deleted upon completion of the task being performed. This strategy, along with the aforementioned snapshot security measures, will minimize data leakage and theft. Put procedures in place for preventing security breaches and unauthorized data access, including careful storage of encryption keys and certifications. In addition, if there is a security, compliance or privacy breach, there should be prompt notification and communication of the situation to the customer.
An effective SLA should also address the anticipated restoration time should there be a disaster. A reasonable response time in which files and system disks should be restored is within 30 minutes. Be sure to conduct both scheduled and unscheduled DR rehearsals and tests that demonstrate to customers the viability of your DR plan to ensure that it can be carried out as planned.
This was first published in April 2013