Disaster Recovery as a Service (DRaaS) Can Help SMBs

Disaster Recovery

With so many natural disasters occurring around the United States and the world, small-to-medium-size businesses (SMBs) have been hit hard as they try to keep their operations running with all types of challenges. These challenges can include being displaced from headquarters, continuing operations with smaller staffs, and operating with limited equipment or no equipment since entire offices were destroyed.

In addition to natural disasters, man-made disasters affect SMBs. These disasters can also leave havoc in their wake. They are numerous and include attacks by hackers, viruses, Trojans, or any form of data breach that completely disables a company’s ability to conduct business. To add insult to injury, most SMBs don’t have enough trained personnel to address the data breach and return the business to full operating capacity with little down time and even more important, no negative impact on the business data. Hardware failure and software failure round out the list.

John Mason of IBM Midmarket Business recently wrote about natural disasters: “Disasters can wipe out an ill-prepared small business in seconds, according to the Small Business Administration. Hurricane Sandy caused tens of billions of dollars of property damage – damaging and destroying over 460,000 small businesses in New York and New Jersey…For SMBs, any extended loss of productivity can result in reduced cash flow through late invoicing and fulfillment, and lost orders…it’s critical that an SMB be able to recover quickly after a disaster of any type. With rapid recovery in mind, how can small business owners prepare for and mitigate damage caused by a natural disaster?” (1)

Naturally, this is where technology enters the picture. Some might recommend the use of disk back-up, while others might recommend cloud backup. But something called DRaaS may be the best option.

As defined by Whatis.com, Disaster Recovery as a Service (DRaaS) “is a pre-determined set of processes offered by a third-party vendor to help a business develop and implement a disaster recovery plan (DRP)…A typical business may spend 25% of its IT (information technology) budget on disaster recovery. DRaaS offers at least two substantial advantages over in-house DRPs. If a business lacks disaster recovery expertise among its personnel, a third-party team of DRP specialists can provision, configure, and test an effective plan. In the event of an actual disaster, an offsite vendor will be less likely than the business to suffer the direct and immediate effects of the disaster, allowing the outside entity to manage the DRP even in the event of the worst-case scenario: a total or near-total shutdown of the affected business.” (2)

As with any other new technology, DRaaS has growing pains. While I’m not a believer in using new technologies the moment they first appear or changing technologies before all the kinks are worked out, DRaaS is worth considering by SMBs with limited IT budgets and personnel.

One of the main benefits of some of DRaaS vendors is their ability to conduct disaster recovery testing. Most businesses – both large and small – don’t have a disaster recovery plan. Even more problematic, for many SMBs, disaster recovery planning is not a priority. So if a disaster recovery plan does exist, it becomes forgotten and outdated. So when disaster strikes, the disaster recovery team is no longer prepared to act. Some members of the team may no longer be with the company, some may move to different offices – but bottom line, the team that was part of the disaster recovery planning team when the document was created are no longer part of the action team.

Consider these three steps when evaluating DRaaS vendors:

[1] Make sure that the vendor is in compliance with any rules or standards that your SMB must follow, such as, HIPAA, Sarbanes-Oxley, PCI-DSS, etc. If your SMB must follow any of these guidelines, be sure that the contract states that your data can only be stored in facilities that prove they can adhere to those specific compliance regulations.

[2] Determine what forms of protection are provided by the data center. For example, does it have adequate backup generators, fire prevention systems, and manpower to handle internal emergencies? Also, what protections are in place for both physical and online breaches? With the rapid growth of DRaaS companies, some offer other services, such as, backup services only – so they may not yet have the infrastructure required to protect your data properly.

[3] Be realistic about your needs. Since cost is the biggest factor, what can you realistically afford? Can you afford a company that handles all aspects of disaster recovery or just your data? The two most important questions your leadership team must ask are: How much is your data worth (money), and how long can you afford to be out of business (money and time)?

Finally, ALWAYS request references – and preferably from clients of a vendor who have gone through a disaster and are back in business. Why? The process of entrusting your data to a DRaaS provider while your business is healthy and in the process of protecting data is one thing. But the process of getting operations back up and running – with data, personnel, and equipment intact and in a timely manner – is something else altogether.


Sources for this post:

(1) Thanks to John Mason (@jcmason) for his inspiration for this post. His original article, “When Natural Disasters Strike Small Businesses,” can be found here:


(2) TechTarget’s WhatIs.com Technology Dictionary:


Image Credit: Stuart Miles via FreeDigitalPhotos.net.


This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. I’ve been compensated to contribute to this program, but the opinions expressed in this post are my own and don’t necessarily represent IBM’s positions, strategies or opinions.

wordpress blog stats

About Allan Pratt

Technology and cybersecurity professional with focus on tech news, cybersecurity, networking, infrastructure, data protection, consumer electronics, and social media.
This entry was posted in Business Process, Data Security, Disaster Recovery, Management and Technology, Network Security. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s