Software as a service, Platform as a service, Infrastructure as a service… might as well list Accounting as a service, HR as a service, Security as a service, Programming & Development as a service, Service as a service (actually that last isn’t a joke, as Customer Support has been offshored for many organizations now)… can every business process be outsourced or commoditized? I don’t know but I know that I haven’t seen much new – or old – in the service economy that compelled me to conclude that the benefits outweighed the hazards of paying outside sources for everything. But there may be a category now that makes more sense than many: Disaster Recovery as a Service.
Cloud providers can give you a rented virtual (and often the additional choice of rented physical) infrastructure. You can rent online storage for backups. You can dispense with information technology staffing by hiring server admin companies on an as-needed basis (I don’t recommend that but it’s a widespread practice). You can hire security experts as needed, hopefully before they’re needed. But what if there was a way to combine solutions for many of these needs into one strategy? As I understand it, Disaster Recovery as a Service uses a massive backup as a fix for not just hardware failure or power loss, but for many things this side of ddos mitigation (or other problems outside your network). One particular company with a booth I saw at a recent security conference appeared to work like Carbonite backup, except for your whole network inventory. All nodes (desktops, laptops, workstations, servers) plus all network devices like routers and switches are “cloned” at the provider’s data center. This idea stores not just data backups but whole operating system builds, with users, desktop environments, configurations, applications and stray documents. And in the network devices, all the addresses, routings, rules, configs and system versions are included. These are (in this particular company’s instance) not just snapshots restricted to one point in time, but constantly updated “clones” of All The Things.
A “Carbonite for your whole shop” approach would, as described here, seem to rely on lots of bandwidth to do all the constant updating (plus think cost for that in addition to network capability matters). Also, the securing of the connection to the provider location or cloud introduces an issue. The defense stance of the provider data center itself would constitute another. After all, grabbing backups has already proven profitable to criminals worldwide, who didn’t have to frontally attack a victim’s main arrangements. But there’s also promise in the approach. When your hardware and connectivity become ready after an event, you could come back from fire, flood, tornado, hurricane, earthquake, physical strikes like an eighteen-wheeler smashing through your office wall, node breakages induced by Windows Update, System Update or the like, worm damage, maliciously encrypted data blackmail and most problems related to geographical location (sinkholes?).
I can see potential challenges here with cost, security and network capacity. But if these can be handled then DRaaS is a new approach that could overtake legacy methods of the old offsite backup, reliable as it is. I’ll be watching the market for this product class with great interest.
