SURVEY:

can be another serious concern for many businesses looking at cloud-based DR. While cloud-based and encryption technology has matured, there may still be grey areas when it comes to meeting regulatory standards, such as with healthcare or financial data.

Ultimately, DR is about shifting the uncertain to the certain. We cannot be certain when a disaster event may occur, but we should -- and must -- be certain of the systems and procedures we put in place to recover when they do. To determine whether your business is ready to bring DR to the cloud, you need to consider factors pertaining both to your organization and to your service provider. The viability of implementing recovery-as-a-service in your organization hinges on both business and technology criteria.

On the business side, you should calculate return on investment by contrasting the projected costs of cloud-based DR against the costs of traditional on-site DR (including equipment and staffing) -- as well as against the projected business costs of enduring a catastrophic system failure while having no DR solution in place at all.

As with any DR planning, you should determine your recovery time objective (RTO) within which your core systems must be restored so as not to create a revenue-impacting break in business continuity. You should also identify any system elements which would be negatively affected by potential transactional lag times. Specify what is required to meet compliance with your particular industry's regulatory mandates (such as end-to-end encryption of data in-flight and at-rest, or granular recovery of transactional data).