DRaaS Opens New Opportunities for Managed Services Providers

Cybersecurity experts have noted a sharp increase in ransomware as a service, often outsourced to third parties on behalf of bad actors. It’s a business just like any other, and it has proved to be a lucrative one, which means incidents are likely to escalate. Technologies and techniques for ransomware attacks continue to evolve into more sophisticated operations.

While it’s true that high-profile targets are still sought after — the FBI and the NSA have found that ransomware attacks have been directed at 14 of the 16 critical infrastructure sectors in the U.S. — efforts to thwart these attacks have left cyber-criminals looking for softer targets. Large companies and those in regulated industries are sometimes in a better posture to recover more of their data and infrastructure quicker due to advanced recovery planning. Small to medium-sized businesses (SMBs), however, often haven’t sufficiently planned for potential data loss or service interruptions, which leaves them more vulnerable to ransom.

Managed service providers are in an excellent position to offer their clients services to mitigate the impact of a ransomware attack. One option for MSP disaster recovery includes offering backup as a service (BaaS). Alternatively, disaster recovery as a service (DRaaS) can potentially be a more profitable offering that also positions MSPs as a trusted business partner for clients.

An Important Role for Managed Services Providers

MSPs already have unique knowledge of clients’ IT infrastructures and needs, which makes them ideally placed for the responsibility of providing failover for the client by replicating and hosting physical or virtual servers that can be accessed in the event of a ransomware attack or disaster. Most SMBs lack the resources — hardware, software, and know-how — to replicate data and systems for the purpose of fast recovery. This may make them amenable to turning the responsibility over to their managed services partner, relying on the partner to redirect users from a primary environment to a remote environment, monitor disaster recovery operations according to an established plan metrics, and recovering the data and critical systems necessary to resume business as usual.

There is a unique opportunity for upselling here, increasing the revenue from each client. Most companies would prefer to consolidate their services with a single managed partner that can maintain a holistic view, streamline IT management, and ensure business continuity. This not only provides an opportunity for MSPs to increase revenue and client retention, but also can provide competitive advantage over managed service providers that don’t offer disaster recovery as a service.

Disaster Recovery in a Virtualized Environment

In the disaster recovery process, virtualization provides more flexibility, allowing MSPs to better secure their clients’ applications and data. The replication and hosting of your clients’ virtualized servers by a third party will provide automated failover in the event of a disaster or a breach. The environment can be left in passive mode, consuming fewer resources, until needed in the event of an emergency or for compliance testing.

Smaller companies are unlikely to be operating multiple data centers that will allow them to create an active-active environment. Instead, they’re more likely to be relying on a single data center, which makes building a robust disaster recovery program difficult. When servers are virtualized, they are containerized into virtual machines that operate independent of the underlying hardware. This eliminates the need for the same physical servers at the primary site as at the secondary disaster recovery site.

Virtual disaster recovery will improve the ease, efficiency, and speed of the recovery process. It will make it easier for clients to meet their recovery time objectives (RTOs) and recovery point objectives (RPOs), and virtualized workloads will make DR planning and failover testing faster and easier than with a physical setup, which makes it ideal for smaller businesses with more modest IT budgets.

Essential Factors for Providing High-Level DRaaS

Achieving high-level DRaaS entails having a robust and well-tested disaster recovery plan. This means working with the client to develop a playbook that outlines the data, infrastructure, and services that will be included in the disaster recovery plan.

It is also important to define detailed RPO and RTO minimums to determine backup intervals and recovery targets. Ongoing testing should be scheduled and documented, with outcomes reviewed and the plan modified as needed. By taking these steps, you can ensure that your clients will be able to recover from a disaster with minimal disruption.

Empower your DRaaS Offering with Axcient x360Recover

Axcient’s x360Recover reduces the complexity of implementing a disaster recovery solution for your clients by orchestrating the failover of a group of virtual machines (VMs) from your primary data site into an automated DRaaS site. Axcient AirGap technology separates data deletion requests from deletion mechanics, so your clients’ data is always protected, even after a ransomware attack. Axcient x360Recover removes the complexity and cost of operating an independent disaster recovery site, allowing you to focus on your clients and create opportunities for additional revenue.

Learn more about how MSPs are selling business continuity solutions, and why further cybersecurity education and testing are part of an overarching approach. Download the Axcient State of Layered Security Report.