The Opportunity Partners can help businesses source and implement complex DR components such as immutable backups, seamless failover, ransomware protection and disaster recovery as a service (DRaaS). This process starts with determining the amount of coverage that businesses require across their environments. Before investing in DR, companies must calculate their total cost of downtime per hour for specific systems and what they can realistically afford. Ultimately, each business is unique. For some organizations, protecting a critical system or database from a ransomware infection might take priority over seamless failover and connectivity. Zscaler notes the U.S. is currently the top target for ransomware, accounting for almost 50 percent of all attacks. Of note, Zscaler uncovered a recordbreaking ransom payment of $75 million in 2024, which was nearly double the highest publicly known payout – a reminder that ransomware is still very much alive and well. For businesses that can’t afford any prolonged downtime or data loss, C3 Complete CEO Rick Mancinelli recommends setting up a “hot standby” – or a ready-to replica of the business environment. “Hot standbys are typically divided between ‘reserved instances’ or ‘best effort’,” said Mancinelli. “Reserved instances deliver the same level of high performance you rely on in normal times, while best effort offers a more affordable, but more sluggish, temporary fix. If you’re a private equity firm, a best effort approach is probably fine; for a medical telemetry provider, a reserved instance is likely essential.” Oftentimes, companies will have the necessary components for DR, such as geographically distributed data centers, clean rooms for forensic analysis and recovery and immutable storage vaults, which protect data from modification. However, they may not have the infrastructure or processes to quickly move data and prioritize tasks during a disaster. This can contribute to a false sense of security and costly recovery delays. “DR needs to be carefully choreographed in advance of an outage or attack,” added C3 vice president of information security Jonathan Cox. “Disasters are often chaotic experiences, involving both internal and external stakeholders. When the pressure is on and the business is losing data and money by the minute, it’s important to have a solid recovery framework in place to reduce panic and confusion.” Partners can add additional value by helping clients develop run books, or recovery instruction manuals that teams can use during unplanned disasters. RTO vs. RPO When forming a DR strategy, there are two important metrics to understand and discuss with customers: RTO and RPO. Recovery time objective (RTO) is the maximum time a business process or application can be down following a disruption. Recovery point objective (RPO) is the amount of data loss a business can realistically tolerate in a disaster. According to AWS, “RTO and RPO for each application depend on many factors (such as service level agreements (SLA) and external compliance requirements), but there are some common standards. Common figures for mission-critical applications (tier1 applications) include an RTO of 15 minutes and a near-zero RPO. For important applications that are not mission critical (tier-2 applications), the RTO is typically four hours and the RPO is two hours. For all other applications (tier-3 applications), a typical RTO is 8 to 24 hours and RPO is four hours.” Shifting from Cost to Profit Purchasing DR is like buying insurance, meaning it’s almost always a sunk cost. Conveying it as such can potentially lead to pushback from business leaders who are more concerned about driving ROI than protecting their organization. As such, partners are encouraged to shift their thinking when approaching customers about disaster recovery – and risk management in general – and DR conversation starters • How many offsite backups does your company maintain? • What would happen if your core systems go down? Do you have a recovery plan? • How far back do you need to go when restoring your systems? • When was the last time you tested your recovery plan? What were the results? • Do you have immutable backups in place with regular testing? • Do you currently have ransomware protection? Small business owners Mid-market business owners Source: CBRE 1.2% 0.5% 14.5% 18.6% 12.6% -3.2% -4.0% -4.4% -1.9% -6.1% -0.4% 2013 2014 2015 2016 2017 2018 2019 2020 2021 2013 2023 2024 100 120 140 160 180 200 Risk Management Programs and Policies Source: Nationwide Source: AWS 71% 83% 69% 55% 67% 79% 60% 60% 52% 62% 45% 50% 34% 25% 28% 22% Have a budget for employee safety? (Shown: % Selected “Yes”) Does your business... Have a disaster preparedness plan in place? Have a business continuity plan in place? Have a fall protection program in place? Have a return-to-work program? Have a fleet safety program in place? Work with a third-party safety consultant? Have a telematics program in place? Recovery Point (RPO) How much data can you afford to recreate or lose? How quickly must you recover? What is the cost of downtime? Recovery Time (RTO) Downtime Data Loss Disaster 31% 30% Secure Service Edge (SSE) Secure Web Gateway (SWG) Source: Xalient Attacks against edge device vuln Source: ConnectWise 1/15/24 2/15/24 3/15/24 4/15/ 8000 7000 6000 5000 4000 3000 2000 1000 0 Alerts Fired Low Average High Avg % Change EDGE TO CLOUD 38 CHANNELVISION | MARCH - APRIL 2025
RkJQdWJsaXNoZXIy NTg4Njc=