The scary-but-true fact is that many SaaS vendors do not have a true disaster recovery plan. Many software companies operate in a single facility and assume that the cost of creating a new or standby environment is too expensive. However, as SaaS vendors mature, disaster recovery plans are a must-have.
Luckily, the cloud enables software companies to have a fully enabled disaster recovery site. For example, vendors can now host half of their companies in one cloud location, half in another and move both loads back and forth in case of disaster. This creates a worst-case scenario of needing to recover 50 percent of customer data at any one time. Additionally, data replication technologies are generally available and have been proven to reduce recovery times between geographically dispersed facilities in the unfortunate event of a disaster.
Business Continuity: It’s about People, Process and Technology
But disaster recovery is more than just the technology put in place to solve all your problems. As a SaaS vendor, you also need to think through and encompass your business areas as well. Have you geographically disbursed your sales, marketing, product development, finance and operations divisions inside your company? You should. In the event of a regional disaster, you should have a subset of employees in other regions who can pick up and run the business. In the disaster region, there will be many challenges for your employees who are dealing with the disaster, and it is imperative that others are available to take on more responsibility during this trying time.
Just as you build out a disaster recovery plan for your customers to keep them in business, also think about the SaaS applications or legacy on-premise applications that you use to run your business. Do they have disaster recovery plans in place to keep you up and running? Can your finance team still invoice and collect funds? Can your sales team contact customers?
Next, do you have a defined set of processes in place? Are your processes checked and verified at least twice a year? Simple process example: Do you have a call-tree established to communicate with your employees? Who notifies whom? What do they say or what should they say? Who should they call and notify? What if the phones don’t work? Where should people meet? As you can see, while this is a simple process, it still has many moving parts.
I would like to leave you with this: A disaster recovery plan is about people, process and technology. It is just a plan and you cannot plan for every type of disaster. Decide what risks you can or should mitigate. Train your employees, practice your plans. It will never be perfect. I speak from direct experience here … It’s not the plan, but how you respond!
Larry Steele is technical vice president, software-as-a-service, at Savvis, a leading provider of infrastructure services purpose-built for SaaS.