Defining Business Continuity and Disaster Recovery
Resiliency Responsibility in AWS
Let’s discuss how business continuity is different than disaster recovery? Business continuity is the strategy that you put into place to continue operations during a time of inefficiency or crisis. For example, in AWS, Availability Zones would be critical to business continuity. Disaster recovery is an element of business continuity that focuses on the procedures you have implemented to restore and recover from disasters. AWS describes disaster recovery as a subset of a Business Continuity Plan and not standalone documentation. In AWS, RDS and your backups are critical to disaster recovery.
Under the Shared Responsibility Model, resiliency is a shared responsibility between the customer and AWS. AWS explains, “AWS is responsible for resiliency of the infrastructure that runs all of the services offered in the AWS Cloud. This infrastructure comprises the hardware, software, networking, and facilities that run AWS Cloud services.” You, as the customer, still have a fair share of responsibility for resiliency in the cloud. You must take control of your policies, procedures, and plans as they relate to business continuity and disaster recovery. The AWS services that you use will also impact your resiliency responsibilities. Don’t make the mistake of thinking that AWS takes care of everything related to configurations, backups, availability, and versioning.
To learn more about resiliency in and of the cloud, visit the AWS documentation on recovery in the cloud.
Many times during an audit with a client who has their environment in AWS, we will ask questions about business continuity or disaster recovery and there are a couple of common misunderstandings about this. Number one, people think that business continuity and disaster recovery are the same thing. They are not. The second misunderstanding is that, “All of our stuff is in the cloud and Amazon takes care of the backup and availability of our environment so there’s nothing for us to do since we’re we have moved this to the cloud we’re no longer responsible” – that’s not true either. I want to address these two things.
First of all, how is business continuity different form disaster recovery? Business continuity is all about continuing operations during a period of inefficiency or during a crisis. How do you continue your operations when those things are happening? If you are utilizing the Availability Zones within AWS, that is one strategy to improve your level of availability. You are able to continue if one Availability Zone is having an issue. You have put the proper replication in place in order to continue operations due to the multi-Availability Zone that you have employed. That is business continuity because you have put a strategy in place in order to continue your operations during those types of incidents. Disaster recovery can be an element of business continuity because you need to have disaster recovery procedures in order to address disasters when they are happening. If you are having outages, hacker incidents, environmental incidents, employee availability issues, you have to have those procedures to recover from that disaster. It certainly feeds into business continuity, but disaster recovery is its own entity in the sense that you have to have your methods for recovering and that is not availability or business continuity, that is restoration and recovery from the disaster. This will involve things like backup. Ensure you have a solid data backup strategy so that these things are available when you need them so that you can use it to continue operations. I hope you can see the difference between these two concepts.
Finally, these are capabilities that you can implement within AWS because of the services and capabilities that they provide. You are responsible for backup and versioning. You are responsible for your replication strategy. AWS is providing you with the infrastructure and infrastructure maintenance needed to support Availability Zones. However, there certainly have been outages with AWS and there certainly has been a loss in some situations by AWS users. Taking control of your data and your strategy for recovering and continuing operations is squarely on your shoulders and should be taken seriously.