Should you use open source for enterprise disaster recovery?
With research and planning, businesses can benefit from using open source software for enterprise DR. But IT teams must be mindful of hidden costs and data protection capabilities.
Preparing for and developing disaster recovery plans is time-consuming and resource-intensive. Open source software can be a good option in the right circumstances.
Open source software has source code that is made available to users and developers to work with as they want, with minimal to no penalties. Open source developers typically offer their products for free -- or a nominal fee with a license -- seek collaboration among users and make their products available to the general public.
In terms of disaster recovery, open source software can address several important aspects of a DR strategy. It can help with the recovery, retrieval and restoration of systems and data, as well as aid in the creation of DR plan documents.
Should you use open source for enterprise disaster recovery? The answer to that will largely depend on the size of the organization. Large enterprises with multiple operating units and physical locations often need powerful DR technology to support the many different disruption scenarios that they might face. They might use open source for specific functions, such as backup and recovery of specific applications or user data, but not as a major element of the DR plan.
For the purposes of this article, small and medium-sized businesses are considered more likely candidates for the use of open source disaster recovery products.
In addition to company size, there are several other factors to consider before using open source software for disaster recovery. Available features, security risks and even potential hidden costs are angles DR and IT teams must look at before deciding if open source is the right option.
How does open source software aid DR?
Prospective users must perform the necessary due diligence and try out demonstration systems before committing to open source software. Perhaps the most important DR activity is data backup and recovery, and most open source products offer that as a primary capability. Add to that access controls that prevent unauthorized access to systems and data, and the two features can be found in most products.
Adequate data protection is critical to disaster recovery. The three attributes for data protection that IT teams must consider are confidentiality, integrity and availability. The first ensures that the information is blocked from access by unauthorized users; the second ensures that the data content is not changed or altered without authorization; and the third protects data so that it is available to those who have authorized access.
Assuming the product supports the above criteria, data protection concerns can be effectively addressed with open source software.
The emergence of open source tools to help create systems using AI and machine learning is also gaining traction. As part of the process, developers start with an open source platform and then train the system to suit their requirements. Organizations looking to incorporate AI and machine learning into DR processes might consider using open source for this purpose.
What to look for in an open source product
Organizations must define user requirements before researching potential open source options. Ideally, tools that provide encryption of data at rest and when data is in motion provide the best security. Many available tools offer encryption; be sure to check whether this applies to data at rest and data in motion.
Organizations must define user requirements before researching potential open source options.
Assuming security criteria are met, pricing, additional features, service and support, and access to technical assistance become the deciding factors. A community of users is also an important factor, as it means the software has a strong base of expertise and support.
Open source software helps keep the costs for business continuity and disaster recovery planning and development under control for smaller organizations, but if cost is a major factor, be sure to do research. Check carefully with open source companies to confirm just how "free" their products are. For example, open source products that address DR issues for containerized applications, such as those that use Kubernetes, might require a fee in addition to a license that specifies how much the purchaser can do with the software.
Paul Kirvan is an independent consultant, IT auditor, technical writer, editor and educator. He has more than 25 years of experience in business continuity, disaster recovery, security, enterprise risk management, telecom and IT auditing.
Dig Deeper on Disaster recovery planning and management
