If I ever had any question that confusion still exists about the benefits and drivers for cloud disaster recovery as a service (DRaaS), the results of a recent survey commissioned by Sungard Availability Services* have settled that. There is clearly confusion \u2013 a lot of confusion. The results of the survey are interesting in that there is little consensus among the responders:\n\n40% said that a faster recovery time objective (RTO) was a great benefit of cloud disaster recovery. BUT 27% said a major downfall was slower recovery times. Well, is DRaaS faster or slower?\n13% of respondents said that a key benefit was increased security. BUT, almost 39% complained that one of the downfalls was decreased security. Which is it \u2026 is cloud disaster recovery more or less secure than more traditional on-premise recovery methods?\n26% indicated that higher performance at a lower cost was a definite benefit. BUT, 14% said cloud disaster recovery was less cost effective. So, is cloud disaster recovery cheaper or more expensive? \n\nNow, these results would be understandable if they were from the \u201cunnamed masses.\u201d However, the survey was very targeted and specific. These responses are from 276 IT professionals: men and women who are technology experts and who live and breathe IT every day. If there is this much ambiguity among IT personnel about cloud disaster recovery, I can only assume that this confusion is even greater among business stakeholders and, in many cases, decision makers.\nHere are some thoughts that can bring clarity to the confusion about each of the above points.\nGet specific about required recovery times Praising cloud disaster recovery as \u201cfast\u201d or complaining that it is \u201cslow\u201d is not meaningful. What does \u201cfast\u201d look like? What is \u201cslow\u201d in comparison to? The truth is, Recovery Time Objectives (RTOs) for recovery to the cloud can vary significantly depending on the underlying data protection methodology, recovery technology, application complexity, and amount of data.\nGiven these variables, you need to make cloud recovery choices based on what you need:\n\nWhat are your business tiers?\nWhich applications are business critical so that you need to bring them up as quickly as possible?\nWhich applications are less critical and can therefore take a longer time to restore?\n\nOnce you have established your desired RTOs by application, you are equipped to discuss with prospective cloud providers whether they can meet your requirements and provide the appropriate solution for your recovery needs. With a cloud provider who can deliver what you want, questions of \u201cfast\u201d or \u201cslow\u201d disappear: recovery happens right on time. Understand the shared nature of security responsibilities Security is another aspect to DRaaS that is not all-or-nothing. The key question to address is how much of the security function will be managed by your provider and how much you are retaining responsibility for. For example, say that you have a failover. Once your recovered environment is handed over to you, do you have the responsibility to recovery your antivirus software and data loss prevention systems, or is application and data security handled by your cloud recovery provider?\nWhen you evaluate your cloud DR service provider, some of the criteria to consider include:\n\nSecurity and compliance controls at the infrastructure and network access level\nControls to ensure that one customer cannot access information from other customers in shared, multi-tenant environments\nEncryption of both data in motion and data at rest\nAuthenticated access and auditing of access\nCompliance with regulations such as PCI and HIPAA\n\nClearly delineating responsibilities and ownership of security functions is critical; otherwise, you may be exposed and not even realize it.\nRecognize that there is an inverse relationship between cost and risk Last, but not least, how do costs factor into your decisions? From a recovery perspective, ideally, there would be no variance in what you want, what you need, and what you can afford. The reality, though, is that you are often faced with shrinking budgets and increasing demands from your business stakeholders. That\u2019s why it is crucial to understand your business application recovery tiers based on the impact of downtime to your business. You can then work with a cloud recovery provider to determine the optimum solution with the right technologies and products for your various tiers.\nFor example, for mission-critical tiers such as online transactional systems that support your customers, you will need near-zero recovery times \u2013 and the associated high price point will be justified by the cost of downtime. However, for less critical applications, your recovery solution might include leveraging a shared infrastructure and recovery times measured in terms of days, not hours \u2026 all of which come in at a lower price point.\nThere is a trade-off between the level of risk you want to take and the investment you want to make in the various parts of your recovery program. Ideally, you want a DRaaS provider who can offer a comprehensive solution with multiple recovery options that can be tailored to fit your budget.\nClarity in the cloudAt the end of the day, the most important aspect of disaster recovery is whether your business applications are functional and your end user and consumer needs can be met. If you are considering cloud disaster recovery but have felt unsure about whether or how to proceed, I encourage you to spend time identifying the specific questions for which you need answers. Once you have those answers, you will find light cutting through the fog \u2026 and achieve clarity in the cloud.\n*The survey, commissioned by Sungard Availability Services, was conducted by SurveyMonkey Audience. The survey reached 276 IT professionals and was completed in December 2014.