If you already have Backup as a Service (BaaS), do you need Disaster Recovery as a Service (DRaaS) and vice versa? What’s the difference between the two? Is one better than the other?

In this blog, we clear up any confusion between BaaS and DRaaS by defining what each solution is, compare and contrast their differences, and help you determine which solution might best fit your business.

Defining BaaS and DRaaS

You’ve likely experienced personal data loss at some point, losing photo memories to a water-logged camera or an important digital document to an ill-timed power surge. But for businesses, the sting of loss can be even worse.

Data loss can halt business operations and tarnish your brand reputation, crushing revenue and could even cost enough that a business must shut down. BaaS and DRaaS seek to minimize or eliminate those losses.

Businessman shows the words "data backup" written on red block in front of blocks lined up like dominoes and a hand stopping them from falling with icons showing types of data as a concept for backup as a service (BaaS)

Backup as a Service (BaaS): A third-party service provider backs up business data to an off-site storage system. Instead of handling backup on-premises with an IT department, maintenance and management are offloaded to the provider.

Like you might use DropBox or Google Drive, BaaS keeps files safe in the event your computers crash, an employee unwittingly formats a hard drive, or a construction crew accidentally severs your fiber optic cable. You decide what’s backed up, from applications to databases and more.

If your PC goes out and you have BaaS, you can simply get a new PC, relieved knowing your files are safely backed up with no data loss. Your provider will restore your backed-up data, but if any of your infrastructure is down, your business will be responsible for restoring it, which requires time, resources, and expertise.

Hand writing in marker the words "Disaster Recovery Plan" with the first letter of each circled in yellow, orange, and red respectively as a concept for disaster recovery as a service (DRaaS)

Disaster Recovery as a Service (DRaaS): A third-party service provider hosts and continually replicates your servers to enable failover in the event of a natural or man-made catastrophe. This means both data and infrastructure are protected.

Any time there are file changes, DRaaS replicates those changes to a different location geographically. If you experience downtime, it won’t be for long because your provider will handle getting all your apps, files and systems right back up and running. You can utilize the DRaaS failover to continue business operations as normal until you can restore your on-premises environment to normal.

This ensures excellent business continuity and disaster recovery (BC/DR). Major disasters like hurricanes, fire, and the growing threat of ransomware don’t stand a chance against DRaaS, and the burden of recovery is placed on your provider so you and your team can get back to work without breaking a sweat.

Hand holding an open red umbrella which protects from a collision with a broken wrecking ball as a concept for data protection, disaster recovery, or backup as a service

Key Differences Between BaaS and DRaaS

1. Who’s Responsible for What?

With BaaS, only data is backed up, so if your infrastructure is out of order, then you are completely responsible for its redeployment.

With DRaaS, your data and infrastructure are backed up. Your provider takes care of deploying servers so your business doesn’t have to manage a thing.

2. BC/DR Capability

RPO (Recovery Point Objective), which is the point in time you recover to in the past, and RTO (Recovery Time Objective), which is the time in the future you will be up again, are parameters for a BC/DR solution.

With BaaS, effective BC/DR is difficult to achieve. While you have the data recovered, it could take a long time to get your infrastructure back up and running. Your RPO and RTO will be slower, measured in hours or even days.

With DRaaS, RPO is measured in seconds and RTO in minutes so you can recover with lightning speed. It’s a top-notch BC/DR solution, able to get your business back up and running in the face of floods, ransomware, and even spilled coffee. DRaaS can handle any worst-case scenario.

3. Cost

With BaaS, the cost is generally cheaper upfront because the provider is only maintaining the storage. However, you may pay later if you aren’t prepared with a disaster recovery plan.

With DRaaS, you will pay more upfront because the provider is handling the infrastructure as well, but with the promise that you are protected from potentially greater losses caused by downtime later on.

Check list and marker making yellow checks on it as a concept for comparison of features

How Do You Know What’s Best for Your Business?

There’s no universal “right answer” for which strategy is better when it comes to BaaS vs. DRaaS. Instead, the answer depends on which solution will best fit your unique business needs.

BaaS is a good fit for your business if:

  • Your business can survive potentially long stretches of downtime with only your data restored, from a few hours to a few days or weeks
  • The cost of downtime for your particular business would be measurably less than investing in DRaaS, and you’re on a tight budget
  • You have a full-fledged DR plan and are happy with your RPO and RTO times
  • You have a team that is well-equipped to restore infrastructure in the event of a disaster
  • You have large amounts of data that doesn’t change often

DRaaS is a good fit for your business if:

  • Your brand and revenue will suffer if downtime lasts more than a few minutes, and you could even be put out of business if it lasts for days or weeks
  • The cost of downtime for your business outweighs that of investing in DRaaS
  • You want the fastest RPO and RTO times without having to worry about a thing
  • You do not have the resources to restore infrastructure quickly enough
  • You need more than periodic backups—you need constant data replication to ensure no data is lost

What about both?

Your business may benefit from combining the services of both BaaS and DRaaS. Not all data is equal and combining BaaS and DRaaS can be a cost-effective way to ensure all of your data is safe.

LightBound’s DRaaS Has You Covered

If you’re interested in DRaaS, LightBound’s Disaster Recovery as a Service has you covered. We’ll work with you to customize a DRaaS solution specific to meet your unique business needs.


When you think of a disaster you probably picture fires and floods, but in today’s digital age, your business may be more likely to encounter the growing threat of ransomware than a devastating natural disaster.

In 2018, ransomware “was found in 39% of malware-related data breaches—double compared to last year, making it the top variety of malicious software,” TechRepublic shared from Verizon’s annual Data Breach Investigations Report.

But what exactly is ransomware, and how could it exploit your business? In this blog, we define ransomware, how it can harm your business, and how you can effectively render ransomware powerless.Ransomware attack with image showing a caution sign and the words "Your Files Are Encrypted" and an explanation that a key is needed on the screen

What is Ransomware?

Ransomware is malware that infects a computer and restricts access to data by encrypting files. Once the access is blocked, the user is prompted to pay the attacker in order to restore access to their files, effectively holding the business’ data or applications ransom. Payment is typically demanded via a cryptocurrency like Bitcoin.

In 2017, major ransomware attacks included WannaCry, which “affected computers in at least 150 countries and has caused a potential loss in millions if not billions,” and NotPetya, which affected at least 65 countries with monetary losses estimated “to be around $200-$300 million.”

In 2018, the city of Atlanta was “brought to its knees” by “one of the most sustained and consequential cyberattacks ever mounted against a major American city.” Behind it was a prevalent ransomware attack group known as SamSam, known for selecting victims most likely to give in to high ransom demands and finding and holding that victim’s most important data hostage until the payment is made.

In the past year SamSam has targeted “hospitals, police departments and universities — targets with money but without the luxury of going off-line for days or weeks for restoration work,” thus making the ransom payment a tempting solution for victims, though it is not ideal. Paying up could mean the attackers double-back to target your business again and encourages future attacks.Man frustrated, confused, and holding head in despair because of WannaCry ransomware attack displayed on his desktop screens

How Could Ransomware Impact Your Business?

Any business can be targeted by ransomware, and while you might hope to be lucky and avoid it, the growing threat of ransomware means it’s best not to wonder if it might happen, but to prepare for when it will happen.

Ransomware cuts straight to the lifeblood of your business, holding your important information and applications hostage so your business can’t function. With 96% of malware attacks coming through email, even one simple click on a malicious link by an unaware employee could spell disaster.

On top of losing access to critical data, the negative impacts of ransomware can include hours, days, or even weeks of downtime. This means stunted operations and a potentially devastating hit to your bottom line. In addition, your brand reputation may be tarnished as customers and partners lose trust in your business.

Ransomware can kill your business, but making the decision between losing your business in the midst of an attack and paying a costly ransom should never be a decision you have to make. That’s because ransomware can’t succeed if you have the right disaster recovery solution in place.A button glowing blue that reads "DISASTER RECOVERY" and "START"

How to Stop Ransomware Dead in Its Tracks

LightBound’s Disaster Recovery as a Service (DRaaS) can help you recover from a ransomware attack in minutes. DRaaS is the hosting and replication of your servers by a third-party service provider to enable failover in the event of a natural or man-made catastrophe.

Disaster Recovery as a Service is ransomware’s kryptonite and its benefits are numerous:

  • Provides failover in the event of a natural or man-made catastrophe
  • Rewinds the systems to the last point in time before the infection struck, to within a matter of seconds
  • Recovers all the critical systems in minutes with only a few clicks
  • Not only restores entire applications and databases with consistency but restores individual files as well
  • Performs non-disruptive failover tests at any time, to be sure the business can be brought back online straight away when needed
  • Creates off-site data copies for longer-term data retention in addition to giving the business a Continuous Data Protection for up to 14 days

With DRaaS your info is replicated so no one can hold your data for ransom—you can easily push a button and get your data back!

Want to learn more about disaster recovery solutions to find the best one for your business? Download our FREE Disaster Recovery Guide today!


No matter what problem you’re trying to solve in life, you need a path to get there. Solving your disaster recovery (DR) problem is no different, and it pays to keep your problem-solving at a high-level before diving too deep into the weeds.

In this blog, we cover five potential disaster recovery solutions for your business and what steps you need to take to ensure your DR problems are solved.

Businessman standing and thinking in front of multiple sketched arrow pathway choices

Don’t Skip The Crucial First Step

Before signing any agreements or buying anything, the stakeholders in your business should answer these five questions. After 15+ years of experience in this field, we recommend you ask yourself these questions as the critical first step in solving your DR problems. Getting through them will save you a lot of money and months or even years of frustration down the road:

  1. Is there a compliance issue you must solve, and does the CEO view this as a must-have?
  2. What applications and data must be recovered to support your employees and customers?
  3. How long can you do without these applications and data? How much data can you afford to lose?
  4. What is the financial risk of your business being without these applications and data?
  5. Who needs to be involved in this process within my company and do we have the expertise to evaluate the options?

The bigger your business, the more complexities will factor into these questions, but you’ll thank yourself later for taking the time to answer them.

Businessman choosing one solution from five options

5 Disaster Recovery Solutions for Your Business

Once you’ve nailed down your answers from the first step, you’ll be well-equipped to wade through the weeds of problem-solving. It’s time to consider these five potential DR solutions through the lens of your business’ unique needs:

1. Storage-based solutions are provided by the storage vendors and deployed as modules inside the storage array. This solution offers application consistency, but it functions at the storage layer and requires “like” hardware infrastructure in production and replication. A storage-based approach is a costly option regarding implementation and management.

2. Agent-based solutions install agents onto the host server that is desired to be backed up. It allows for application-level recovery but requires installing an agent on each server. It also means more overhead, less scalability, and increased complexity to manage.

3. Snapshot/backup-based solutions enable a quick restore by “freezing” a live storage system or VM at a moment in time. Because snapshots are typically taken every four hours, four hours of data is lost after rollback. This solution causes high latency and requires large amounts of storage. It does not perform well under high loads or at large scales, which leads to high recovery point objectives (RPOs).

Disaster Recovery Plan written by hand in marker with "DRP" highlighted by color and circled

4. Native hypervisor replication solutions are hypervisor-aware but are managed on a per Virtual Machine (VM) or per Host basis. It does not have a central management interface, nor does it have consistency grouping. This makes it difficult to manage and maintain. Plus, it requires manual recovery operation.

5. Hypervisor-based replication solutions function so that each time the virtual machine writes to its virtual disks, the written command is automatically and continuously captured, cloned, and sent to the recovery site with no impact on application performance.

Hypervisor-based replication offers huge benefits without the drawbacks of other solutions and is optimized for virtual environments. It boasts application-level consistency grouping, easy scalability and granularity, recovery at the click of a button, continuous data protection, and more.

You can learn how LightBound’s Disaster Recovery as a Service (DRaaS), a hypervisor-based solution, can provide superior protection for your business on our website.

Hand writing the words "We can help!" written on blackboard background with chalked hanging lightbulbs

Ready to Learn More?

If you’re unsure which DR solution is best for your business, sign up today for a free one-hour consultation with LightBound’s experts to personally help you find the right solution for your business’ unique needs.

Click here for your Free Consultation



Years ago, the only traffic on corporate networks were business applications, threats, or email. But technology has come a long way since then, and a multitude of applications like Skype, Dropbox, and Slack have flooded the business world.

Increased application use has been helpful, even essential, for maximizing employee productivity and improving business practices, but these applications can carry viruses, malware, and other threats with them.

Traditional firewalls are unable to see or control all of these applications, meaning increased vulnerability to threats. Thankfully, the next-generation firewall (NGFW) was born, filling a much-needed gap in modern security needs.


Why Upgrade to NGFW from Traditional Firewall Security?

NGFW works better and faster than traditional firewalls to control the traffic that can enter and exit a network. While traditional firewalls are behind the times, next-generation firewalls provide increased control, improved security, and other essential features.

In this blog post, we’ll cover five main ways NGFW is superior to traditional firewalls and why, if you haven’t already, your business should upgrade to NGFW.

1. Single Device Functionality

If your current security provider is adding new devices to your firewall, that’s a red flag. It means unnecessary complexity and added cost for you. Plus, it increases the amount of oversight needed to keep your network secure while slowing down response time to threats.

NGFW integrates enterprise firewall capabilities, intrusion prevention system (IPS), and stateful packet inspection into one device. Traditionally, these would have been done on separate devices, but this integration allows for improved performance and accessibility.

  • Intrusion prevention system (IPS): detects and prevents vulnerability exploits by examining traffic flows
  • Stateful packet inspection (SPI): monitors the state of active connections to determine which packets to allow through a firewall

2. Better Security

Traditional firewalls block forbidden packets by protocol or port, while NGFW takes security even further by inspecting packets all the way down to the application layer. NGFW improves security in many ways, including:

  • Protection across the entire attack continuum: a growing number of application attacks are taking place on layers 4-7 of the OSI (Open Systems Interconnection) network stack, which next-generation firewalls are designed to help prevent.
  • Multilayered protection: to get multilayered protection traditionally, businesses would have to buy many different solutions from different vendors. Having an integrated solution means less complexity and smooth functionality so threats can be better spotted and stopped.
  • Advanced malware capabilities defend and safeguard against emerging and unknown threats
  • Faster response time from automated security
  • Limiting traffic to approved applications only, reducing risk

3. Simplified Management

NGFW reduces the number of manual tasks necessary with automated security features and integration, which also improves remediation speed. You can centrally manage security policies, service orchestration, monitoring, and reporting.


4. Improved Visibility and Control for Safe Application Enablement

Traditional firewalls have blind spots, but NGFW has superior visibility into all network traffic to detect and prioritize threats. With the multitude of applications out there today, NGFW’s application-level control, which allows you to see and control what applications are being used on your network, is key for today’s businesses.

Rather than having a policy asking employees not to use Facebook, you could not only have the option to block it completely, but you could set a policy nuanced enough to allow employees onto the site while blocking parts of it like Facebook Messenger or Candy Crush.

NGFW’s identity awareness integrates with application awareness to enable you to apply security policies more granularly using corporate directories. Now you can let your marketing team access social media sites while blocking employees that don’t need it, or only allowing partial access.

5. Lower Costs

Integration, security automation, and management simplification reduces complexity and the work necessary to respond to and remediate from security incidents. You save money and that’s a good thing.

LightBound's Choice Network Branded Image

Implementing and Managing NGFW with LightBound

Upgrading your business security solution to the next-generation firewall is a smart move in response to today’s increasing security vulnerabilities. With the increased power, features, and functions that NGFW offers, it’s not easy to implement, so it’s more important than ever to ensure proper set-up and ongoing management.

There are many NGFW services on the market but look for a provider that’s experienced and is there for you before, during, and after implementation. LightBound has the expertise necessary to implement and manage next-generation firewalls across your network, and we’ll be there for you every step of the way. Contact LightBound today to get started, or learn more about our Choice Network.