“What’s your disaster recovery plan?”

It’s a question I’ve been getting from customers quite a bit lately. And it caught me off guard the first time I heard it. Typically, inquiries on disaster recovery come from someone on an audit team who has the daunting task of creating a disaster recovery and business continuity plan across the entire company. To assemble such plans, they must robotically evaluate each of the company’s business partners and service providers. During these conversations, I’ve glimpsed the perfect disaster recovery service and wanted to share a few thoughts.

My first disaster recovery conversation went something like this:

“Hi, David, I am from such-and-such company. I work on the IT audit team. I am currently assembling and auditing the company’s disaster recovery and business continuity plan. Can you walk me through Okta’s DR and BC plans so I can include them with ours?”

“Ummmm…. well… uhhh, “ I started very succinctly. “The thing is, we are your DR and BCP for the identity and access management component of your business…”

That prompted a quick response: “No, I mean what happens when your service goes down? What do we do in the meantime so that we can factor that into our business continuity processes?”

It’s a fair question — and one that can be answered while examining Okta’s enterprise cloud. In previous blogs I’ve discussed Okta’s high availability architecture. We built Okta across seven availability zones and two geographical regions on AWS, which means we can guarantee that our customers will be able to access their critical SaaS business applications seamlessly — even if entire geographic regions in AWS go offline.

Our service is critical to our customers, and being their virtual, highly available cloud infrastructure is an important part of our customers’ disaster recovery. Most often, DR plans simply establish well-tested failover procedures and ensure systems are redundant. However, n+1 redundancy on all production systems and services is not really a benefit if the software installed on those systems isn’t resilient.

When I speak with customers about disaster recovery, my goal is to help them understand how important the software development aspect of Okta’s service is to their business continuity. After all, it’s core to the acronym SaaS: Software-as-a-Service. The software must be developed in order to provide a highly reliable and redundant service. Disciplined development methodologies and coding practices, thoroughly tested release checkpoints and an auditable security development lifecycle are critical to sound software — and to prevent disasters from occurring.

Ultimately, my message to customers is this: “You must have a disaster recovery plan, but we have a disaster avoidance plan.”

Our business lives or dies on our ability to make our customers successful. Everything we do is focused on the success of the customers using our service. We build our infrastructure, develop our software and even hire employees to avoid disasters in our service and to ensure our customers’ business continuity.

We’re here not to help you recover, but to make sure you never go down in the first place.