Domain 3: Cloud Platform & Infrastructure Security Module 36 of 70

Module 36: Business Continuity and Disaster Recovery

CCSP Domain 3 — Cloud Platform & Infrastructure Security Section C 6–8 min read
The CCSP exam tests whether you understand that cloud makes DR easier to implement but does NOT automatically make your application resilient. You must architect for continuity.

RTO and RPO: The Two Numbers That Matter

Every BC/DR question on the exam comes back to two metrics:

  • Recovery Time Objective (RTO) — maximum acceptable downtime. How long can you be offline?
  • Recovery Point Objective (RPO) — maximum acceptable data loss. How much data can you afford to lose?

These are business decisions, not technical ones. The BIA (Business Impact Analysis) determines these values based on the cost of downtime and data loss.

The exam always positions RTO and RPO as business-driven metrics. If a scenario asks who defines RTO/RPO, the answer is business leadership guided by the BIA — not the IT department.

Cloud DR Strategies

Cloud offers several DR patterns, each with different cost and recovery characteristics. The exam tests your ability to match the strategy to the RTO/RPO requirement:

  • Backup and restore — lowest cost, highest RTO. Data backed up to another region; infrastructure rebuilt on demand. RPO depends on backup frequency
  • Pilot light — core infrastructure running at minimum in DR region. Database replicating, but compute is not running. Moderate cost, moderate RTO
  • Warm standby — scaled-down version of production running in DR region. Can be scaled up quickly. Lower RTO than pilot light
  • Hot standby (active-active) — full production environment in multiple regions simultaneously. Lowest RTO/RPO, highest cost

Exam thinking: If the scenario specifies near-zero RTO and RPO, the answer is active-active multi-region. If budget is constrained and the business tolerates hours of downtime, backup and restore is appropriate.

Cloud-Specific BC/DR Risks

Cloud introduces unique continuity risks the exam expects you to identify:

  • Provider outage — entire region or service becomes unavailable
  • Vendor lock-in — inability to migrate quickly to another provider during a catastrophic event
  • Data portability — can your data be extracted in a usable format during an emergency?
  • Contract termination — what happens to your data and services if the CSP terminates your account?
  • CSP bankruptcy — extreme but testable scenario requiring exit strategy planning
The exam may ask about planning for CSP failure. The correct answer involves maintaining data portability, avoiding deep vendor lock-in, and having documented exit procedures — not relying solely on the provider’s DR capabilities.

Testing DR Plans in Cloud

A DR plan that has never been tested is a DR plan that will fail. The exam tests testing methodologies:

  • Tabletop exercise — discussion-based walkthrough of DR procedures. Low cost, identifies planning gaps
  • Simulation test — simulated failure scenario without actually failing over. Tests decision-making
  • Parallel test — DR environment activated alongside production. Validates recovery without disrupting operations
  • Full interruption test — production is actually shut down and DR takes over. Most realistic but highest risk

Cloud makes testing easier because you can spin up entire environments on demand. The exam expects you to leverage this advantage. There is less excuse for not testing DR in cloud than in traditional environments.

SLA Alignment with BC/DR Requirements

The CSP’s SLA may not align with your BC/DR requirements. The exam tests this gap:

  • CSP SLAs define availability guarantees (e.g., 99.99%) but the remedy for breach is typically service credits — not guaranteed recovery
  • SLA credits do not compensate for actual business losses
  • The customer must architect beyond the SLA to meet their own requirements
  • Multi-CSP strategies can mitigate single-provider dependency but add complexity

The exam trap: assuming the CSP’s SLA guarantees your application’s availability. It does not. The SLA covers the service; your application architecture determines actual availability.

Data Backup Best Practices in Cloud

The exam may test cloud-specific backup considerations:

  • Follow the 3-2-1 rule: three copies, two different storage types, one offsite (different region or provider)
  • Encrypt backups at rest and in transit
  • Test backup restoration regularly — a backup you cannot restore is worthless
  • Automate backup schedules aligned with RPO requirements
  • Consider immutable backups to protect against ransomware
Next Section C Review: Controls & Continuity