| Survey finds significant decline in executive involvement in disaster recovery planning
Sharp increase in applications considered mission critical On average respondents indicated that 56 percent of applications were deemed mission critical - significantly up from 36 percent in 2007. With the increase in the number of mission critical applications, it becomes difficult for organizations with flat IT budgets to maintain the availability of a greater number of mission critical applications. As a result, companies should look at more cost effective ways to protect applications including reducing spare servers, increasing server capacity, looking at physical to virtual configurations, and more. More than one-third of organizations have invoked disaster recovery plans Disaster recovery plans are not documents collecting dust on shelves. In the past year, one-third of organizations surveyed had to invoke (execute) their disaster recovery plans due to a variety of factors including: hardware and software failure (36 percent of organizations); external security threats (28 percent of organizations); power outage/failure/issues (26 percent of organizations); natural disasters (23 percent of organizations); IT problem management (23 percent of organizations); data leakage or loss (22 percent of organizations); and accidental or malicious employee behaviour (21 percent of organizations). Given the regularity of events that cause downtime, IT organizations should expect that their disaster recovery plans will see action at some point in the future. Executive involvement in disaster recovery planning declining Survey results indicated that C-level involvement in disaster recovery planning is declining. In the 2007 survey, 55 percent of respondents said that their DR committees involved the CIO, CTO or IT director. However, in 2008 that number dropped to 33 percent worldwide. Symantec believes that such a move is a troubling trend, particularly in light of the mission critical applications not currently covered in disaster recovery plans and the reevaluation of plans due to virtualization. Increased executive involvement has been shown to increase the success of DR plans. Virtualization driving reevaluation of plans; automation and cross-platform tools needed Virtualization is the major factor that is causing more than half (55 percent) of respondents globally - 64 percent in North America - to reevaluate their disaster recovery plans. In some cases virtualization is being deployed for DR purposes and applications and data in virtual environments pose a difficult challenge since processes for physical environments may not work in virtual environments. In addition, native DR tools in virtual environments are immature and don't provide the enterprise-class protection that organizations require. The respondents reported that 35 percent of their virtual servers are not currently covered in organizations' disaster recovery plans, and only 37 percent of respondents reported that they back up all of their virtual systems. Fifty-four percent of respondents listed resource constraints as their top challenge with backing up virtual systems, which points to the need for simplification and automation. Globally, 35 percent of respondents cited too many different tools as the biggest challenge in protecting mission critical data and applications within physical and virtual environments. Complications with having different tools for physical and virtual environments include higher training costs, operating inefficiencies, greater software costs and workforces that work in silos. Lack of automated recovery and insufficient backup tools came in close second, each with 33 percent. Testing issues According to survey data, while having a disaster recovery plan is essential in most organizations today, knowing that disaster recovery plans work is equally important. In 2007, 88 percent of IT professionals polled carried out a probability and impact assessment for at least one threat. In 2008, that number increased to 98 percent of respondents indicating that they have carried out an assessment for at least one threat. However, respondents report that 30 percent of tests fail to meet recovery time objectives (RTOs) with an average global RTO of 9.54 hours. Respondents also reported the top reasons why their tests failed include: human error (35 percent); technology failure (29 percent); insufficient IT infrastructure (25 percent); out-of-date plans (24 percent) and inappropriate processes (23 percent). Since human error is the greatest problem hindering successful recoveries, organizations should look to automation that will speed recovery and reduce errors and reliance on personnel. In addition, 93 percent of IT organizations report they have tested their disaster recovery plan since it was created, yet 30 percent of those tests are not fully successful - improved from 50 percent failed tests in 2007 - and only 16 percent say that tests have never failed. The study showed that approximately 47 percent of organizations test their disaster recovery plans either only once a year or less due to disruption to the business and lack of resources. Reasons cited include: lack of staff availability (39 percent), disruption to employees (39 percent), budgetary issues (37 percent) and disruption to customers (32 percent). In addition, 21 percent admit that disaster recovery testing could impact sales and revenue. In fact, those in Asia and EMEA are less likely to test their DR plans, with 12 percent of respondents in EMEA and 8 percent in Asia Pacific reporting that they never test their DR plans. While survey results indicate that the IT industry has demonstrated some improvements in successful DR testing over the past year, only 31 percent of respondents report that they could achieve baseline operations within one day if a significant disaster occurred that destroyed their main data centre. And, only three percent of respondents said they could have baseline operations within 12 hours and nearly half (47 percent) reported that it would take a full week to achieve 100 percent normal operations. About the survey
•Date: 28th August 2008• Region: World •Type: Article •Topic: IT continuity
|
