CUPERTINO, Calif. – Aug. 27, 2008 – Symantec Corp. (Nasdaq: SYMC) today announced the global results of its fourth annual IT Disaster Recovery survey, which demonstrates a significant decline in executive involvement in disaster recovery planning and a significant increase in the number of organizations reevaluating their disaster recovery (DR) plans due to virtualization. As more applications and data are managed in a virtual environment, organizations are evaluating the most efficient ways to manage applications and data in both physical and virtual environments.
Nearly one-third of organizations reported they have had to implement part of their DR plan. However, in the past year there was a significant decrease in executive involvement on DR committees. And, while there appears to be improvement in successful disaster recovery testing, one-third of respondents indicate testing will impact their customers, and one-fifth admit such testing could negatively affect their organization’s sales and revenue.
With a rapid increase in mission critical applications combined with the continued growth of stored data – both physical and virtual – it is crucial that organizations incorporate a comprehensive, proven disaster recovery plan into the overall business strategy. This will help ensure the successful recovery of data and applications with the least amount of impact to business operations should a disaster – natural disaster, human error or system failure – occur.
Sharp increase in applications considered mission-critical
On average respondents indicated that 56 percent of applications were deemed mission critical – significantly up from 36 percent in 2007. With the increase in the number of mission critical applications, it becomes difficult for organizations with flat IT budgets to maintain the availability of a greater number of mission critical applications. As a result, companies should look at more cost effective ways to protect applications including reducing spare servers, increasing server capacity, looking at physical to virtual configurations, and more.
More than one-third of organizations have executed DR plans
Disaster recovery plans are not documents collecting dust on shelves. In the past year, one-third of organizations surveyed had to execute their disaster recovery plans due to a variety of factors including: Hardware and software failure (36 percent of organizations); external security threats (28 percent of organizations); power outage/failure/issues (26 percent of organizations); natural disasters (23 percent of organizations); IT problem management (23 percent of organizations); data leakage or loss (22 percent of organizations); and accidental or malicious employee behavior (21 percent of organizations). Given the regularity of events that cause downtime, IT organizations should expect that their DR plans will be tested at some point in the future.
Executive involvement in DR planning declining
Survey results also indicate that C-level involvement in DR planning is declining. In the 2007 survey, 55 percent of respondents said that their DR committees involved the CIO, CTO or IT director. However, in 2008 that number dropped to 33 percent worldwide. Symantec believes that such a move is a troubling trend, particularly in light of the mission critical applications not currently covered in DR plans and the reevaluation of plans due to virtualization. Increased executive involvement has been shown to increase the success of DR plans.
Virtualization driving reevaluation of plans; automation and cross-platform tools needed
Virtualization is the major factor that is causing more than half (55 percent) of respondents globally – 64 percent in North America – to reevaluate their DR plans. In some cases virtualization is being deployed for DR purposes and applications and data in virtual environments pose a difficult challenge since processes for physical environments may not work in virtual environments. In addition, native DR tools in virtual environments are immature and don’t provide the enterprise-class protection that organizations require. The respondents reported that 35 percent of their virtual servers are not currently covered in organizations’ DR plans, and only 37 percent of respondents reported that they back up all of their virtual systems.
Fifty-four percent of respondents listed resource constraints as their top challenge with backing up virtual systems, which points to the need for simplification and automation. Globally, 35 percent of respondents cited too many different tools as the biggest challenge in protecting mission-critical data and applications within physical and virtual environments. Complications with having different tools for physical and virtual environments include higher training costs, operating inefficiencies, greater software costs and workforces that work in silos. Lack of automated recovery and insufficient backup tools came in close second, each with 33 percent.
Respondents report one-third of disaster recovery tests unsuccessful
According to survey data, while having a disaster recovery plan is essential in most organizations today, knowing that disaster recovery plans work is equally important. In 2007, 88 percent of IT professionals polled carried out a probability and impact assessment for at least one threat. In 2008, that number increased to 98 percent of respondents indicating that they have carried out an assessment for at least one threat. However, respondents report that 30 percent of tests fail to meet recovery time objectives (RTOs) with an average global RTO of 9.54 hours.
Respondents also reported the top reasons why their tests failed include: human error (35 percent); technology failure (29 percent); insufficient IT infrastructure (25 percent); out-of-date plans (24 percent) and inappropriate processes (23 percent). Since human error is the greatest problem hindering successful recoveries, organizations should look to automation that will speed recovery and reduce errors and reliance on personnel.
In addition, 93 percent of IT organizations report they have tested their disaster recovery plan since it was created, yet 30 percent of those tests are not fully successful – improved from 50 percent failed tests in 2007 – and only 16 percent say that tests have never failed.
Disaster recovery testing impacts sales and revenue
The study showed that approximately 47 percent of organizations test their DR plans either only once a year or less due to disruption to the business and lack of resources. Reasons cited include: Lack of staff availability (39 percent), disruption to employees (39 percent), budgetary issues (37 percent) and disruption to customers (32 percent). In addition, 21 percent admit DR testing could impact sales and revenue. In fact, those in Asia and EMEA are less likely to test their DR plans, with 12 percent of respondents in EMEA and 8 percent in Asia Pacific reporting that they never test their DR plans.
While survey results indicate that the IT industry has demonstrated some improvements in successful DR testing over the past year, only 31 percent of respondents report that they could achieve baseline operations within one day if a significant disaster occurred that destroyed their main data center. And, only three percent of respondents said they could have baseline operations within 12 hours and nearly half (47 percent) reported that it would take a full week to achieve 100 percent normal operations.
“While the research identifies a significant improvement in DR testing in the industry, we are concerned that organizations are not testing more frequently to improve their plans, and are not using adequate tools to reduce the overall business impact,” said Mark Lohmeyer, vice president of Symantec’s Veritas Cluster Server Group. “Virtualization is obviously changing the game for disaster recovery and organizations should involve IT executives in the process of reevaluating their DR plans and then implement best practices and solutions that ensure confidence in a successful and rapid return to full operations in the event of a disaster.”
Symantec recommends that enterprises implement a holistic data protection solution across virtual environments, remote offices, desktops, laptops, servers, applications and databases that can quickly recovery vital data and systems in the event of a disaster. In addition, consolidating on a single management tool that manages both physical and virtual environments will also help reduce the number of tools needed.
Symantec also recommends that organizations implement automated solutions that minimize human involvement and address other weaknesses in their DR plans to help to reduce downtime. Finally, using solutions that provide testing tools that minimize the impact of testing on customers is also recommended, so that organizations can test without affecting business processes, customers and employees.
About the 2008 Symantec Disaster Recovery Research Report
In its fourth year, the 2008 Symantec Disaster Recovery Research report is an annual global study commissioned by Symantec to highlight business trends regarding disaster recovery planning and preparedness. Conducted by independent market research firm Applied Research West during June and July 2008, the study polled more than 1,000 IT managers in large organizations across 15 countries in the United States and Canada, Europe and the Middle East, Asia Pacific and Latin America to gain insight and understanding into some of the more complicated factors associated with disaster recovery.
Symantec is a global leader in providing security, storage and systems management solutions to help businesses and consumers secure and manage their information. Headquartered in Cupertino, Calif., Symantec has operations in more than 40 countries. More information is available at www.symantec.com.
NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, please visit the Symantec News Room at http://www.symantec.com/news. All prices noted are in U.S. dollars and are valid only in the United States.
Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.