The number of applications that IT managers consider mission-critical has jumped 20% since last year. That’s just one of the key findings of the 2008 Symantec IT Disaster Recovery survey, which collects the opinions of 1,000 IT managers and C-level decision makers at large organizations in 15 countries. Here’s another: More than half of the respondents doubt they would be back up and running in one week if they had to execute their DR plans.
The findings underscore how vitally important it is for organizations to incorporate a comprehensive, proven disaster recovery plan into their overall business strategy. They also illuminate the need for organizations to be confident at each step in the disaster recovery process.
On average, respondents indicated that 56% of their applications are now considered mission-critical – up significantly from 36% in 2007. Such an increase could pose considerable difficulties, particularly for those organizations with flat IT budgets.
The survey also found that virtualization is the major factor causing organizations to re-evaluate their disaster recovery plans today. Respondents said that a major challenge is deploying and maintaining the different tools for management and availability that are needed for their physical and virtual environments--indicating a need for tools that work across multiple operating systems and virtualization technologies. The survey found that native DR tools in virtual environments are immature and don’t provide the enterprise-class protection that organizations require. Respondents reported that 35% of their virtual servers are not covered in their DR plans, and only 37% of respondents reported that they back up all of their virtual systems. The top challenge when backing up virtual systems involves resource constraints, which highlights the need for simplified and automated backup solutions that reduce manual tasks for administrators.
The survey also revealed what it calls an “alarming” decline in executive involvement in DR planning and testing. In the 2007 survey, more than half of the respondents said that their DR committees involved the CIO, CTO, or IT director. In 2008, that number dropped to 33% worldwide. That’s a potentially troubling trend, given that increased executive involvement has been shown to increase the success of DR plans in the past.
Testing: one-third of DR tests were unsuccessfulWhen it comes to DR testing, organizations say that it has an impact on customers, sales, and revenue. Specifically, nearly one-third of organizations reported that disaster recovery testing will impact their customers, while over one-fifth admitted such testing could impact their sales and revenue.
As a result of those concerns, approximately half of the organizations surveyed test their DR plans either only once a year or less. Bottom line: Organizations are not testing frequently enough to improve their plans and are not using adequate tools to reduce the overall business impact.
According to survey data, while having a disaster recovery plan is essential in most organizations today, knowing that disaster recovery plans work is just as important. In 2007, 88% of the IT professionals polled carried out a probability and impact assessment for at least one threat. In 2008, that number increased to 98%. However, respondents reported that 30% of tests fail to meet recovery time objectives (RTOs), with the average global RTO being 9.54 hours.
Respondents listed the top reasons why their tests failed to meet those RTOs: human error, technology failure, insufficient IT infrastructure, out-of-date plans, and inappropriate processes.
Because human error is the biggest problem hindering successful recoveries, Symantec believes organizations should look to automation to speed recovery and reduce errors and reliance on personnel.
The survey makes plain that disaster recovery plans aren’t documents collecting dust on shelves. In the past year, one-third of the organizations surveyed had to execute their disaster recovery plans due to a variety of factors.
The top reasons included hardware and software failure, external security threats, power outage/failure/issues, natural disasters, IT problem management, data leakage or loss, and accidental or malicious employee behavior.
Given the regularity of the events that cause downtime, IT organizations can expect that their DR plans will be utilized at some point in the near future.
Now in its fourth year, the Symantec IT Disaster Recovery survey highlights business trends regarding disaster planning and preparedness. It also provides insight and understanding into some of the more complicated factors associated with disaster recovery.
Symantec recommends that enterprises implement a holistic data protection and high availability solution across virtual environments, servers, applications, databases, and data centers. In addition, consolidating on a single management tool that manages both physical and virtual environments can help reduce the number of tools needed.
Organizations should implement automated solutions that minimize human involvement and address other weaknesses in their DR plans to help to reduce downtime.
Finally, solutions that provide testing tools that minimize the impact of testing are recommended, enabling organizations to test without affecting business processes, customers, and employees, and instilling confidence that systems will get back up and running when needed.