Disaster recovery still a global challenge:survey

July 2, 2009:Disaster recovery (DR) testing and virtualisation are still major challenges for large organisations across the globe according to more than 1500 IT managers surveyed for Symantec.

Respondents report that DR testing increasingly impacts customers and revenue, and one in four tests fail. Nearly a third of organisations don’t test virtual environments as part of their disaster recovery plans, and a slightly larger percentage of virtual environments aren’t regularly backed up – pointing to the need for more automation and cross-environment tools.

The average cost of executing/implementing disaster recovery plans for each downtime incident worldwide according to respondents is US $287,600. In Australia and New Zealand, the median cost wasUSD$570,000 compared to USD$900,000 in North America. Globally, this number is highest for healthcare and financial services organisations.

Respondents reported that it takes on average three hours to achieve skeleton operations after an outage, and four hours to be up and running. This is dramatically improved over the 2008 findings, where only three per cent of respondents reported that they could achieve skeleton operations within 12 hours, and 31 per cent believed they would have baseline operations within one day.

The research shows that the annual median budget for disaster recovery initiatives, including backup, recovery, clustering, archiving, spare servers, replication, tape, services, disaster recovery plan development andoffsite costs at data centres surveyed is $50 million. According to respondents, this number will continue to grow throughout 2009, but more than half (52 per cent globally and 55 per cent in Australia and New Zealand) of respondents believe that budgets will be flat in 2010, making it more challenging for IT management to better leverage their assets including hardware, software and personnel.

According to the 2009 disaster recovery survey, 70 per cent (66 per cent in Australia and New Zealand) of respondents reported that their disaster recovery committees involved theCIO, CTO or IT director – a significant increase from last year’s research where 33 per cent of respondents indicated executive involvement. As budgets increased over the past year, disaster recovery initiatives have become more of a competitivedifferentiator, and impact of downtown on customers is greater than ever.

Another reason for executive involvement is the increase of applications that are seen as mission critical. Sixty per cent of applications globally and 55 per cent in Australia and New Zealand were deemed mission critical by respondents, and nearly the same amount (61 per cent in Australia and New Zealand) is covered in disaster recovery plans. Any sort of outage to these systems will have an enormous impact to the business.

This year, 35 per cent of respondents globally and 39 per cent in Australia and New Zealand reported that they test their DR plans once per year or less frequently – a 12 per cent improvement globally (21 per cent improvement in Australia and New Zealand) from last year. In addition, one in four tests still fail, showing a dramatic need for improvement in this area. Reasons most respondents cited for why organisations aren’t testing include:

Lack of resources in terms of people’s time (48 per cent globally and 40 per cent in Australia and New Zealand)

Disruption to employees (44 per cent globally and 41 per cent in Australia and New Zealand)

Budget (44 per cent globally and in Australia and New Zealand)

Disruption to customers (40 per cent globally and 39 per cent in Australia and New Zealand)

Sixty-four per cent of worldwide respondents and 59 per cent in Australia and New Zealand reported that virtualisation is causing them to reevaluate their disaster recovery plans. This is up from 55 per cent globally and 44 per cent in Australia and New Zealand in 2008. Still, nearly a third (27 per cent globally and 35 per cent in Australia and New Zealand) of organisations do not test virtual environments as part of their disaster recovery initiatives.

This number has improved in the past year, lowering from more than one-third (35 per cent) of organisations who did not test in 2008. Additionally, more than one-third (36 per cent) of data on virtualised systems is not regularly backed up, showing no improvement in the past year (37 per cent in 2008). Over half of the respondents cited lack of backup storage capacity and automated recovery tools as top challenges to protecting data in virtual environments.

In addition, the study found that globally, more than half of respondents cited:Lack of storage management tools as the top challenge in protecting mission critical data and applications in virtual environments (53 per cent globally and 51 per cent in Australia and New Zealand).

Lack of backup storage capacity (52 per cent globally and 39 per cent in ANZ) and lack of automated recovery tools (50 per cent globally and 49 per cent in ANZ) both came in a close second globally. Within ANZ, lack of automated recovery (49 per cent); insufficient backup tools (42 per cent in 2008; 14 per cent in 2008); lack of available backup and storage capacity (39 per cent); and different tools for physical and virtual environments (39 per cent in 2009; 28 per cent in 2008) were also cited as key challenges to protecting mission critical data and applications in virtual environments.

Resource constraints such as people, budget, and space as the top challenges to backing up virtual machines suggesting a need for greater automation and the ability to leverage existing IT investments in order to lower costs.

“This year’s Symantec-sponsored research clearly identifies key issues, hidden risks and best practices in implementing disaster recovery plans. While some aspects are trending well, the impact of downtime is greater than ever before,” said RobSoderbery, senior vice president of Symantec’s Storage and Availability Management Group.

“The surging cost of downtime places greater emphasis on business – which means more pressure on IT. If organisations are not protecting virtual environments, not testing their disaster recovery plans and seeing one out every four tests fail then something needs to change to better manage risk to the business. Organisations should implement solutions that address these needs while allowing them to leverage existing assets.”