Disaster Recovery Plans Improve but Enterprises Still Suffer from Costly Downtime
Symantec research says IT spending for disaster recovery has risen and C-level executives more involved, yet trouble spots remain vulnerable
Symantec Corp.'s fifth annual IT Disaster Recovery survey reveals the "rising DR pressures on organizations caused by soaring downtime costs and more stringent IT service level requirements to mitigate risk to the business."
The June 2009 survey of 1,650 enterprise IT professionals involved in disaster recovery in companies of at least 5,000 employees worldwide reported that 93 percent of organizations have had to execute their DR plans. The cost per incident averaged $287,000 (costs were higher on average in the health care and financial services sectors). The median cost for North American enterprises can be as high as $900,000.
The median time to recover to "skeleton operations" was three hours; four hours were needed to return to "normal operations." According to a release, "This is dramatically improved over the 2008 findings, where only three percent of respondents reported that they could achieve skeleton operations within 12 hours, and 31 percent believed they would have baseline operations within one day." The leading reasons given for executing their recovery plan included computer system failure (hardware or software), external computer threats (viruses, hackers), and natural disasters (fires, floods).
Database servers are the asset most often included in a disaster recovery plan, though not all are protected. The survey reported that although 92 percent of respondents have database servers, only 62 percent of respondents include these servers in their DR plans. The importance of applications has risen since last year's survey; 60 percent of applications were deemed "mission critical" in 2009 versus 56 percent in 2008. Sixty-one percent of respondents include applications in their DR plans.
The good news: despite the poor economy, DR budgets are higher in 2009 and are likely to remain flat for several years. "The research shows that the annual median budget for disaster recovery initiatives, including backup, recovery, clustering, archiving, spare servers, replication, tape, services, disaster recovery plan development, and offsite costs at data centers surveyed is $50 million."
One reason for the financial support in the budget may be that executive involvement in DR doubled since last year's survey: CIO/CTO/IT directors were involved in DR committees according to one-third of respondents in 2008; that figure has risen to 70 percent this year. Adding to DR's visibility: "disaster recovery initiatives have become more of a competitive differentiator, and [the]impact of downtown on customers is greater than ever."
There was cause for alarm, however. One in four DR tests fails. Given that over one-third (35 percent) of respondents say they test their DR plans no more than once a year, enterprises may be at considerable risk. Among the reasons for the infrequent testing: lack of resources (time) (48 percent), budget resources (44 percent), and disruption to employees (44 percent), and disruption to customers (40 percent). "Forty percent of respondents reported that disaster recovery testing will impact their organizations’ customers and nearly one third (27 percent) reported that such testing could impact their organization’s sales and revenue."
Virtualization also leads to exposure. DR plans are always in flux, of course; the survey noted that 64 percent of respondents said that virtualization is one factor in reevaluating their plans (up from 55 percent in 2008). Even so, 27 percent of organizations do not test virtual environments. While improving (35 percent of enterprises last year said they didn't test virtual environments), more than a third (36 percent) of data residing on virtualized systems is still included in regular backups. "Over half of the respondents cited lack of backup storage capacity and automated recovery tools as top challenges to protecting data in virtual environments," Symantec said.
James E. Powell is the former editorial director of Enterprise Strategies (esj.com).