Are You Ready for a Disaster? Probably Not.

SolarWinds conducted a survey with Network World about the state of disaster preparedness among IT professionals.  Some of those results are, as you’d expect, disturbing.

For instance, one quarter (25 percent) of respondents don’t have a disaster preparedness and response plan for their business or their IT department. Worse, only slightly more than half (57 percent) say it’s “very likely” or “certain” that they’ll create one in the next year -- a figure that should be 100 percent. As to “certainty,” we all know that one’s best intentions (when it comes to non-revenue-generating planning) can be put on hold when higher-priority (read: income-producing) tasks come along. At least 9 percent of respondents are honest enough to say they don’t know if their enterprise will be creating a plan in the next year (they probably won’t).

The reason may stem from the attitude of senior management about disaster preparedness and their willingness to put their money where they enterprise’s income is. Seven percent said upper management was unconcerned, saying “They appear willing to gamble and hope that a disaster never occurs.” Exactly a third say management gives disaster recovery (DR) a low priority. “They display some concern for being able to recover from a disaster, but dedicated funding for IT investments is scarce and projects/processes are tackled on an ad hoc basis.” Only a dismal 2 percent said DR was a top priority, and that “projects are carefully planned, funded, and executed, and people/budget resources are plentiful.” Boy, are they lucky.

I asked Sanjay Castelino, VP and market leader at SolarWinds, if that was a fair assessment.

“As environments are becoming more complex, budgets are being cut, and staffing levels are decreased, IT professionals are being asked to take on more and more responsibility,” said Castelino. “They are often responsible for networks, security, storage, virtualization, and much more. Given their workload, we weren’t surprised that many haven’t made time to plan and prepare for disasters.”

Of respondents with plans, only 44 percent update their plans yearly. Perhaps their IT environment is different than everyone else’s, but I can’t begin to imagine a company that can remember everything that has changed in just one year, but then you have another 15 percent of enterprises that update their plans once every two years. Given staff turnover and the highly fluid IT environment, that spells disaster itself. Worst of all, almost 8 percent never update their plans -- good luck to those enterprises.

Your plan is only good if it works, and here, too, IT isn’t doing a particularly commendable job. According to the survey, 22 percent never “significantly” test their plan, 12 percent test it once every two years, and 23 percent test it once a year. Only a little more than one in ten enterprises (12.8 percent) perform two tests a year.

Let’s face it: disasters are real and not as rare as you might hope. For example, 27 percent of respondents have experienced a disaster that kept them working from their office.

I asked Castelino if there were any surprises among the survey results.

“We were not surprised to find that in many cases it took a disaster actually occurring for companies to take disaster preparedness planning seriously. One IT professional said, ‘Given that we have already seen one incident, we have adopted cautious and diligent attention to prevention and management of similar incidents in the future. Backup facilities have been upgraded and a new data center has been constructed,’” said Castelino.

“What we found most interesting was the ways that respondents are incorporating technology into their disaster preparedness plans. The most commonly included technologies were virtualization, VPNs, offsite backup and storage, remote access, and the use of company-supported mobile devices.”

When asked about their confidence in their enterprise’s ability to recover in “a reasonable amount of time” (between 12 and 18 hours) in case of a “significant disaster,” 17.3 percent are certain they can, 28 percent remain “very confident,” and 24 percent are “somewhat” confident. Nearly one in three (29 percent) are “not at all confident.”

Sure, the survey isn’t scientific, but it presents thought-provoking information about real-world practices that should have every C-level executive cringing. If (down)time is money, IT is putting their enterprises at great financial risk.

The full results are available here at no charge and no registration required.

-- James E. Powell
Editorial Director, ESJ

Posted on 09/18/2012