MOUNTAIN VIEW, Ca. – Research sponsored by Symantec has found that while 91 percent of IT organizations carry out full testing of their disaster recovery plans, almost half of those tests fail.
The “Symantec Disaster Recovery Research 2007” report was based on a survey of 1,088 IT professionals in large organizations, conducted by Dynamic Markets between June and July 2007. This report marks the third time Symantec has done quantitative research on disaster recovery (DR) and, while most of the results were about as expected, Sean Derrington, director of product marketing for storage management at Symantec, said there were a few surprises.
“One of the first things that was surprising is there were actually 148 other respondents that said they had no DR plan whatsoever,” Derrington said.
Of those with no disaster recovery plan, 44 percent had experienced at least one problem or disaster. Derrington said the way the questions were asked, it wasn’t clear if the organizations with no disaster recovery plan still had no plans to create a plan, but he said those that experienced problems would likely create a plan soon.
Ninety-one percent of organizations are carrying out full-scenario disaster recovery testing, but nearly half are failing.
“What was found in those companies that actually carry out a DR test is that 48 percent of those tests fail,” Derrington said. Failure in this case means the recovery test wasn’t able to recover at all or in the time expected.
For good or for bad, the average time between disaster recovery tests is about eight months. While Derrington said that’s not bad, if a test fails and changes are made to the disaster recovery plan to compensate, it’s on average eight months later when they’ll find out if the changes fixed the problem.
Why aren’t they testing more frequently? Three reasons, said Derrington. Of the respondents, 50 percent said it was too resource-intensive in terms of people’s time, 38 percent said it was too resource-intensive in terms of budget and 47 percent it was too disruptive to employees’ time. The employee disruption reason has becoming more and more common, Derrington said.
“The disruption to the employees is now too much, and they’re willing to expose their business to risk so as not to disrupt their employees,” he said.
With more than one-third of all applications in an organization being deemed business-critical now, as well as being spread out over different servers and storage, there are more elements of disaster recovery to take into consideration now. Additionally, disaster recovery tests tend to disrupt employees more and more.
“We think that the number and the types of applications are going to continue to increase,” Derrington said.
What disaster recovery vendors now have to offer is a way to test disaster recovery plans without impacting employees or production applications, he said.
“It actually is possible with what we have from Symantec,” he said.
The business consequences of a disaster turned out to be pretty much what Symantec was expecting to see, Derrington said. Of the respondents who had experienced a disaster, 69 percent cited damage to their brand reputation, 65 percent cited an impact on customer loyalty, 65 percent said the disaster impacted their competitive standing and 64 percent said they were concerned about data loss.
“A DR plan is going to protect the customer’s business in the event of something happening,” Derrington said.
This columns was written by Chris Talbot of ConnectIT
a>>
