Symantec 2010 Disaster Recovery Study

2010 Symantec Disaster Recovery Study

Global Results

Methodology

• Applied Research performed survey

• 1,700 enterprises worldwide

• 5,000 employees or more

• Cross-industry

2

Key Findings

• Virtualization and Cloud Make DR Complex

• The Downtime Recovery Gap

• Impact of Disaster Recovery Testing

• Recommendations

3

4

Virtualization and Cloud Make DR Complex

Virtual Environments Protected Properly?

• 56% of data on virtual systems is regularly backed up

• Only 20% of virtual environments protected by replication or failover technologies

5

Lack of Tools, Decrease of Virtual Protection

• 58% report different tools for virtual and physical environments is a challenge

• Virtualization led 84% to reevaluate DR plans in 2010

• 60% of virtualized environments not covered in DR plans

6

Storage and Resource Constraints an Issue

• 59% identified resource constraints (people, budget, and space) as the top challenge when backing up virtual machines

• 57% state that the lack of primary and 60% state that lack of backup storage hampers protecting mission critical data

7

Cloud Causes Security and Control Issues

• Organizations put 50% of applications in the cloud

• 66% say security is main concern of cloud

• 55% say control is biggest challenge of cloud

8

9

The Downtime Recovery Gap

Downtime Recovery Gap

• Expectation of downtime for outage = 2 hours

• Actual downtime in last 12 months = 5 hours

• Median of 4 incidents in past 12 months

10

Major Causes of Downtime

• 72% experience downtime from system upgrades (50.9 hours)

• 70% experience downtime from power outages and failures (11.3 hours)

• 26% conducted a power outage and failure impact assessment

• 63% experience cyber attacks (52.7 hours)

11

12

Impact of Disaster Recovery Testing

Improvement In Testing Frequency and Success

• 82% test more frequently than once a year

• Significant increase from 66% who reported same in 2009

• 40% of tests fail to meet RTO/RPOs

13

Reasons for not testing

• Budget (60%)

• Disruption to employees (59%)

• Disruption to customers, sales & revenue stream (24%)

• Lack of people’s time (26%)

• Cost of testing: $606,948

14

15

Symantec Recommendations

Recommendations

• Ensure that mission-critical data and applications are treated the same across environments (virtual, cloud, physical) in terms of DR assessments and planning

• Use integrated tool sets for managing physical, virtual and cloud environments to save time, training costs and help better automate processes.

• Embrace low-impact backup methods and deduplication to ensure that mission-critical data in virtual environments is backed up, efficiently replicated off campus

• Prioritize planning activities and tools that automate and perform processes which minimize downtime during system upgrades

• Implement solutions that detect issues, reduce downtime and recover faster to be more in line with expectations

• Don’t cut corners on basic technologies and processes that protect in case of an outage

17

AppendixAll questions included

Demographics

Company titles

24%

43%

7%

17%

7%

2%

0% 10% 20% 30% 40% 50%

Chief Information Officer (CIO) / Chief Technology Officer (CTO)

VP / SVP

Data Center Maanger or Data Center Director

IT Manager

IT Staff

Other (Please specify)

D: What is your title?

Industries

10%

10%

10%

9%

8%

7%

7%

7%

7%

4%

4%

3%

3%

3%

3%

2%

2%

1%

0% 5% 10% 15% 20% 25%

Financial

Manufacturing

Technology

Telecommunications

Healthcare

Automotive

Consumer

Insurance

Retail

Education

Energy

Media

Online

Public sector

Transportation

Real estate


Hospitality

E: What is your market?

Data Center Questions

Downtime

72%

70%

69%

64%

63%

63%

63%

48%

47%

46%

46%

45%

44%

42%

42%

1%

0% 20% 40% 60% 80% 100%

System upgrades

Power outage / failure / issues

Fire

Configuration change management issues

Cyber attacks

Malicious employee behavior

Data leakage or loss

Flood

Hurricane

Earthquake

Tornado

Terrorism

Tsunami

Volcano

War


Q1: How many of each of the following has caused your organization to experience downtime in the past five years?

(Mark all that apply.)

Downtime

52.7

50.9

15.1

15.0

11.3

10.4

9.6

9.3

9.1

8.3

7.8

7.4

7.2

6.9

6.9

1.6

0.0 10.0 20.0 30.0 40.0 50.0 60.0

Cyber attacks

System upgrades


Fire



Terrorism

Earthquake


Flood

Hurricane

Tornado

War

Volcano

Tsunami


Q2: How many hours of downtime has your organization experienced in the past 12 months for each of the following?

(Means shown)

Downtime

48%

13%

8%

6%

4%

4%

4%

2%

2%

2%

2%

2%

1%

1%

1%

1%

0% 10% 20% 30% 40% 50%

System upgrades

Cyber attacks


Fire

Flood



Earthquake


Tsunami

Volcano

Terrorism

Hurricane

Tornado

War


Q3: As measured by hours of downtime, what is your number one cause of downtime?

Threat assessments

69%

67%

48%

48%

44%

26%

26%

25%

24%

23%

16%

6%

6%

5%

4%

1%

0% 20% 40% 60% 80% 100%

Cyber attacks

System upgrades

Earthquake

Terrorism

Hurricane




Fire


Flood

Tsunami

Tornado

Volcano

War


Q4: Which of the following threats has your organization conducted an impact assessment?

DR responsibility

61%

12%

9%

6%

4%

3%

2%

1%

1%

0%

0%

0% 20% 40% 60% 80% 100%

Chief Information Officer (CIO) / Chief Technology Officer (CTO)

IT Manager

Disaster Recovery Manager (DRM)

Data Center Manager or Data Center Director

VP / SVP

Business Continuity Manager (BCM)

IT Staff

External consultant / outsourcer

None - we do not have a disaster recovery committee


Don't know

Q5: Which person in your organization has the ultimate responsibility for managing the disaster recovery plan?

DR committees

65%

56%

32%

25%

25%

21%

18%

15%

11%

8%

8%

7%

1%

1%

1%

0% 20% 40% 60% 80% 100%

Disaster Recovery Manager (DRM)

Systems / infrastructure manager

Chief Information Officer (CIO) / Chief Technology Officer (CTO) / IT Director

Chief Executive Officer (CEO)

Chief Security Officer (CSO)

Divisional / Departmental IT manager

Chief Financial Officer (CFO)

Business Continuity Manager (BCM)

Line of business executives / managers

Other directors

External consultant

Non-IT senior managers

None - we do not have a disaster recovery committee


Don't know

Q6: Which of the following people are on your organization's disaster recovery committee?


DR plans

55%

50%

40%

23%

18%

16%

11%

0% 20% 40% 60% 80% 100%

HP-UX

AIX

Windows

Solaris

RedHat

VMware

SUSE Linux

Q9: What of the following are covered by your DR plan?(Mark all that apply.)

Replication

Yes92%

No8%

Q10a: Do you replicate critical applications between data centers?

Replication

69%

68%

65%

34%

0%

0% 20% 40% 60% 80% 100%

Database-based replication

Application-based replication

Array-based replication

Host-based replication

Other (please specify)

Q10b: What replication technologies are used?(Only asked of those who replicate critical applications between data centers)


Replication challenges

55%

25%

17%

3%

0% 20% 40% 60% 80% 100%

Complexity of replication solutions

Cost

Limited WAN bandwidth (too much data)

Hardware lock-in

Q11: What is your primary challenge with storage array-based replication?

Disaster impact

4% 5% 5% 5% 5% 6% 6% 7% 6%12%6% 7% 7% 8% 9% 7% 10% 11% 10%

10%

29%32% 32% 33% 32% 34%

32%32% 34%

31%

41%42% 44% 41% 39% 42% 37% 36% 40% 37%

19%14% 11% 13% 14% 11% 15% 14% 10% 10%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Data loss Cost of downtime

Reduction in profits

Reduction in revenue

Damage to competitive

standing in the marketplace

Configuration drift issues

Damage to brand

reputation

Damage to customer

loyalty

Damage to supplier

relationships

Decreased employee

productivity

Q13: How would you rate the potential impact that could results from a disaster your organization is concerned about?

1 - Absolutely no impact 2 - Low impact 3 - Neutral 4 - Somewhat high impact 5 - Extremely high impact

Downtime costs

$62,063

$55,324

$47,769

$42,265

$41,117

$39,590

$24,571

$21,748

$18,409

$10,523

$0 $10,000 $20,000 $30,000 $40,000 $50,000 $60,000 $70,000

Web servers

Custom line of business applications

Databases

ERPs / CRMs

Web commerce applications

Application servers

Messaging applications

Collaboration software

Email


Q14: What would you estimate is the cost of an hour of downtime for each of the following in your organization?

(Means shown)

Outages

Q15: How many outages did you have in the past 12 months?

Mean 13.8

Downtime

Q16: In your estimation, how long was the average time of downtime per incident in hours?

Mean 20.4

Disaster recovery budget

Q17: What is your annual disaster recovery budget?

Mean $964,599

Disaster recovery budget

31% 31%

67%

26%

3%

43%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Over the past 12 months In the next 12 months

Q18: In your opinion, which of the following best describes your disaster recovery budget?

1 - Increasing 2 - Staying the same 3 - Decreasing

Recession impact

12%

23%

17%

46%

2%

0% 10% 20% 30% 40% 50%

Extremely negative impact

Some negative impact

No impact whatsoever

Some positive impact

Extremely positive impact

Q19: How has the global recession impacted the resources available for your disaster recovery planning?

Annual IT budget

Q20: What is your total annual IT budget?

Mean $13,573,258

IT budget allocation

Q21: What percentage of your IT budget is allocated towards disaster recovery initiatives including backup, recovery, clustering, archiving, spare servers, replication, tape, services, DR plan development and offsite costs, etc.?

Median 26%

DR site status

72%

63%

17%

3%

0% 20% 40% 60% 80% 100%

It is hot standby

It is managed by an outside vendor

It is cold standby

We don't have a disaster recovery site

Q23: What is the status of your disaster recovery site?(Mark all that apply.)

Failover / recoveries

31%

29%

22%

18%

0% 10% 20% 30% 40% 50%

Same-site failover / recovery

Cloud failover / recovery

Campus failover / recovery

Global failover / recovery

Q24: What percentage of your failover / recoveries you perform is each of the following types?

(Means shown)

Recovery time

2.1

2.22.2

2.4

1.8

1.9

2.0

2.1

2.2

2.3

2.4

2.5

Skeleton operations Mostly back up and running 100 percent up and running Operations would be able to continue as normal despite the disaster

Q25: If a significant disaster were to occur at your organization that destroyed the main data center, how soon would the organization be

able to do each of the following?(In hours)

(Means shown)

Recovery objectives

Q26: for the Tier 1 applications in your disaster recovery plan, what are your recovery time objectives? What are your recovery point objectives? (Medians shown)

Recovery Time Objectives 4

Recovery Point Objectives 5

Recovery objectives

Q27: For virtualized applications in your disaster recovery plan, what are your recovery time objectives? What are your recovery point objectives? (Medians shown)

Recovery Time Objectives 4.0

Recovery Point Objectives 5.0

Reevaluation

14%

16%

52%

10%

4%

1%

1%

1%

1%

0% 20% 40% 60% 80% 100%

Monthly

Quarterly

Every 6 months

Once a year

Every 1 - 2 years

Every 2 - 3 years

Less frequently than every 3 years

On an ad-hoc basis

Never

Q28: How often do you reevaluate your TO / RPO requirements or change them for new applications?

Full scenario testing

16%

15%

51%

11%

3%

1%

1%

1%

1%

0% 20% 40% 60% 80% 100%

Monthly

Quarterly

Every 6 months

Once a year

Every 1 - 2 years

Every 2 - 3 years

Less frequently than every 3 years

On an ad-hoc basis

Never

Q29: How frequently does your organization carry out full scenario testing of its disaster recovery plan, involving relevant people,

processes, and technologies?

DR testing cost

Q30: How much did you spend in the past year on DR testing?

Mean $606,948

DR testing cost

Q31: What was the cost of testing your disaster recovery plans in the past year?

Mean $769,686

Successful tests

Q32: What percentage of disaster recovery tests successfully recovered critical data and applications within RTOs / RPOs?

Median 70%

Recovery barriers

3

3

3

3

3

2

0

0 1 2 3 4

Insufficient IT infrastructure at the DR site

Configuration issues

Discovery that the plan has become out of date

People do not do as they are supposed to

Processes turn out to be inappropriate

Technology does not do what it is supposed to


Q33: How many times did each of the following challenges prevent you from recovery within the RPOs / RTOs?

(Medians shown)

Testing barriers

60%

59%

26%

16%

15%

14%

13%

4%

3%

0%

0% 20% 40% 60% 80% 100%

Resources, in terms of budget

Disruption to employees

Resources, in terms of people's time

Disruption to customers

Lack the technology to run the test

Disruption to sales and the revenue stream

Other IT projects taking a higher priority

Not seen as a priority by top management

None


Q34: Which of the following do you consider to be barriers to running a full scenario test on your disaster recovery plan?


Deduplication

20%

19%

10%

48%

1%

1%

0% 10% 20% 30% 40% 50%

Considering / planning, but have not yet purchased capabilities

Purchased capabilities, but have not yet implemented

Implemented, but have not been able to see ROI

Implemented, able to demonstrate ROI

Implemented, fell short of ROI

Implemented, but too soon to demonstrate ROI

Q35: How far along are you in implementing deduplication?

Deduplication

Q36: How much budget would you estimate you save / would save by implementing deduplication?

Mean $893,405

Deduplication

Q37: How much storage space, in terms of gigabytes, would you estimate you save / would save by implementing deduplication?

Mean 45,735 GB

Appliance form vs. Software model

Appliance with software44%

Software delivery model56%

Q38: Do you prefer an appliance form factor with software for deduplication or a software delivery model built into existing backup

software that lets you use commodity hardware?

Reevaluating

Yes85%

No16%

Q39: Has implementing server virtualization caused you to reevaluate your disaster recovery plan?

Virtual servers

Q40: What percentage of virtual servers is covered in your disaster recovery plan?

Median 40%

Virtual applications

26%

25%

25%

23%

23%

22%

0%

0% 10% 20% 30% 40% 50%

Databases

Application servers

Web servers


ERPs / CRMs



Q41: What percentage of the following applications are being put into virtual environments at present?

(Medians shown)


26%

25%

25%

24%

22%

22%

0%

0% 10% 20% 30% 40% 50%

Databases

Application servers

Web servers

ERPs / CRMs




Q42: What percentage of each of the following applications will be put into virtual environments 12 months from now?

(Medians shown)

Virtual servers

30%

30%

30%

30%

0% 10% 20% 30% 40% 50%

Application test environment

Patch testing environment

Application development environment

Production environment

Q43: What percentage of the servers in your data centers are being virtualized in each of the following?

(Medians shown)

Backing up virtual environments

50%

30%

30%

24%

0% 20% 40% 60% 80% 100%

We utilize off-host technology (e.g., VMware VCB / v-Storage API) for "client-less" backups of VMs

Like a physical machine - standard Client (non deduplication) inside each virtual machine

Like a physical machine - except with deduplication client inside each virtual machine

Not backing up virtual machines

Q44: How do you back up virtual environments?(Medians shown)

Virtualization

60%

60%

53%

29%

25%

13%

10%

8%

2%

0% 20% 40% 60% 80% 100%

Performance

Manpower / human resources

Application vendor support issues

Cost

Skills

Storage inefficiencies / storage costs too high

Inability to meet service levels / availability requirements of the business

Ability to recover and manage virtual environments

Haven't though much about it

Q45: What are the main reasons you have not virtualized more applications?


Virtual server testing

9%

50%

14%

13%

7%

5%

2%

2%

0% 20% 40% 60% 80% 100%

Daily

Weekly

Monthly

Quarterly

Semi-annually

Yearly

Less than once a year

Never

Q46: How often do you test virtual servers as part of your disaster recovery plan?

Challenges

60%

57%

55%

39%

37%

19%

15%

7%

1%

0% 20% 40% 60% 80% 100%

Lack of available backup storage capacity

Lack of primary storage capacity

Lack of automated recovery

Insufficient backup tools

Lack of enterprise high availability

Lack of enterprise storage management

Different tools for physical and virtual environments

Lack of scalability


Q47: What challenges have you faced in protecting mission critical data and applications in virtual environments?


Challenges

38% 35%30%

35%30%

49%

20% 16%

38%

28%30%

30%29%

30%

21%

23% 30%

44%

34% 36%40%

36%40%

30%

58% 54%

19%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Lack of available backup storage

capacity

Lack of primary storage capacity

Lack of automated

recovery

Insufficient backup tools

Lack of enterprise high

availability

Lack of enterprise

storage management

Different tools for physical and

virtual environments

Lack of scalability


Q48: How much of a challenge do each of the following present in protecting mission critical data and applications in virtual

environments?

1 - Small Challenge 2 - Neutral 3 - Large Challenge


25%

23%

22%

21%

20%

20%

20%

20%

0% 10% 20% 30% 40% 50%

Disk backup

Continuous data protection

Tape backup

Online / cloud storage (ie online)

Optical removable media (CDs, DVDs, Blu-ray, etc.)

Data replication

High availability failover

Global or wide area failover

Q49: What percentage of your organization's data and mission critical applications in virtual environments are protected by each of the

following?(Medians shown)

Data backup

Q50: What percentage of the data on your virtual systems isregularly backed up?

Median 56%

Virtual backup

18%

54%

12%

9%

4%

2%

0%

1%

0% 20% 40% 60% 80% 100%

Daily

Weekly

Monthly

Quarterly

Semi-annually

Yearly

Less than once a year

Never

Q51: How often do you back up the data on your virtual systems?

Virtual backup challenges

59%

16%

16%

5%

4%

0% 20% 40% 60% 80% 100%

Resource constraints (people, budgets, and space)

Application-consistent backups

Lack of efficient technology / hardware / software

Lack of efficient restore options

Too much time required

Q52: What is the top challenge with backing up virtual machines as opposed to physical ones?

Email recovery

34%

26%

16%

14%

5%

4%

1%

0% 10% 20% 30% 40% 50%

Continuous data protection

Email as a service

Global failover

Local failover

Regular backup

Cloud-based hosting

Protecting data with snapshots

Q53: In terms of email or Exchange, which of the following is your primary disaster recovery strategy?

Multi-tiered services

62%

57%

25%

18%

14%

9%

2%

0% 20% 40% 60% 80% 100%

Failure to protect all components of the IT service

Lack of coordination between application and data recovery solutions

Having inconsisten levels of protection for different components of the IT service

Lack of understanding application dependencies

Using manual recovery of the application, which is slow and increases the risk of error

Cross-functional teamwork and communication is lacking


Q54: What challenges does your organization have with managing high availability and disaster recovery for multi-tiered IT services?


Multi-tiered services

Q55: How many hours does it take to recover your multi-tiered services?

Mean 22.8

Cloud storage

61%

23%

7%

8%

0% 20% 40% 60% 80% 100%

Considering / planning, but have not yet purchased capabilities

Purchased capabilities, but have not yet implemented

Not considering

Already implemented

Q56: How far along are you in implementing cloud storage?

Cloud storage

14%

65%

11%

9%

0% 20% 40% 60% 80% 100%

Have not been able to see ROI

Are able to demonstrate ROI

Fell short of ROI

Too soon to demonstrate

Q57: Have you been able to measure an ROI for cloud storage?

Cloud computing

57%

17%

11%

6%

6%

4%

0% 20% 40% 60% 80% 100%

Software as a service

Backup to the cloud

Failover to the cloud

Not using cloud computing

Recovery from the cloud

Deploying cloud applications

Q58: How are you using cloud computing initiatives to help with your data center's disaster recovery plan?

Cloud computing impact

16%

67%

13%

4%

0%

0% 20% 40% 60% 80% 100%

Extremely easier

Easier

No change

More difficult

Extremely difficult

Q59: What has been the impact of cloud computing to your disaster recovery plan?

Cloud computing challenges

55%

14%

14%

12%

4%

1%

0% 20% 40% 60% 80% 100%

Control failovers / make resources highly available

Control of management of resources

Ability to backup

Security

Expertise


Q60: What are the biggest disaster recovery challenges you face when considering implementing cloud computing / cloud storage?

Cloud computing policies

Yes85%

No15%

Q61: Do you have written guidelines or policies in place for approving cloud applications that use business sensitive or confidential

information?

Cloud computing

55%

25%

14%

5%

1%

0% 20% 40% 60% 80% 100%

CEO

CIO / CTO

IT managers

Employee end users / business managers

Employees who implement their own

Q62: Who drives cloud computing initiatives?

Cloud computing

50% 50%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Mission-critical applications Non-mission critical applications

Q63: What percentages of the following types of applications are you putting into the cloud?

(Medians shown)

Cloud computing concerns

66%

14%

12%

6%

3%

0% 20% 40% 60% 80% 100%

Security

Accessibility

Control

Management

Backup

Q64: What is the biggest concern with putting mission-critical applications in the cloud?

Date post:	28-Nov-2014
Category:	Technology
Upload:	symantec
View:	4,933 times
Download:	3 times