2008 symantec disaster recovery
DESCRIPTION
drTRANSCRIPT
Disaster Recovery Survey Summary
Results
2
Methodology
• Data collection
– Phone data collection methodology was used to collect data.
– 1,000 completes were obtained from qualified respondents (i.e., IT and C-Level decision makers; with 500 or more employees within their company; with a disaster recovery plan in place).
– Results reflect global findings.
• Questions were designed to elicit issues surrounding:
– Implementation of disaster recovery strategies.
A questionnaire developed by Connect PR was fielded by Applied Research-West, Inc. in July, 2008.
Key Findings
Disaster Recovery Survey Summary
4
Disaster Recovery Survey Summary
0%
6%
3%
21%
41%
42%
43%
46%
49%
54%
63%
66%
75%
0% 20% 40% 60% 80% 100%
Other
Don't Know
Never
Man-made disasters (war & terrorism)
Natural disasters (fire, flood)
Configuration change management issues
Data leakage or loss
Internal computer threats (accidental & malicious
employee behavior)
User error
IT problem management
External computer threats (viruses & hackers)
Power outage/failure/issues
Computer system failure (hardware & software)
Which of the following has your organization ever experienced? (Multiple Response)
5
100%
0%0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Yes No
Are you involved in the implementation and day-to-day management of your organization’s disaster recovery plan?
Disaster Recovery Survey Summary
6
2%
11%
5%
44%
35%
23%
25%
31%
15%
26%
30%
45%
17%
34%
0% 20% 40% 60% 80%
Other
Don't Know
None of these
Increased concern over data loss, such as
customer names/order details etc.
Changes in technology infrastructure
Pressure from customers, suppliers and the
competition
Insurance policy
Government and industry sector regulations
Appointment of a senior non-IT person
Appointment of a senior IT person
Accidental or malicious employee behavior
Virus attacks
War and/or terrorism
Natural disasters
Which of the following prompted your organization to first create a disaster recovery strategy and plan? (Multiple Response)
Disaster Recovery Survey Summary
7
2%
0%
0%
1%
3%
2%
6%
40%
18%
28%
0% 20% 40% 60%
Other
Don't Know
None - we do not have a disaster recovery
committee
External consultant
Database/application manager
Storage IT manager
Backup IT manager
Chief Information Office (CIO)/Chief Technology
Office (CTO)/IT director
Systems/infrastructure manager
Divisional/departmental IT manager
Which person is responsible for managing your organization’s disaster recovery plan?
Disaster Recovery Survey Summary
8
2%
0%
1%
3%
5%
5%
6%
6%
8%
14%
17%
28%
33%
0% 20% 40% 60%
Other
Don't know
None
External consultant
Non-IT managers
Other directors
Chief Executive Officer
Chief Financial Officer
Line of business executives/managers
Chief Security Officer
Systems/Infrastructure manager
Divisional/departmental IT manager
C-level (CIO, CTO, IT Director)
Which of the following people are on your organization’s disaster recovery committee? (Multiple Response)
Disaster Recovery Survey Summary
9
Which of the following technology types do you have and which are covered by the DR plan? (Multiple Response)
Disaster Recovery Survey Summary
Have in
organization
Covered by
DR plan
Database servers 46% 54%
Applications (ie ERP, etc.) 46% 54%
Email 50% 50%
Web servers 45% 55%
Desktop environment 62% 39%
Laptop environment 65% 35%
Mobile technology such as handheld devices 68% 33%
Remote offices 57% 43%
Home workers' PCS 69% 31%
10
1%
9%
4%
48%
51%
43%
54%
65%
67%
44%
51%
0% 20% 40% 60% 80%
Other
Don't Know
None of these
Data leakage or loss
IT problem management
Configuration change management issues
Internal computer threats (accidental & malicious
employee behavior)
External computer threats (viruses & hackers)
Computer system failure (hardware & software)
Man-made disasters (war & terrorism)
Natural disasters (fire, flood)
Without your disaster recovery plan, which of the following threats or disasters would your organization consider itself exposed to? (Multiple Response)
Disaster Recovery Survey Summary
11
0%
2%
0%
53%
59%
60%
67%
72%
81%
64%
73%
0% 20% 40% 60% 80% 100%
Other
Don't Know
None of these
Data leakage or loss
IT problem management
Configuration change management issues
Internal computer threats (accidental & malicious
employee behavior)
External computer threats (viruses & hackers)
Computer system failure (hardware & software)
Man-made disasters (war & terrorism)
Natural disasters (fire, flood)
Which of the following threats has your organization conducted an impact assessment? (Multiple Response)
Disaster Recovery Survey Summary
12
Which of the following potential impacts or consequences that could result from a disaster is your organization most concerned about? Please select your top 5 from the list. (Multiple Response)
2%
4%
6%
62%
48%
48%
75%
44%
32%
51%
56%
51%
0% 20% 40% 60% 80% 100%
Other
Don't know
None of these
Cost of downtime
Reduction in revenue
Reduction in profits
Data loss
Damage to competitive standing in the
market place
Damage to supplier relationships
Damage to brand reputation
Damage to customer loyalty
Decreased employee productivity
Disaster Recovery Survey Summary
13
What is the status of your disaster recovery site? (Multiple Response)
13%
17%
29%
25%
35%
33%
17%
21%
0% 10% 20% 30% 40% 50% 60% 70% 80%
It is cold standby (hardware is available if
needed, but running)
It is hot standby (hardware are powered on
and ready to go)
Recovery is automated
Recovery process is manual
We use multiple business locations as
disaster recovery sites
We use a remote business location as a
disaster recovery site
We don't have a disaster recovery site
Managed by an outside vendor
Disaster Recovery Survey Summary
14
Disaster Recovery Survey Summary
What percentage of your organization’s applications does it consider to be business-critical and what are the applications?
Mean: 56
Business Critical Applications:SAPERPCRM
Financial
15
Disaster Recovery Survey Summary
If a significant fire disaster were to occur at your organization that completely obliterated the main data center, how soon would the organization be able to do each of the following:
Achieve Skeleton Operations %
1 day 31%
1 hour 6%
1 week 4%
12 hours 3%
2 days 7%
3 days 3%
Other 46%
Get mostly back up and running %
1 day 20%
1 hour 1%
1 week 15%
12 hours 3%
2 days 10%
3 days 8%
2 weeks 5%
Other 39%
Have 100% normal operations %
1 day 14%
1 week 15%
12 hours 1%
2 days 9%
3 days 8%
2 weeks 8%
1 month 9%
3 weeks 4%
Other 33%
16
Disaster Recovery Survey Summary
For your tier one applications in your disaster recovery plan, what are your recovery time objectives (in terms of hours/minutes)? What are your recovery point objectives (in terms of hours/minutes)?
Recovery time
objectives (Mean) 30 hours
Recovery point
objectives (Mean) 28 hours
17
Disaster Recovery Survey Summary
Under what circumstances have you ever had to actually execute your disaster recovery plan, either in full or in part (excluding drills/tests)? (Multiple Response)
1%
12%
16%
26%
14%
22%
23%
18%
21%
28%
36%
15%
23%
0% 10% 20% 30% 40% 50%
Other (please specify)
Don’t know
Never
Power outage/failure/issues
User error
Data leakage or loss
IT problem management
Configuration change management issues
Internal computer threats, e.g. accidental and malicious
employee behavior
External computer threats, e.g. viruses and hackers
Computer system failure, i.e. hardware and software
Man-made disasters, e.g. war and terrorism
Natural disasters, e.g. fire, flood
18
Disaster Recovery Survey Summary
How frequently does your organization carry out full scenario testing of its disaster recovery plan, involving relevant people, processes and technologies?
14%
7%
4%
1%
2%
4%
15%
21%
16%
19%
0% 10% 20% 30% 40% 50% 60% 70% 80%
Don’t know
Never
On an ad-hoc basis
Less frequently than every 3 years
Every 2-3 years
Every 1-2 years
Once a year
Every 6 months
Every 3 months
Monthly
19
Disaster Recovery Survey Summary
What percentage of disaster recovery tests successfully recovered critical data and applications within RTOs/RPOs (recovery time objectives/recovery point objectives)?
Mean: 70
20
Disaster Recovery Survey Summary
Which of the following reasons accounts for why full scenario tests have failed? (Multiple Response)
19%
16%
2%
25%
24%
29%
35%
23%
0% 10% 20% 30% 40% 50%
Don’t know
Our tests have not failed
Other (please specify)
Insufficient IT infrastructure at the DR site
Discovery that the plan has become out of date
Technology does not do what it is supposed to
People do not do as they are supposed to
Processes turn out to be inappropriate
21
Disaster Recovery Survey Summary
Which of the following do you consider to be barriers to running a full scenario test on your disaster recovery plan? (Multiple Response)
15%
9%
1%
6%
20%
21%
31%
39%
37%
39%
32%
0% 10% 20% 30% 40% 50% 60% 70% 80%
Don’t know
None
Other (please specify)
Not seen as a priority by top management
Other IT projects taking a higher priority
Disruption to sales and the revenue stream
Disruption to uptime an/or downtime of
production systems
Disruption to customers
Disruption to employees
Resources, in terms of budget
Resources, in terms of people’s time
22
Disaster Recovery Survey Summary
Of the applications that are running on virtual servers what is their relative importance to the business?
23%
44%
34%
0% 10% 20% 30% 40% 50%
Even the most critical
applications are being
virtualized
All but the most
critical applications are
being virtualized
Only the least critical
applications are being
virtualized
23
Disaster Recovery Survey Summary
What applications are being put into virtual environments?
21%
30%
44%
52%
57%
57%
0% 10% 20% 30% 40% 50% 60% 70% 80%
Custom line of business applications
Messaging applications
Infrastructure servers such as File Servers, Print
Servers, Domain Name Controllers
Web servers
Application servers
Databases
24
Disaster Recovery Survey Summary
Mean: 44
Mean: 42
What percentage of the servers in your data centers are being virtualized in each of the following?
Mean: 43
Test environment
Application development environment
Production environment
25
Disaster Recovery Survey Summary
What percentage of your virtual servers is covered in your disaster recovery plan?
Mean: 65
26
Disaster Recovery Survey Summary
Has implementing server virtualization caused you to reevaluate your disaster recovery plan?
55%
45%
0%
10%
20%
30%
40%
50%
60%
70%
Yes No
27
Disaster Recovery Survey Summary
What are some challenges in protecting mission critical data and applications in virtual environments?
4%
16%
35%
33%
27%
33%
28%
0% 10% 20% 30% 40% 50%
Other
Lack of scalability
Different tools for physical and virtual
environments.
Lack of automated recovery
Lack of enterprise high availability
Insufficient backup tools
Lack of enterprise storage management
28
Disaster Recovery Survey Summary
How are data and mission critical applications being protected in virtual environments?
(Multiple Response)
21%
18%
23%
31%
36%
31%
50%
37%
0% 10% 20% 30% 40% 50%
Data replication
Global or wide area
clustering
High availability
clustering
Continuous data
protection
Off-host/offsite
storage (ie online)
Optical media
Disk backup
Tape backup
29
Disaster Recovery Survey Summary
What percentage of the data on your virtual systems is regularly backed up?
4%
1%
2%
6%
6%
11%
7%
14%
37%
11%
0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%
0 – 9 percent
10 – 19 percent
20 – 29 percent
30 – 39 percent
40 – 49 percent
50 – 59 percent
60 – 69 percent
70 – 79 percent
80 – 89 percent
90 – 100 percent
30
Disaster Recovery Survey Summary
What is the top challenge with backing up virtual machines?
21%
54%
25%
0% 10% 20% 30% 40% 50% 60% 70%
Too much time
required
Resource constraints
Lack of efficient
technology/software
31
Disaster Recovery Survey Summary
What challenges does your organization have with multi-tiered applications, i.e., SAP applications, complex online applications, etc.? (Multiple Response)
20%
27%
32%
33%
34%
30%
0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%
Lack of coordination between application and
data recovery solutions
Backing up/protecting data but not providing
automation on application recovery
Having inconsistent levels of protection for
different components of an application
Failure to protect all components of a multi-
tiered application
Lack of understanding of application
dependencies
Insufficient availability requirements from the
business due to large number of diverse users