Symantec 2010 Disaster Recovery Study

2010 Symantec Disaster Recovery Study Global Results

Methodology • Applied Research performed survey • 1,700 enterprises worldwide • 5,000 employees or more • Cross-industry 2

Key Findings • Virtualization and Cloud Make DR Complex • The Downtime Recovery Gap • Impact of Disaster Recovery Testing • Recommendations 3

Virtualization and Cloud Make DR Complex 4

Virtual Environments Protected Properly? • 56% of data on virtual systems is regularly backed up • Only 20% of virtual environments protected by replication or failover technologies 5

Lack of Tools, Decrease of Virtual Protection • 58% report different tools for virtual and physical environments is a challenge • Virtualization led 84% to reevaluate DR plans in 2010 • 60% of virtualized environments not covered in DR plans 6

Storage and Resource Constraints an Issue • 59% identified resource constraints (people, budget, and space) as the top challenge when backing up virtual machines • 57% state that the lack of primary and 60% state that lack of backup storage hampers protecting mission critical data 7

Cloud Causes Security and Control Issues • Organizations put 50% of applications in the cloud • 66% say security is main concern of cloud • 55% say control is biggest challenge of cloud 8

The Downtime Recovery Gap 9

Downtime Recovery Gap • Expectation of downtime for outage = 2 hours • Actual downtime in last 12 months = 5 hours • Median of 4 incidents in past 12 months 10

Major Causes of Downtime • 72% experience downtime from system upgrades (50.9 hours) • 70% experience downtime from power outages and failures (11.3 hours) • 26% conducted a power outage and failure impact assessment • 63% experience cyber attacks (52.7 hours) 11

Impact of Disaster Recovery Testing 12

Improvement In Testing Frequency and Success • 82% test more frequently than once a year • Significant increase from 66% who reported same in 2009 • 40% of tests fail to meet RTO/RPOs 13

Reasons for not testing • Budget (60%) • Disruption to employees (59%) • Disruption to customers, sales & revenue stream (24%) • Lack of people’s time (26%) • Cost of testing: $606,948 14

Symantec Recommendations 15

Recommendations • Ensure that mission-critical data and applications are treated the same across environments (virtual, cloud, physical) in terms of DR assessments and planning • Use integrated tool sets for managing physical, virtual and cloud environments to save time, training costs and help better automate processes. • Embrace low-impact backup methods and deduplication to ensure that mission-critical data in virtual environments is backed up, efficiently replicated off campus • Prioritize planning activities and tools that automate and perform processes which minimize downtime during system upgrades • Implement solutions that detect issues, reduce downtime and recover faster to be more in line with expectations • Don’t cut corners on basic technologies and processes that protect in case of an outage

Appendix All questions included 17

Demographics

Company titles D: What is your title? 0% 10% 20% 30% 40% 50% Chief Information Officer (CIO) / Chief Technology Officer (CTO) 24% VP / SVP 43% Data Center Maanger or Data Center Director 7% IT Manager 17% IT Staff 7% Other (Please specify) 2%

Industries E: What is your market? 0% 5% 10% 15% 20% 25% Financial 10% Manufacturing 10% Technology 10% Telecommunications 9% Healthcare 8% Automotive 7% Consumer 7% Insurance 7% Retail 7% Education 4% Energy 4% Media 3% Online 3% Public sector 3% Transportation 3% Real estate 2% Other (Please specify) 2% Hospitality 1%

Data Center Questions

Downtime Q1: How many of each of the following has caused your organization to experience downtime in the past five years? (Mark all that apply.) 0% 20% 40% 60% 80% 100% System upgrades 72% Power outage / failure / issues 70% Fire 69% Configuration change management issues 64% Cyber attacks 63% Malicious employee behavior 63% Data leakage or loss 63% Flood 48% Hurricane 47% Earthquake 46% Tornado 46% Terrorism 45% Tsunami 44% Volcano 42% War 42% Other (Please specify) 1%

Downtime Q2: How many hours of downtime has your organization experienced in the past 12 months for each of the following? (Means shown) 0.0 10.0 20.0 30.0 40.0 50.0 60.0 Cyber attacks 52.7 System upgrades 50.9 Configuration change management issues 15.1 Fire 15.0 Power outage / failure / issues 11.3 Malicious employee behavior 10.4 Terrorism 9.6 Earthquake 9.3 Data leakage or loss 9.1 Flood 8.3 Hurricane 7.8 Tornado 7.4 War 7.2 Volcano 6.9 Tsunami 6.9 Other (Please specify) 1.6

Downtime Q3: As measured by hours of downtime, what is your number one cause of downtime? 0% 10% 20% 30% 40% 50% System upgrades 48% Cyber attacks 13% Power outage / failure / issues 8% Fire 6% Flood 4% Configuration change management issues 4% Data leakage or loss 4% Earthquake 2% Malicious employee behavior 2% Tsunami 2% Volcano 2% Terrorism 2% Hurricane 1% Tornado 1% War 1% Other (Please specify) 1%

Threat assessments Q4: Which of the following threats has your organization conducted an impact assessment? 0% 20% 40% 60% 80% 100% Cyber attacks 69% System upgrades 67% Earthquake 48% Terrorism 48% Hurricane 44% Power outage / failure / issues 26% Data leakage or loss 26% Configuration change management issues 25% Fire 24% Malicious employee behavior 23% Flood 16% Tsunami 6% Tornado 6% Volcano 5% War 4% Other (Please specify) 1%

DR responsibility Q5: Which person in your organization has the ultimate responsibility for managing the disaster recovery plan? 0% 20% 40% 60% 80% 100% Chief Information Officer (CIO) / Chief Technology Officer (CTO) 61% IT Manager 12% Disaster Recovery Manager (DRM) 9% Data Center Manager or Data Center Director 6% VP / SVP 4% Business Continuity Manager (BCM) 3% IT Staff 2% External consultant / outsourcer 1% None - we do not have a disaster recovery committee 1% Other (Please specify) 0% Don't know 0%

DR committees Q6: Which of the following people are on your organization's disaster recovery committee? (Mark all that apply.) 0% 20% 40% 60% 80% 100% Disaster Recovery Manager (DRM) 65% Systems / infrastructure manager 56% Chief Information Officer (CIO) / Chief Technology Officer (CTO) / IT Director 32% Chief Executive Officer (CEO) 25% Chief Security Officer (CSO) 25% Divisional / Departmental IT manager 21% Chief Financial Officer (CFO) 18% Business Continuity Manager (BCM) 15% Line of business executives / managers 11% Other directors 8% External consultant 8% Non-IT senior managers 7% None - we do not have a disaster recovery committee 1% Other (Please specify) 1% Don't know 1%

DR plans Q9: What of the following are covered by your DR plan? (Mark all that apply.) 0% 20% 40% 60% 80% 100% HP-UX 55% AIX 50% Windows 40% Solaris 23% RedHat 18% VMware 16% SUSE Linux 11%

Replication Q10a: Do you replicate critical applications between data centers? No 8% Yes 92%

Replication Q10b: What replication technologies are used? (Only asked of those who replicate critical applications between data centers) (Mark all that apply.) 0% 20% 40% 60% 80% 100% Database-based replication 69% Application-based replication 68% Array-based replication 65% Host-based replication 34% Other (please specify) 0%

Replication challenges Q11: What is your primary challenge with storage array-based replication? 0% 20% 40% 60% 80% 100% Complexity of replication solutions 55% Cost 25% Limited WAN bandwidth (too much data) 17% Hardware lock-in 3%

Disaster impact Q13: How would you rate the potential impact that could results from a disaster your organization is concerned about? 1 - Absolutely no impact 2 - Low impact 3 - Neutral 4 - Somewhat high impact 5 - Extremely high impact 100% 11% 13% 11% 14% 10% 10% 14% 14% 15% 90% 19% 80% 70% 40% 37% 44% 41% 39% 42% 37% 36% 42% 60% 41% 50% 40% 31% 32% 34% 30% 33% 32% 32% 32% 32% 34% 29% 20% 10% 10% 11% 10% 10% 7% 7% 8% 9% 7% 6% 12% 4% 5% 5% 5% 5% 6% 6% 7% 6% 0% Data loss Cost of Reduction in Reduction in Damage to Configuration Damage to Damage to Damage to Decreased downtime profits revenue competitive drift issues brand customer supplier employee standing in the reputation loyalty relationships productivity marketplace

Downtime costs Q14: What would you estimate is the cost of an hour of downtime for each of the following in your organization? (Means shown) $0 $10,000 $20,000 $30,000 $40,000 $50,000 $60,000 $70,000 Web servers $62,063 Custom line of business applications $55,324 Databases $47,769 ERPs / CRMs $42,265 Web commerce applications $41,117 Application servers $39,590 Messaging applications $24,571 Collaboration software $21,748 Email $18,409 Other (Please specify) $10,523

Outages Q15: How many outages did you have in the past 12 months? Mean 13.8

Downtime Q16: In your estimation, how long was the average time of downtime per incident in hours? Mean 20.4

Disaster recovery budget Q17: What is your annual disaster recovery budget? Mean $964,599

Disaster recovery budget Q18: In your opinion, which of the following best describes your disaster recovery budget? 1 - Increasing 2 - Staying the same 3 - Decreasing 100% 3% 90% 80% 43% 70% 67% 60% 50% 26% 40% 30% 20% 31% 31% 10% 0% Over the past 12 months In the next 12 months

Recession impact Q19: How has the global recession impacted the resources available for your disaster recovery planning? 0% 10% 20% 30% 40% 50% Extremely negative impact 12% Some negative impact 23% No impact whatsoever 17% Some positive impact 46% Extremely positive impact 2%

Annual IT budget Q20: What is your total annual IT budget? Mean $13,573,258

IT budget allocation Q21: What percentage of your IT budget is allocated towards disaster recovery initiatives including backup, recovery, clustering, archiving, spare servers, replication, tape, services, DR plan development and offsite costs, etc.? Median 26%

DR site status Q23: What is the status of your disaster recovery site? (Mark all that apply.) 0% 20% 40% 60% 80% 100% It is hot standby 72% It is managed by an outside vendor 63% It is cold standby 17% We don't have a disaster recovery site 3%

Failover / recoveries Q24: What percentage of your failover / recoveries you perform is each of the following types? (Means shown) 0% 10% 20% 30% 40% 50% Same-site failover / recovery 31% Cloud failover / recovery 29% Campus failover / recovery 22% Global failover / recovery 18%

Recovery time Q25: If a significant disaster were to occur at your organization that destroyed the main data center, how soon would the organization be able to do each of the following? (In hours) (Means shown) 2.5 2.4 2.4 2.3 2.2 2.2 2.2 2.1 2.1 2.0 1.9 1.8 Skeleton operations Mostly back up and running 100 percent up and running Operations would be able to continue as normal despite the disaster

Recovery objectives Q26: for the Tier 1 applications in your disaster recovery plan, what are your recovery time objectives? What are your recovery point objectives? (Medians shown) Recovery Time Objectives 4 Recovery Point Objectives 5

Recovery objectives Q27: For virtualized applications in your disaster recovery plan, what are your recovery time objectives? What are your recovery point objectives? (Medians shown) Recovery Time Objectives 4.0 Recovery Point Objectives 5.0

Reevaluation Q28: How often do you reevaluate your TO / RPO requirements or change them for new applications? 0% 20% 40% 60% 80% 100% Monthly 14% Quarterly 16% Every 6 months 52% Once a year 10% Every 1 - 2 years 4% Every 2 - 3 years 1% Less frequently than every 3 years 1% On an ad-hoc basis 1% Never 1%

Full scenario testing Q29: How frequently does your organization carry out full scenario testing of its disaster recovery plan, involving relevant people, processes, and technologies? 0% 20% 40% 60% 80% 100% Monthly 16% Quarterly 15% Every 6 months 51% Once a year 11% Every 1 - 2 years 3% Every 2 - 3 years 1% Less frequently than every 3 years 1% On an ad-hoc basis 1% Never 1%

DR testing cost Q30: How much did you spend in the past year on DR testing? Mean $606,948

DR testing cost Q31: What was the cost of testing your disaster recovery plans in the past year? Mean $769,686

Successful tests Q32: What percentage of disaster recovery tests successfully recovered critical data and applications within RTOs / RPOs? Median 70%

Recovery barriers Q33: How many times did each of the following challenges prevent you from recovery within the RPOs / RTOs? (Medians shown) 0 1 2 3 4 Insufficient IT infrastructure at the DR site 3 Configuration issues 3 Discovery that the plan has become out of date 3 People do not do as they are supposed to 3 Processes turn out to be inappropriate 3 Technology does not do what it is supposed to 2 Other (Please specify) 0

Testing barriers Q34: Which of the following do you consider to be barriers to running a full scenario test on your disaster recovery plan? (Mark all that apply.) 0% 20% 40% 60% 80% 100% Resources, in terms of budget 60% Disruption to employees 59% Resources, in terms of people's time 26% Disruption to customers 16% Lack the technology to run the test 15% Disruption to sales and the revenue stream 14% Other IT projects taking a higher priority 13% Not seen as a priority by top management 4% None 3% Other (Please specify) 0%

Deduplication Q35: How far along are you in implementing deduplication? 0% 10% 20% 30% 40% 50% Considering / planning, but have not yet purchased capabilities 20% Purchased capabilities, but have not yet implemented 19% Implemented, but have not been able to see ROI 10% Implemented, able to demonstrate ROI 48% Implemented, fell short of ROI 1% Implemented, but too soon to demonstrate ROI 1%

Deduplication Q36: How much budget would you estimate you save / would save by implementing deduplication? Mean $893,405

Deduplication Q37: How much storage space, in terms of gigabytes, would you estimate you save / would save by implementing deduplication? Mean 45,735 GB

Appliance form vs. Software model Q38: Do you prefer an appliance form factor with software for deduplication or a software delivery model built into existing backup software that lets you use commodity hardware? Appliance with software 44% Software delivery model 56%

Reevaluating Q39: Has implementing server virtualization caused you to reevaluate your disaster recovery plan? No 16% Yes 85%

Virtual servers Q40: What percentage of virtual servers is covered in your disaster recovery plan? Median 40%

Virtual applications Q41: What percentage of the following applications are being put into virtual environments at present? (Medians shown) 0% 10% 20% 30% 40% 50% Databases 26% Application servers 25% Web servers 25% Messaging applications 23% ERPs / CRMs 23% Custom line of business applications 22% Other (Please specify) 0%

Virtual applications Q42: What percentage of each of the following applications will be put into virtual environments 12 months from now? (Medians shown) 0% 10% 20% 30% 40% 50% Databases 26% Application servers 25% Web servers 25% ERPs / CRMs 24% Custom line of business applications 22% Messaging applications 22% Other (Please specify) 0%

Virtual servers Q43: What percentage of the servers in your data centers are being virtualized in each of the following? (Medians shown) 0% 10% 20% 30% 40% 50% Application test environment 30% Patch testing environment 30% Application development environment 30% Production environment 30%

Backing up virtual environments Q44: How do you back up virtual environments? (Medians shown) 0% 20% 40% 60% 80% 100% We utilize off-host technology (e.g., VMware VCB / v-Storage API) for "client- 50% less" backups of VMs Like a physical machine - standard Client (non deduplication) inside each 30% virtual machine Like a physical machine - except with deduplication client inside each virtual 30% machine Not backing up virtual machines 24%

Virtualization Q45: What are the main reasons you have not virtualized more applications? (Mark all that apply.) 0% 20% 40% 60% 80% 100% Performance 60% Manpower / human resources 60% Application vendor support issues 53% Cost 29% Skills 25% Storage inefficiencies / storage costs too high 13% Inability to meet service levels / availability requirements of the business 10% Ability to recover and manage virtual environments 8% Haven't though much about it 2%

Virtual server testing Q46: How often do you test virtual servers as part of your disaster recovery plan? 0% 20% 40% 60% 80% 100% Daily 9% Weekly 50% Monthly 14% Quarterly 13% Semi-annually 7% Yearly 5% Less than once a year 2% Never 2%

Challenges Q47: What challenges have you faced in protecting mission critical data and applications in virtual environments? (Mark all that apply.) 0% 20% 40% 60% 80% 100% Lack of available backup storage capacity 60% Lack of primary storage capacity 57% Lack of automated recovery 55% Insufficient backup tools 39% Lack of enterprise high availability 37% Lack of enterprise storage management 19% Different tools for physical and virtual environments 15% Lack of scalability 7% Other (Please specify) 1%

Challenges Q48: How much of a challenge do each of the following present in protecting mission critical data and applications in virtual environments? 1 - Small Challenge 2 - Neutral 3 - Large Challenge 100% 90% 19% 30% 34% 36% 36% 80% 40% 40% 58% 54% 70% 60% 21% 44% 50% 28% 29% 30% 30% 30% 40% 30% 23% 30% 49% 20% 38% 38% 35% 35% 30% 30% 10% 20% 16% 0% Lack of available Lack of primary Lack of Insufficient Lack of Lack of Different tools Lack of Other (Please backup storage storage capacity automated backup tools enterprise high enterprise for physical and scalability specify) capacity recovery availability storage virtual management environments

Virtual applications Q49: What percentage of your organization's data and mission critical applications in virtual environments are protected by each of the following? (Medians shown) 0% 10% 20% 30% 40% 50% Disk backup 25% Continuous data protection 23% Tape backup 22% Online / cloud storage (ie online) 21% Optical removable media (CDs, DVDs, Blu-ray, etc.) 20% Data replication 20% High availability failover 20% Global or wide area failover 20%

Data backup Q50: What percentage of the data on your virtual systems is regularly backed up? Median 56%

Virtual backup Q51: How often do you back up the data on your virtual systems? 0% 20% 40% 60% 80% 100% Daily 18% Weekly 54% Monthly 12% Quarterly 9% Semi-annually 4% Yearly 2% Less than once a year 0% Never 1%

Virtual backup challenges Q52: What is the top challenge with backing up virtual machines as opposed to physical ones? 0% 20% 40% 60% 80% 100% Resource constraints (people, budgets, and space) 59% Application-consistent backups 16% Lack of efficient technology / hardware / software 16% Lack of efficient restore options 5% Too much time required 4%

Email recovery Q53: In terms of email or Exchange, which of the following is your primary disaster recovery strategy? 0% 10% 20% 30% 40% 50% Continuous data protection 34% Email as a service 26% Global failover 16% Local failover 14% Regular backup 5% Cloud-based hosting 4% Protecting data with snapshots 1%

Multi-tiered services Q54: What challenges does your organization have with managing high availability and disaster recovery for multi-tiered IT services? (Mark all that apply.) 0% 20% 40% 60% 80% 100% Failure to protect all components of the IT service 62% Lack of coordination between application and data recovery solutions 57% Having inconsisten levels of protection for different components of the IT 25% service Lack of understanding application dependencies 18% Using manual recovery of the application, which is slow and increases the risk 14% of error Cross-functional teamwork and communication is lacking 9% Other (Please specify) 2%

Multi-tiered services Q55: How many hours does it take to recover your multi- tiered services? Mean 22.8

Cloud storage Q56: How far along are you in implementing cloud storage? 0% 20% 40% 60% 80% 100% Considering / planning, but have not yet purchased capabilities 61% Purchased capabilities, but have not yet implemented 23% Not considering 7% Already implemented 8%

Cloud storage Q57: Have you been able to measure an ROI for cloud storage? 0% 20% 40% 60% 80% 100% Have not been able to see ROI 14% Are able to demonstrate ROI 65% Fell short of ROI 11% Too soon to demonstrate 9%

Cloud computing Q58: How are you using cloud computing initiatives to help with your data center's disaster recovery plan? 0% 20% 40% 60% 80% 100% Software as a service 57% Backup to the cloud 17% Failover to the cloud 11% Not using cloud computing 6% Recovery from the cloud 6% Deploying cloud applications 4%

Cloud computing impact Q59: What has been the impact of cloud computing to your disaster recovery plan? 0% 20% 40% 60% 80% 100% Extremely easier 16% Easier 67% No change 13% More difficult 4% Extremely difficult 0%

Cloud computing challenges Q60: What are the biggest disaster recovery challenges you face when considering implementing cloud computing / cloud storage? 0% 20% 40% 60% 80% 100% Control failovers / make resources highly available 55% Control of management of resources 14% Ability to backup 14% Security 12% Expertise 4% Other (Please specify) 1%

Cloud computing policies Q61: Do you have written guidelines or policies in place for approving cloud applications that use business sensitive or confidential information? No 15% Yes 85%

Cloud computing Q62: Who drives cloud computing initiatives? 0% 20% 40% 60% 80% 100% CEO 55% CIO / CTO 25% IT managers 14% Employee end users / business managers 5% Employees who implement their own 1%

Cloud computing Q63: What percentages of the following types of applications are you putting into the cloud? (Medians shown) 100% 90% 80% 70% 60% 50% 50% 50% 40% 30% 20% 10% 0% Mission-critical applications Non-mission critical applications

Cloud computing concerns Q64: What is the biggest concern with putting mission-critical applications in the cloud? 0% 20% 40% 60% 80% 100% Security 66% Accessibility 14% Control 12% Management 6% Backup 3%

Symantec 2010 Disaster Recovery Study

by Symantec

Accessibility

Categories

Upload Details

Usage Rights

Statistics

Symantec 2010 Disaster Recovery Study Presentation Transcript