Be the first to like this
Australian organisations are taking their information technology disaster recovery seriously. However, with many organisations currently focused on cost reduction, unrealised opportunities exist to achieve disaster recovery objectives more economically.
In the CERTITUDE 2012 Information Technology Disaster Recovery Survey report released on the 8th of November, Eric Keser, a director and principal consultant with CERTITUDE Technology Risk Services, said, “Australian organisations spend about three percent of their annual IT budget on disaster recovery. However, spending well above the average on disaster recovery does not necessarily provide greater protection against system outages.”. Some of the Survey respondents spend more than ten percent of their annual IT budget on disaster recovery. Despite this budget, these respondents experienced about twelve percent of all outages in the past two years reported in the Survey.”.
The Survey is the first of its kind conducted by CERTITUDE. It specifically focused on the disaster recovery practices of Australian organisations. Keser said, “The Survey shows that there are many opportunities for Australian organisations to get more from their IT disaster recovery expenditure.”.
This is consistent with the movement CERTITUDE has seen in recent years, where its clients not only are asking for help to design disaster recovery solutions, but also to find ways to improve the cost efficiency of recovery implementation and maintenance.
For example, the Survey found that up to seventeen percent of respondents reported system disruptions caused by the failure of third-party service providers (e.g. electricity, IT operations, or telecommunications providers). Keser said, “This highlights the opportunity, at nominal cost, to reduce such causes by improving the integration of disaster recovery into existing service level and third-party management processes.”.
“IT disaster recovery is poorly embedded into other processes, with forty percent or less of respondents having embedded disaster recovery into project management, service level management, the service desk, and third-party management processes. These are existing IT processes that could help prevent, or minimise the harm caused by, the common causes of outages.”, said Keser.
Keser said, “Better internal controls can prevent other causes of system disruptions reported in the Survey as well.”. These causes often relate to failures in change management, capacity planning, and IT environmental management. Such processes are all usually within the organisation’s direct control, and therefore should not be costly to improve. Yet as few as thirty percent of respondents identify and evaluate the performance of these key disaster recovery controls.
About knowing how much recovery capability is needed, Keser said, “Most respondents involve their users in the determination of disaster recovery requirements. However