Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
CertitudeTECHNOLOGY RISK SERVICES      2012         IT  DISASTERRECOVERY   SURVEY
DEMOGRAPHICS               Organisations                operating in Australia               12 of the 19 ANZSIC        ...
BUDGET                                 Respondents spend around         DR Budget (% of IT)     3% of their IT budget on  ...
RECOVERY LOCATION                                 Small and / or                                 geographically non-      ...
MATURITY                                 Higher levels of disaster                Maturity         recovery maturity can  ...
STANDARDS & REGULATIONS                                  Disaster recovery      Standards / Guidelines      standards and ...
PROCESS INTEGRATION                             Disaster recovery is poorly      Where DR is Embedded   embedded into proj...
THREATS                                        Trends learned from                                        incident & probl...
KEY CONTROLS                                          The management of service                                          l...
DISRUPTIONS    Outages                                              Nearly half experienced                              ...
DISRUPTIONS                            Many system disruptions              Root Causes   are essentially self-inflicted.....
RECOVERY REQUIREMENTS                             Users are involved in        RTO Considerations   determining disaster  ...
EXPECTATIONS & IMPACT                                  The most difficult area of         Expectation Management   harm to...
DESIGN & TECHNOLOGY                                     Technologies in production          Use of DR Architecture     are...
DOCUMENTATION                             Plans are often out of date,                             and supporting      Doc...
TRAINING                                Many respondents use                                disaster recovery testing as  ...
TESTING                               Few (34%) of respondents           Testing Frequency   have their recovery test     ...
2012IT Disaster Recovery Survey    @ www.certitude.au.com
Upcoming SlideShare
Loading in …5
×

Certitude - Disaster Recovery Survey presentation - 08 nov2012

969 views

Published on

Australian organisations are taking their information technology disaster recovery seriously. However, with many organisations currently focused on cost reduction, unrealised opportunities exist to achieve disaster recovery objectives more economically.

In the CERTITUDE 2012 Information Technology Disaster Recovery Survey report released on the 8th of November, Eric Keser, a director and principal consultant with CERTITUDE Technology Risk Services, said, “Australian organisations spend about three percent of their annual IT budget on disaster recovery. However, spending well above the average on disaster recovery does not necessarily provide greater protection against system outages.”. Some of the Survey respondents spend more than ten percent of their annual IT budget on disaster recovery. Despite this budget, these respondents experienced about twelve percent of all outages in the past two years reported in the Survey.”.

The Survey is the first of its kind conducted by CERTITUDE. It specifically focused on the disaster recovery practices of Australian organisations. Keser said, “The Survey shows that there are many opportunities for Australian organisations to get more from their IT disaster recovery expenditure.”.

This is consistent with the movement CERTITUDE has seen in recent years, where its clients not only are asking for help to design disaster recovery solutions, but also to find ways to improve the cost efficiency of recovery implementation and maintenance.

For example, the Survey found that up to seventeen percent of respondents reported system disruptions caused by the failure of third-party service providers (e.g. electricity, IT operations, or telecommunications providers). Keser said, “This highlights the opportunity, at nominal cost, to reduce such causes by improving the integration of disaster recovery into existing service level and third-party management processes.”.

“IT disaster recovery is poorly embedded into other processes, with forty percent or less of respondents having embedded disaster recovery into project management, service level management, the service desk, and third-party management processes. These are existing IT processes that could help prevent, or minimise the harm caused by, the common causes of outages.”, said Keser.

Keser said, “Better internal controls can prevent other causes of system disruptions reported in the Survey as well.”. These causes often relate to failures in change management, capacity planning, and IT environmental management. Such processes are all usually within the organisation’s direct control, and therefore should not be costly to improve. Yet as few as thirty percent of respondents identify and evaluate the performance of these key disaster recovery controls.

About knowing how much recovery capability is needed, Keser said, “Most respondents involve their users in the determination of disaster recovery requirements. However

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Certitude - Disaster Recovery Survey presentation - 08 nov2012

  1. 1. CertitudeTECHNOLOGY RISK SERVICES 2012 IT DISASTERRECOVERY SURVEY
  2. 2. DEMOGRAPHICS Organisations operating in Australia 12 of the 19 ANZSIC Industries  Representation of all employee sizes  All annual IT spend, except for $0.5m to $1m Certitu
  3. 3. BUDGET Respondents spend around DR Budget (% of IT) 3% of their IT budget on disaster recovery. However money doesn’t necessarily buy fewer IT outages. Most outages reported by those who spent 1% of their IT budget on DR Outages vs DR Spend Respondents who spent > 10%, incurred 12% of all outages reported  Those with IT budgets <=$100k, spent nearly nothing on DR Certitu
  4. 4. RECOVERY LOCATION Small and / or geographically non- Location dispersed organisations Have difficulty finding suitable recovery locations. Most respondents (55.88%) recover to the same city Size & geographical Recovery Site Location presence have a significant influence on recovery location Respondents who have a regional presence are taking full advantage of their geographical diversity Certitu
  5. 5. MATURITY Higher levels of disaster Maturity recovery maturity can reduce system disruption. Most describe their DR maturity as ‘repeatable, but intuitive’, or ‘defined’ Outages vs Maturity Size does not influence maturity. The higher the maturity, the lower the number of outages and harm (e.g. average and longest duration) Certitu
  6. 6. STANDARDS & REGULATIONS Disaster recovery Standards / Guidelines standards and guides do not significantly influence most organisations’ disaster recovery. Standards have no significant influence on disaster recovery Broader standards have greater influence than Regulation / Legislation DR specific ones There are changes to APRAs Practice Standards that affect DR Certitu
  7. 7. PROCESS INTEGRATION Disaster recovery is poorly Where DR is Embedded embedded into project and service level management, As well as service desk processes. Most have DR embedded into IT Service Continuity, ICT Infrastructure, Availabili ty, Change, Incident, Sec urity & Financial Management Few have DR embedded into Release, Management, Service Desk and Service Level Management! Certitu
  8. 8. THREATS Trends learned from incident & problem management are not often Where DR Threats are Identified used to identify DR threats & opportunities to prevent future system disruption. Most use various forms of risk assessment to identify threats Few (<30%) use information recorded by incident and problem management processes to identify threats Certitu
  9. 9. KEY CONTROLS The management of service levels and 3rd-party service providers is being missed to control disaster recovery Manage Changes Manage Physical risk. Environment Few evaluate important DR controls such as managing performance, capacity Manage Performance Manage Problems and problems & Capacity Even fewer recognise the importance of managing service levels, and third-party providers. Define & Manage Manage Third- Service Levels Party Providers Identifie d, but… Certitu Identifie Not Identifi… d and…
  10. 10. DISRUPTIONS Outages Nearly half experienced unplanned outages in Average (hrs) the past 2 years Direct correlation between maturity, and outage frequency and duration Longest (hrs) Certitu
  11. 11. DISRUPTIONS Many system disruptions Root Causes are essentially self-inflicted.. Many causes of disruption can be controlled by processes that affect outages are in the direct control of the organisation Processes that help manage 3rd-parties are neglected even though many outages are caused by third-parties Certitu
  12. 12. RECOVERY REQUIREMENTS Users are involved in RTO Considerations determining disaster recovery requirements. Work-arounds, and system dependencies are well considered The re-entry and RPO Considerations processing of lost data, and the clearing of any work backlog is not well considered Certitu
  13. 13. EXPECTATIONS & IMPACT The most difficult area of Expectation Management harm to quantify, reputation, is of the greatest concern. Users are involved but expectations are not well managed Reputational damage Areas of Harm was of high concern, and is the most difficult to actually measure, and quantify Operational and financial impacts also ranked highly Certitu
  14. 14. DESIGN & TECHNOLOGY Technologies in production Use of DR Architecture are well utilised for recovery capability. However, use of DR architecture is not wide spread. Only 75% of respondents make good use of the DR architecture Use of Production Technologies 12% have no DR architecture at all Most make good use of existing technologies in their production environment Cloud-based services not popular Certitu
  15. 15. DOCUMENTATION Plans are often out of date, and supporting Documentation Status documentation is often unidentified or unavailable. 38% review or update their documentation at least once every year. 94% use generic word processing tools to Documentation Tools document their disaster recovery plans Supporting documentation is often neglected Certitu
  16. 16. TRAINING Many respondents use disaster recovery testing as Training Frequency the primary method of training. 47% have never conducted disaster recovery training Some considered regular Training Methods disaster recovery testing to be the best form of training Certitu
  17. 17. TESTING Few (34%) of respondents Testing Frequency have their recovery test independently evaluated and reported. Most test at least once every year (note Testing Methods APRA) 8% do no testing at all A wide range of testing methods are used, with failover to DR site the most popular Certitu
  18. 18. 2012IT Disaster Recovery Survey @ www.certitude.au.com

×