2008 symantec disaster recovery

Disaster Recovery Survey Summary

Results

2

Methodology

• Data collection

– Phone data collection methodology was used to collect data.

– 1,000 completes were obtained from qualified respondents (i.e., IT and C-Level decision makers; with 500 or more employees within their company; with a disaster recovery plan in place).

– Results reflect global findings.

• Questions were designed to elicit issues surrounding:

– Implementation of disaster recovery strategies.

A questionnaire developed by Connect PR was fielded by Applied Research-West, Inc. in July, 2008.

Key Findings


4


0%

6%

3%

21%

41%

42%

43%

46%

49%

54%

63%

66%

75%

0% 20% 40% 60% 80% 100%

Other

Don't Know

Never

Man-made disasters (war & terrorism)

Natural disasters (fire, flood)

Configuration change management issues

Data leakage or loss

Internal computer threats (accidental & malicious

employee behavior)

User error

IT problem management

External computer threats (viruses & hackers)

Power outage/failure/issues

Computer system failure (hardware & software)

Which of the following has your organization ever experienced? (Multiple Response)

5

100%

0%0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Yes No

Are you involved in the implementation and day-to-day management of your organization’s disaster recovery plan?


6

2%

11%

5%

44%

35%

23%

25%

31%

15%

26%

30%

45%

17%

34%

0% 20% 40% 60% 80%

Other

Don't Know

None of these

Increased concern over data loss, such as

customer names/order details etc.

Changes in technology infrastructure

Pressure from customers, suppliers and the

competition

Insurance policy

Government and industry sector regulations

Appointment of a senior non-IT person

Appointment of a senior IT person

Accidental or malicious employee behavior

Virus attacks

War and/or terrorism

Natural disasters

Which of the following prompted your organization to first create a disaster recovery strategy and plan? (Multiple Response)


7

2%

0%

0%

1%

3%

2%

6%

40%

18%

28%

0% 20% 40% 60%

Other

Don't Know

None - we do not have a disaster recovery

committee

External consultant

Database/application manager

Storage IT manager

Backup IT manager

Chief Information Office (CIO)/Chief Technology

Office (CTO)/IT director

Systems/infrastructure manager

Divisional/departmental IT manager

Which person is responsible for managing your organization’s disaster recovery plan?


8

2%

0%

1%

3%

5%

5%

6%

6%

8%

14%

17%

28%

33%

0% 20% 40% 60%

Other

Don't know

None

External consultant

Non-IT managers

Other directors

Chief Executive Officer

Chief Financial Officer

Line of business executives/managers

Chief Security Officer

Systems/Infrastructure manager

Divisional/departmental IT manager

C-level (CIO, CTO, IT Director)

Which of the following people are on your organization’s disaster recovery committee? (Multiple Response)


9

Which of the following technology types do you have and which are covered by the DR plan? (Multiple Response)


Have in

organization

Covered by

DR plan

Database servers 46% 54%

Applications (ie ERP, etc.) 46% 54%

Email 50% 50%

Web servers 45% 55%

Desktop environment 62% 39%

Laptop environment 65% 35%

Mobile technology such as handheld devices 68% 33%

Remote offices 57% 43%

Home workers' PCS 69% 31%

10

1%

9%

4%

48%

51%

43%

54%

65%

67%

44%

51%

0% 20% 40% 60% 80%

Other

Don't Know

None of these





employee behavior)





Without your disaster recovery plan, which of the following threats or disasters would your organization consider itself exposed to? (Multiple Response)


11

0%

2%

0%

53%

59%

60%

67%

72%

81%

64%

73%

0% 20% 40% 60% 80% 100%

Other

Don't Know

None of these





employee behavior)





Which of the following threats has your organization conducted an impact assessment? (Multiple Response)


12

Which of the following potential impacts or consequences that could result from a disaster is your organization most concerned about? Please select your top 5 from the list. (Multiple Response)

2%

4%

6%

62%

48%

48%

75%

44%

32%

51%

56%

51%

0% 20% 40% 60% 80% 100%

Other

Don't know

None of these

Cost of downtime

Reduction in revenue

Reduction in profits

Data loss

Damage to competitive standing in the

market place

Damage to supplier relationships

Damage to brand reputation

Damage to customer loyalty

Decreased employee productivity


13

What is the status of your disaster recovery site? (Multiple Response)

13%

17%

29%

25%

35%

33%

17%

21%

0% 10% 20% 30% 40% 50% 60% 70% 80%

It is cold standby (hardware is available if

needed, but running)

It is hot standby (hardware are powered on

and ready to go)

Recovery is automated

Recovery process is manual

We use multiple business locations as

disaster recovery sites

We use a remote business location as a

disaster recovery site

We don't have a disaster recovery site

Managed by an outside vendor


14


What percentage of your organization’s applications does it consider to be business-critical and what are the applications?

Mean: 56

Business Critical Applications:SAPERPCRM

Financial

15


If a significant fire disaster were to occur at your organization that completely obliterated the main data center, how soon would the organization be able to do each of the following:

Achieve Skeleton Operations %

1 day 31%

1 hour 6%

1 week 4%

12 hours 3%

2 days 7%

3 days 3%

Other 46%

Get mostly back up and running %

1 day 20%

1 hour 1%

1 week 15%

12 hours 3%

2 days 10%

3 days 8%

2 weeks 5%

Other 39%

Have 100% normal operations %

1 day 14%

1 week 15%

12 hours 1%

2 days 9%

3 days 8%

2 weeks 8%

1 month 9%

3 weeks 4%

Other 33%

16


For your tier one applications in your disaster recovery plan, what are your recovery time objectives (in terms of hours/minutes)? What are your recovery point objectives (in terms of hours/minutes)?

Recovery time

objectives (Mean) 30 hours

Recovery point

objectives (Mean) 28 hours

17


Under what circumstances have you ever had to actually execute your disaster recovery plan, either in full or in part (excluding drills/tests)? (Multiple Response)

1%

12%

16%

26%

14%

22%

23%

18%

21%

28%

36%

15%

23%

0% 10% 20% 30% 40% 50%

Other (please specify)

Don’t know

Never

Power outage/failure/issues

User error




Internal computer threats, e.g. accidental and malicious

employee behavior

External computer threats, e.g. viruses and hackers

Computer system failure, i.e. hardware and software

Man-made disasters, e.g. war and terrorism

Natural disasters, e.g. fire, flood

18


How frequently does your organization carry out full scenario testing of its disaster recovery plan, involving relevant people, processes and technologies?

14%

7%

4%

1%

2%

4%

15%

21%

16%

19%

0% 10% 20% 30% 40% 50% 60% 70% 80%

Don’t know

Never

On an ad-hoc basis

Less frequently than every 3 years

Every 2-3 years

Every 1-2 years

Once a year

Every 6 months

Every 3 months

Monthly

19


What percentage of disaster recovery tests successfully recovered critical data and applications within RTOs/RPOs (recovery time objectives/recovery point objectives)?

Mean: 70

20


Which of the following reasons accounts for why full scenario tests have failed? (Multiple Response)

19%

16%

2%

25%

24%

29%

35%

23%

0% 10% 20% 30% 40% 50%

Don’t know

Our tests have not failed


Insufficient IT infrastructure at the DR site

Discovery that the plan has become out of date

Technology does not do what it is supposed to

People do not do as they are supposed to

Processes turn out to be inappropriate

21


Which of the following do you consider to be barriers to running a full scenario test on your disaster recovery plan? (Multiple Response)

15%

9%

1%

6%

20%

21%

31%

39%

37%

39%

32%

0% 10% 20% 30% 40% 50% 60% 70% 80%

Don’t know

None


Not seen as a priority by top management

Other IT projects taking a higher priority

Disruption to sales and the revenue stream

Disruption to uptime an/or downtime of

production systems

Disruption to customers

Disruption to employees

Resources, in terms of budget

Resources, in terms of people’s time

22


Of the applications that are running on virtual servers what is their relative importance to the business?

23%

44%

34%

0% 10% 20% 30% 40% 50%

Even the most critical

applications are being

virtualized

All but the most

critical applications are

being virtualized

Only the least critical

applications are being

virtualized

23


What applications are being put into virtual environments?

21%

30%

44%

52%

57%

57%

0% 10% 20% 30% 40% 50% 60% 70% 80%

Custom line of business applications

Messaging applications

Infrastructure servers such as File Servers, Print

Servers, Domain Name Controllers

Web servers

Application servers

Databases

24


Mean: 44

Mean: 42

What percentage of the servers in your data centers are being virtualized in each of the following?

Mean: 43

Test environment

Application development environment

Production environment

25


What percentage of your virtual servers is covered in your disaster recovery plan?

Mean: 65

26


Has implementing server virtualization caused you to reevaluate your disaster recovery plan?

55%

45%

0%

10%

20%

30%

40%

50%

60%

70%

Yes No

27


What are some challenges in protecting mission critical data and applications in virtual environments?

4%

16%

35%

33%

27%

33%

28%

0% 10% 20% 30% 40% 50%

Other

Lack of scalability

Different tools for physical and virtual

environments.

Lack of automated recovery

Lack of enterprise high availability

Insufficient backup tools

Lack of enterprise storage management

28


How are data and mission critical applications being protected in virtual environments?

(Multiple Response)

21%

18%

23%

31%

36%

31%

50%

37%

0% 10% 20% 30% 40% 50%

Data replication

Global or wide area

clustering

High availability

clustering

Continuous data

protection

Off-host/offsite

storage (ie online)

Optical media

Disk backup

Tape backup

29


What percentage of the data on your virtual systems is regularly backed up?

4%

1%

2%

6%

6%

11%

7%

14%

37%

11%

0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%

0 – 9 percent

10 – 19 percent

20 – 29 percent

30 – 39 percent

40 – 49 percent

50 – 59 percent

60 – 69 percent

70 – 79 percent

80 – 89 percent

90 – 100 percent

30


What is the top challenge with backing up virtual machines?

21%

54%

25%

0% 10% 20% 30% 40% 50% 60% 70%

Too much time

required

Resource constraints

Lack of efficient

technology/software

31


What challenges does your organization have with multi-tiered applications, i.e., SAP applications, complex online applications, etc.? (Multiple Response)

20%

27%

32%

33%

34%

30%

0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%

Lack of coordination between application and

data recovery solutions

Backing up/protecting data but not providing

automation on application recovery

Having inconsistent levels of protection for

different components of an application

Failure to protect all components of a multi-

tiered application

Lack of understanding of application

dependencies

Insufficient availability requirements from the

business due to large number of diverse users