a cibecs report 2010 data loss survey - itwebv2.itweb.co.za/whitepaper/cibecs_101116.pdf · a...

A CIBECS REPORT

2010Data Loss SurveyResults prove companies are at risk.

www.cibecs.com

A Cibecs Report2010 Data Loss Survey

2

01

02

03

04

05

06

07

EXECUTIVE SUMMARYWho took part?

HOW USER DATA IS PROTECTEDData flow to increase by 650% (Gartner)

HOW DATA IS LOSTMajor risk factors

IMPACT ON YOUR ORGANIZATIONOperational benefit?

USER DATA MANAGEMENT – FACTORS OF IMPORTANCEValue of effective data migration largely ignored

Central control comes out on top

KEY BENEFITS OF A DATA BACKUP AND RECOVERY SOLUTIONPrimary benefits

Secondary benefits

CONCLUSIONMain areas of risk and operational impact

What the 2010 Data Loss Survey revealed

Table of Contents


3

01EXECUTIVE SUMMARYThe 2010 Data Loss Survey Report places the spotlight on effective data protection, backup and recovery practices as it stands today.

Hosted by IT news portal, IT Web, and sponsored by data backup and recovery software company, Cibecs, the 2010 Data Loss Survey highlighted the business and operational risk organizations are exposed to in managing user data.

While it is true that most companies have server backup solutions in place, focus is now shifting to user data stored on desktops and laptops, and the protection thereof.

This is where a backup and recovery vacuum exists, and where this report will focus on.

}


4

WHO TOOK PART?

Over 250 companies took part in the survey. As shown in (Chart 1) 24% of responding firms have between 500 and 10,000 employees, while 13% of companies taking part in the survey have over 10,000 people in their ranks.

11% employed between 201 and 500 people while 8% had 101 employees or more. The rest (44%) are made up mainly of smaller to mid-sized businesses of 100 people or less.

(Chart 2) illustrates the market sectors most companies operate in. The IT industry leads the way on 41%, with Finance, Banking, Insurance and Accounting firms coming in at the second highest representation with 13%. The rest is rather evenly spread between Telecommunications, Retail and Manufacturing.

55% of respondents were either IT or Executive Managers in their respective organizations.

CHART 2

CHART 1

Business Services / Consulting (non-ICT related) 6

Construction / Architecture / Engineering 3

Education 3

Finance / Banking / Insurance / Accounting 13

Government 4

Information Technology 41

Manufacturing (non-computer related) 5

Marketing / Public Relations 4

Medical / Dental / Healthcare / Pharmaceutical 2

Mining / Petrochemical 2

Parastatals / Utilities 4

Retail / Wholesale 7

Telecommunications / Cellular providers 7

INDUSTRY SECTOR %

01


5

}02HOW USER DATA IS PROTECTEDThe 2010 Data Loss Survey statistics underline a major flaw in user data protection.

Nearly half (46%) of companies rely on some kind of backup policy (be it to a file server or external hard drive) to ensure business critical data is backed up.

A backup solution for desktops and laptops 30

Company policy instructing users to backup to

an external hard drive 10

Company policy instructing users to copy their

files to a file server 36

Folder synchronisation 16

It doesn’t 8

How does your company protect its users’ data? %

Users do not consistently follow our policies 36

The infrastructure (bandwidth and storage)

cannot cope with large backup volumes 17

Security concerns (users dont want sensitive

information on our servers) 15

Upgrading users PCs and laptops takes

a lot of time 17

There are no issues 15

Which of the following issues does your company experience? %

CHART 3 CHART 4

However these very same companies list the fact that users do not follow policy as their main obstacle in terms of successful data protection.


6

Highly effective 32

Highly ineffective 6

Moderately effective 51

Moderately ineffective 10

How effective is your company’s current methodology in protecting users’ data? %

REALITY IS THAT USERS WILL NEVER FOLLOW DATA BACKUP POLICIES BECAUSE:

They forget or do not know how to They think it will take too much time

They do not want their data on a server where it could be accessed by a third party.

DATA FLOW TO INCREASE BY 650% (GARTNER)

Gartner predicts that data flow into enterprises will grow by 650% over the next five years. Add to that the ever increasing mobility of vast amounts of data by way of much improved laptop storage, and you’ve got a recipe for a bit of a data disaster should smart management not be the order of the day.

As it stands (Chart 5) only 32% of survey respondents felt that their current backup methodology was highly effective, leaving 68% unconvinced of their ability to recover lost data and ensure business continuity.

Another recent survey, “Managing Information in the Enterprise: Perspectives for Business Leaders” found that

“95% of companies believe that information management is essential to business success.”

The survey, sponsored by SAP, also discovered that data-related problems cost the majority of respondents more than $5 million annually, with a staggering 20% of companies reporting losses in excess of $20 million per year.

Clearly the problem persists and, in most occasions, the problem is user related.

CHART 5

02


7

HOW DATA IS LOSTIn a recent article published in the Wall Street Journal, Walt Shill (head of the North American management consulting practice for Accenture), stated that; “strategy as we knew it, is dead.”

He points out that business success now hinges on two key aspects:

Operational flexibility.

How quickly a business can respond and seize an opportunity.

Fact of the matter is that now, more than ever, there is pressure on IT to do more with less and to effectively meet larger corporate goals . . . something that is just not possible if valuable IT resource has to be consistently diverted to deal with the integrity of user (and company) data.

Lost data hinders an organization’s ability to respond to opportunities. Not only that but, from an operational perspective, the process of recovering and /or recreating lost data negatively impacts the efficient use of company resources.

1

2

03}


8

MAJOR RISK FACTORS

Every day companies are at risk of serious data breaches from various sources, including staff members that are retrenched, fired or somehow disgruntled with the organisation.

In fact, the latest research conducted by IT security firm, Cyber-Ark Software Inc, indicates that: 58% of Wall Street workers say they have already taken data from their company. 71% said they will take data if faced with the prospect of retrenchment.

In terms of our own 2010 Data Loss survey,(CHART 6):

39% of data losses are ascribed to hardware and software failures, 34% of losses are attributed to negligence and theft 23% of data losses are caused by viruses and technical incompetence.

These statistics underline the massive risk businesses are exposed to in the event of data loss through any number of every-day occurrences.

A scary thought, especially considering that today’s hard drives store 500 times more data than a decade ago, which means the impact of such a loss is vastly amplified.

Clearly staggering financial, legal and productivity ramifications are just one unlucky day away.

Theft 17

Negligence 16

Hardware failure 28

Software failure 11

Technical incompetence 9

Viruses 14

Other 4

Which of the following have caused yourcompany’s users to lose data? %

CHART 6

03


9

}IMPACT ON YOUR ORGANIZATIONData loss impacts four key areas: Finance, Security, Operations and Company Reputation.

We asked survey respondents to rate the risk of user data loss in relation to these key areas. “1” being not important at all, “5” being extremely important.

As can be expected, category “3” (somewhat important) proved a popular choice in respondent rankings but, fortunately, the “safe” option did not spoil the stats, with operational impact scoring highly – and expectedly so.

What was not so expected was how strongly respondents ranked the impact on company reputation.

As shown in (Chart 7), by far the most respondents (32%) rated impact on company reputation as “5” or “extremely important”. It is an interesting statistic as it shows that, while historically companies seldom considered “impact on reputation” as a major driving force in setting policy and business continuity planning, it is now (in this time of rapid news sharing through social media) fast becoming a factor to consider.

No longer do companies have the luxury of a certain degree of anonymity (or spare time to react) when it comes to aspects that affect their customers or employees.

Bad news is circulated quickly – rapidly impacting on company reputation and, therefore, future retention and acquisition exercises.

CHART 7

Rate the risk of user data loss in yourorganisation with regard to:

04


10

OPERATIONAL BENEFIT

As mentioned the impact on operational efficiency scored highly, with only 22% or respondents not rating it “3” or above.

With a change in mindset where IT infrastructure is moving from “reliable and expensive” to “flexible and cost effective”, CIOs and IT managers have to find ways to maximise the operational benefits derived from the resources available to them.

Just think about the impact it has on the business when you have to allocate valuable resource on:

Migrating user data to new machines.It’s a costly and labor intensive exerciseOften data goes missing in the migration

Recovering lost files.Hours are spent trying to find lost filesOften expensive third party consultants need to be used to recover the filesMost of the time the user has to redo the work (which is a waste of resource)This affects the user, and therefore the company’s ability to effectively serve its clientele, and meet its overall objectives.

So much information is stored on company desktops and laptops, especially as we move to a more mobile society, that companies are beginning to understand the need to take responsibility for that data away from users and manage it from a central location.

According to our survey, only 38% of respondents (Chart 8) have an automated data backup and recovery solution in place that allows for centralized data management:

1

2

Unsure 16

We are currently investigating a solution 16

We currently have a system in place 38

We have considered it, but have not yet

investigated the matter 19

We have not considered this option 11

Has your company ever considered an automated data backup and recovery solution for its desktops and laptops? %

CHART 8

04


11

5 key benefits of such a solution:

Free up your best personnel to focus on your core business: (and their core duties) while data backup on all company desktops and laptops happen automatically. Maximize uptime for your network systems: greatly assisting in eliminating the overwhelming burden of everyday administration from your IT staff. Prove legal compliance: The centralization of control over what data, from which users should be backed up, allows for clear, measurable and appropriate reports to prove legal and backup procedure compliance. Maximize your current storage infrastructure and minimize IT spend: Encryption, delta level patching and compression features not only secure your data, but also takes strain off your company’s existing network and storage, which means you do not have to invest heavily in new hardware and get a higher Return on Investment on your existing infrastructure. Eliminate costly surprises when recovering or transferring data: Greatly reduces time and costs associated with replacement of computer hardware.

1

2

3

4

5

04


12

}USER DATA MANAGEMENT Factors of key importance

Our question surrounding the importance of various factors relating to the effective management of user data (Chart 9) delivered interesting results.

67% of respondents rated user backup and recovery as very important (ratings of 4 and 5) while, again, adherence to good corporate governance and the availability of reports to prove legal compliance scored well, with a similar percentage (67%) rating it “4” and “5”.

CHART 9

Rate the importance of:

05Somewhat surprisingly, the reduction in cost and use of bandwidth and storage scored below 60%, with only 58% of survey participants rating it “3” and above.

We were equally surprised that only 48% rated the ability to replace computer hardware faster and cheaper as a “4” or “5” in level of importance.


13

VALUE OF EFFECTIVE DATA MIGRATION LARGELY IGNORED

Considering that the average cost of data migration per user literally runs into the thousands (often a whole lot more) due to user downtime and IT resource allocation, the sobering thought is that data migration from old to new PCs can have a significant impact on an organization’s bottom line.

The reality is that data migration / hardware refresh projects are a certainty for every IT Manager or CIO. Because of the unstructured way users save their data, critical files often go missing in the process of transferring files to new PCs – which translates to more costs and user downtime as IT attempts to recover the lost files. More often than not, however, the lost data has to be recreated.

Ignoring the importance of effective data migration is a costly and unnecessary error, one which 52% of respondents are now hopefully more aware of.

05CENTRAL CONTROL COMES OUT ON TOP

More in line with expectations (still Chart 9), 69% of survey participants rated the ability to centrally control and manage user data as highly to extremely important.

As mentioned, the human factor is the biggest element of failure in any data backup policy.

Companies want control. Not only over how regularly (and at what times) users backup their data but, also, what type of data is backed up – an important consideration as you do not want valuable infrastructure (bandwidth and storage) wasted on endless streams of music, photos and movies.


14

KEY BENEFITS OF A DATA BACKUP AND RECOVERY SOLUTIONAgain respondents were asked to rate the importance of several characteristics an effective data backup and recovery solution should have.

While it is nice to have loads of added features, bells and whistles – the 2010 Data Loss Survey clearly shows that what companies desire most is a solution that, first and foremost, does what it is supposed to do.

PRIMARY BENEFITS

82% of companies (Chart 10 on page 15) surveyed rated “the ability to recover and transfer data in a quick and effective way” as highly or extremely important, with only 6% rating it below “3”.

When push comes to shove you need to have confidence that the solution you have in place will deliver on its promise – to recover that which you have lost and, as an added bonus, to do so as quickly as possible. Hence 72% of companies rated backup speed as highly important, with only 8% ranking this as an unimportant benefit to their business.

Taking into consideration that users offer the time it takes to backup their files, and the possible negative impact performing a backup can have on their PCs, as an excuse not to backup their business critical data, a solution that provides an automated alternative (that operates efficiently in the background without affecting user productivity) is certainly an attractive prospect to consider.

SECONDARY BENEFITS

Effective support for remote users and product scalability also scored well, with 85% of respondents ranking it “3” or above. Data encryption (for added security) and data compression (for added storage and bandwidth savings) also performed well, with 84% of companies ranking data encryption as “3” or higher, while 83% gave a similar ranking to data compression.

Overall these potential benefits were well received by respondents. Companies were unanimous, however, in their desire for a solution that does the very basic reason for its existence – recovering and transferring data in a quick and efficient manner.

06}


15

CHART 10

Rate the importance of:

06


16

}

•••••

•

1

2

CONCLUSIONExtent of, and elements affected, by Business Data Stored on User Devices.

As identified in our Survey Report above, users store their data on their desktop and laptop computers. The key reasons for user data not being copied to a central location are: Users do not know how to do it It is a time consuming exercise Storage and bandwidth constraints restrict users from copying all their critical data Confidential data may not be copied to the central server as Corporate Governance restricts this. Data from Finance, Human Resources, Management etc., which is the most critical, is too confidential to copy to a server and poses a very big risk to any business.

MAIN AREAS OF RISK AND OPERATIONAL IMPACT

There are three main areas of risk and operational impact that have been identified, they are: Company data is at risk of being lost because of:

Virus threats Hardware failure User negligence Loss or theft of hardware Staff leaving the company and either deleting or not leaving a copy of their data Data corruption

When data is lost users turn to the IT department to recover it, a futile task unless the backup policy was followed. The risks associated to this loss include:

Cost of recreating lost data User interruption Opportunity cost of losing data Reputational risk of losing critical data.

“If our customers were to know that we do not have all our critical data protected it would be very damaging to our reputation.”

Data archival regulations are not currently being adhered to Significant time is invested when data is lost to try and assist the user to recover data from whatever source is available. This comes at a cost to the business.

Hardware replacement or migration

When desktop and laptop computers are replaced, IT staff is required to find where the user has stored his or her organizational data on their computers and then manually copy the data from the computer to a central location.

•

•

•

•

••••

•

•

2

07


17

The data is then manually copied from the central location back onto the new computer. The risks associated with this method include:

Data is open to unauthorized access Data is at risk of not being transferred as the IT personnel do not know where the user may have stored all the data and it is very easy to miss some data. This process is a time consuming exercise that comes at a significant cost.

Infrastructure Costs

A backup policy requiring users to copy their data to a central server poses several issues.

Bandwidth restraints: Should users copy their data to a central location the impact on the network will be significant.

Storage impact: Users copy huge volumes of personal data such as movies, music and photos to the central server instead of their business data. This wastes huge volumes of storage. The size of this kind of data storage is estimated at 50% of overall storage capacity.

WHAT THE 2010 DATA LOSS SURVEY REVEALED?

Loss of data leads to loss of business and loss of revenue – in real terms.

The 2010 Data Loss survey offered concrete verification of what Cibecs has long regarded as the problem areas in enterprise data backup and recovery strategies.

On a whole the survey data proved that businesses and enterprises do not fully appreciate the risks they face from the loss of data stored on user PCs.

Our hope is this survey has alerted a few more IT professionals, 58% of which is ultimately responsible for their company’s data (Chart 11) to the business case for reliable data backup and recovery software for their organization’s desktops and laptops.

Backup manager 10

CEO / MD 13

CIO / IT manager 58

Financial director 3

Other 16

Who is responsible for your company’s user data? %

CHART 113

07•

•

•

i

ii


18

ABOUT CIBECSCibecs was established in 2004 and has, over the last six years, advanced its product and service offering to not only be among the best in the industry – drawing investment and partnerships from globally respected partners – but also managing to keep the solution extremely cost effective for its rapidly growing customer base.

Headquartered in Johannesburg, South Africa, Cibecs has strategic partners located around the globe. . . Which means that Cibecs is able to deliver an enterprise desktop and laptop data backup solution that is reliable and easy to use, to companies of all sizes, anywhere in the world.

Offering fast recovery, data encryption and extensive central control over your users’ backups, Cibecs is the simplest way to backup and recover data on all desktops and laptops in your business.

CUSTOMERS & PARTNERS

In December 2008, HassoPlattner Ventures Africa,personal investment vehicle of Prof. Dr. Hasso Plattner, co-founder of SAP, acquired a stake in Cibecs (Pty) Ltd. Cibecs has also recently partnered with JSE-listed Managed Services Company, GijimaAst, to include its solution as part of GijimaAst’s service offering.

Visit www.cibecs.com for more information or contact Cibecs on +27(11) 791 0073.

}Other partners include Unisys, Fujitsu and Business Connexion, with Cibecs’ customer base stretching around the globe from Ingram Micro to the South African National Prosecuting Authority, Dimension Data, JD Group, The University of the Witwatersrand, UTi couriers and Super Group, to name but a few.

a cibecs report 2010 data loss survey - itwebv2.itweb.co.za/whitepaper/cibecs_101116.pdf · a...

Documents