DR Testing Should Be Non-Disruptive: Symantec

Symantec has announced the India findings of its fifth annual IT Disaster Recovery survey, which reveal that there is a rise in disaster recovery (DR) pressure on enterprises caused by soaring downtime costs and more stringent IT service level requirements to mitigate risk to the business.

Even as 79 percent of enterprises faced computer system failures in the last one year, virus attacks (67 percent) and fear of data loss (51 percent) are the major initiators for disaster recovery plans. Changes in technology infrastructure (eg virtualisation, blade computing, etc), natural disasters, pressure from customers, suppliers, and competition and compliance factors are other major factors that have prompted enterprises to opt for a disaster recovery plan.

The average cost of implementing disaster recovery plans for each downtime incident worldwide is $2,87,600, while in India the median cost can climb to as high as $1,05,000. Therefore, enterprises have also allocated higher DR budgets in 2009, which is expected to increase further in the next two years.

The Symantec research shows that Indian enterprises allot 30 percent of their annual IT budget for disaster recovery initiatives, including back-up, recovery, clustering, archiving, spare servers, replication, tape, services, disaster recovery plan development, and offsite costs at data centres.

In addition, the survey revealed that DR is no more targeted mainly at IT departments. The CIO/ CTO/ IT director’s involvement in DR committee has also increased significantly. 72 percent of respondents reported significant increase in this involvement vis-à-vis last year’s research where only 23 percent of respondents indicated executive involvement. As budgets increase, disaster recovery initiatives have become more of a competitive differentiator. Another reason for executive involvement is the increase in applications that are seen as mission critical. 59 percent of applications were deemed mission critical by respondents, and nearly the same amount is covered in disaster recovery plans.

“DR has become a boardroom discussion. The extent of dent and damage caused by downtime due to natural, manmade and system disasters and the business continuity issues arising from it have made Indian CIOs take a 360 degree view on mitigation strategies,” said Anand Naik, director, Systems Engineering, Symantec India.

“But as enterprises confront complexities of protecting virtual environments, flat budgets and increasing internal and external risks, disaster recovery strategies should be constantly evaluated and upgraded,” added Naik.

21 percent of Indian enterprises test their DR plans once per year or less frequently. In addition, one in four tests still fail. The reasons cited for not testing include lack of resources in terms of people’s time (64 percent), disruption to employees (52 percent), budget (48 percent), and disruption to customers (49 percent).

Also, a concern is that more enterprises reported this year that disaster recovery testing increasingly impacts customers and revenue as compared to previous years. 49 percent of respondents reported that disaster recovery testing will impact their enterprises’ customers and 35 percent reported that such testing could impact their organisation’s sales and revenue. Symantec recommends that enterprises implement disaster recovery testing methods that can be run frequently and without disruption to business operations. Symantec believes that people and processes are the main reason tests fail, pointing to the need for more automation.

Virtualisation is another factor that affects the DR approach. 61 percent said implementing server virtualisation is causing them to re-evaluate their disaster recovery plans. 75 percent of enterprises test virtual environments as part of their disaster recovery initiatives while 73 percent said that data on virtualised systems is regularly backed up. Over half of the respondents cited lack of back-up storage capacity and automated recovery tools as top challenges to protecting data in virtual environments.

“Most of the DR approach has undergone change in the past two years. They are now focused on being able to retrieve data and not just deal with the physical damage. Organisations are now concerned about the amount of data lost during disaster, damage to customer loyalty and damage to competitive standing in the market during disaster. In addition, protecting data in virtual environments is far more difficult as compared to the physical environment,” said Naik.

Recommendations

As disaster recovery testing is invaluable, but can significantly impact business – including customers and revenue – enterprises should seek to improve the success of testing by evaluating and implementing testing methods, which are non-disruptive.

Finally, enterprises should include those responsible for virtualisation into disaster recovery plans, especially testing and back-up initiatives. Virtual environments should be treated the same as a physical server, showing the need for enterprises to adopt more cross-platform and cross-environment tools, or standardising on fewer platforms.