Survey says: Business disaster recovery plans need work
While companies may be confident in their disaster recovery strategy, DR planning and testing still has a ways to go, according to results of a survey by data protection vendor Zetta.
Among 403 IT professionals, 88% said they were somewhat or very confident in their disaster recovery. But while 96% said they have some type of DR, 40% responded that their organization lacks a formally documented DR plan. For those with a plan, 40% said they test it once a year, while 28% rarely or never test it.
Similar to Zetta’s findings, a recent TechTarget survey found that companies are generally confident in their business disaster recovery plans. Also similarly, 65% test their DR plan just once a year or less, according to the TechTarget survey.
“Companies need to be more rigorous around how they develop their DR plans,” Zetta CEO Mike Grossman said. That’s especially important given that more than half of the companies in the survey experienced a downtime event in the last five years.
It’s not enough for business disaster recovery plans to ask, “What happens if a hurricane hits?” According to the survey, the most common type of downtime event for an organization in the last five years was a power outage. For those that had a downtime event in that time period, nearly 75% said their organization suffered a power outage. Only 20% experienced a natural disaster in the last five years. A hardware error was the second most common response, with 53%. Both a human error and a virus/malware attack registered at close to 35%.
When people think about disaster recovery, they often think of catastrophic events. “In reality, that’s not what causes the biggest impacts day to day,” Grossman said.
Several outages made news in 2016, including incidents at Delta Air Lines and Southwest. With proper DR testing, organizations can prevent major problems like outages.
Grossman recommends testing business disaster recovery plans a minimum of once per quarter and preferably once per month.
“Unless you have a continuous process, including testing, you’re not really protected,” Grossman said.
But “not all testing is created equal,” he warned. The more rigorous and real-life, the better.
A lot of companies like to think they’re protected but they’re not, Grossman said.
According to the “State of Disaster Recovery” survey, 55% changed their DR strategy after a downtime event. It’s a positive that companies are paying more attention to the issue but a negative that they underestimate the risk, Grossman said.
For those that made changes following their last downtime event, 55% of organizations changed their DR approach, 55% added DR technology and 39% increased their DR investment. Almost 1 in 4 respondents said they increased DR testing.
As IT gets more complex, companies like Zetta need to make DR easier to manage, Grossman said. But how do you take the complexity out of something that’s complicated?
The cloud helps. Zetta is “cloud-first,” Grossman said, with backup in the cloud and failover to the cloud. And security, which has traditionally been a challenge in the cloud, is getting better.
Ninety percent of IT professionals who are using the cloud in their disaster recovery strategy said they are confident in their DR, according to the survey. Seventy-four percent of organizations using only on-premises DR said they are confident in their plans.
“It’s simpler,” Grossman said of the cloud. “It provides better protection.”