BOSTON – At the first ZertoCON in 2016, analyst John Morency said that “IT resilience” is becoming the new “disaster recovery.” The concept at the time stressed continuous availability and proactively avoiding all recovery situations, versus just being able to recover from huge disasters.
Two years later, at ZertoCON 2018, IT resilience was the dominant theme. But that concept itself is evolving.
“The definition has changed,” Morency, a research vice president at Gartner, said in his keynote address Wednesday. “The scope has changed.”
Gartner defines resilience as “the ability of an organization to protect, absorb, recover and adapt in a complex and rapidly changing environment to enable it to deliver its objectives and to rebound and prosper.” That’s different from the classic recovery model with a focus on recovery time and recovery point objectives, Morency said.
“Backup can only take us so far,” Morency said.
Zerto’s new Elastic Journal, for example, which is scheduled for release with Zerto 7 in early 2019, provides continuous recovery points across data, files or virtual machines, going from seconds to years back. Zerto pitched it as a new way to do backup. The feature is a part of Zerto’s newly branded IT Resilience Platform.
“We don’t ever go to our backup solution for recovery,” said senior system engineer Jayme Williams, of material manufacturer TenCate, a Zerto customer since 2012.
Instead, TenCate uses Zerto for its journal file-level recovery.
Data protection criteria are changing, Morency said. In the past, functionality was the most important for products. Now it’s cost, ease of use and capability to support multiple data protection uses.
Needs and planning tips for IT resiliency
According to Morency, governance requirements driving organizations’ need for IT resilience include:
- close-to-continuous IT and business operations
- workload mobility
- sustainable data integrity, consistency, availability and accessibility
- cyberthreat mitigation
- IT service configuration, deployment and change agility
- detection of and response to potentially disruptive events in order to sustain business and IT operations
Ransomware is changing the game for cyberthreats. Speakers at ZertoCON 2018 noted that a ransomware attack is a “when” not “if” scenario. And traditional backup — with recovery point objectives measured in hours — may not cut it, as organizations will want to recover from just before the attack hit.
Gartner estimates that by 2020, 30% of organizations targeted by major cyberattacks will spend more than two months cleansing backup, resulting in delayed recoveries.
IT resilience management is also driving product convergence: in backup software, runbook automation, software-defined managers and cloud management platforms.
“It’s not about backup. It’s not about runbook automation,” Morency said. “It’s all of the above.”
For many organizations, the IT resilience scope is hybrid. According to Gartner research, nearly 80% of organizations say their data center capacity profile in five years will include some combination of on-premises and cloud.
Morency provided an action plan for organizations looking to begin an IT resilience journey:
- Monday morning: Benchmark your organization’s resilience and identify people, process and technology gaps that are specific to the support of mission-critical business processes and applications.
- 30 to 90 days: Develop and execute a plan for improving relevant resilience gaps for mission-critical processes and applications.
- 90 to 180 days: Prioritize gap closure for critical and important processes and applications; mitigate the resilience risks posed by key vendors and service providers.