Fall World 2017

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 30, Issue 2

Full Contents Now Available!

Monday, 19 June 2017 18:31

Disaster Recovery and Business Continuity in the Workplace

Written by  SCOTT KINKA

Kinka1

When or if. Much more than simple conjunctions, these two terms represent a widening technology gulf and risk mindset that could potentially undermine an entire company. For IT professionals the alarming words after the conjunction are “a major disaster strikes” and for many the story that emerges isn’t likely to have a happy ending.
Ask any IT professional and they will acknowledge that IT disasters, both big and small, happen; you can probably add them to the death and taxes list. In fact, one third of organizations have reported having an incident that required disaster recovery (DR). Whether it’s hardware failure, cyber-attacks or a weather event; disasters are regularly impacting businesses and their associates.

These threats could not be any more real. We recently received a 1 a.m. panic call from a customer in the real estate field. An employee at the firm had clicked on a malicious file and activated a ransomware virus. Every server, desktop, and document in the company was completely locked down and totally inaccessible. However, instead of taking weeks to rebuild and attempt to recover their systems, or pay a massive ransomware fee, their IT professional called the support team. Inside of one hour they were back up and fully operational. Unfortunately, this kind of story, without the happy ending, is becoming more of the norm and less of the exception.

We recently conducted a survey of more than 500 C-level executives and IT professionals and uncovered some fascinating data. The survey delved into the respondent organization’s experience with outages and related incidents as well as DR plan contents. As you might expect, with risks growing every day, IT professionals are more concerned than ever with disaster recovery.

How Prepared Are You?

The results of our 2016 survey revealed an alarming disconnect between C-level executives and IT professionals when it came to how prepared their organization was to truly handle a disaster. While nearly 70 percent of C-level executives feel their organization is “very prepared” to recover from a disaster, less than half of IT pros at those same organizations shared this view. The survey also uncovered how compliance requirements, and the use of hosted solutions, contributed to an organization’s overall confidence in its disaster recovery capabilities.

Which Industries Are Most Prepared?

The survey further revealed which industries and verticals feel most prepared for a potential disaster. According to the survey respondents – 67 percent of those in banking, 58 percent in the government sector, and 55 percent at technology companies – feel very prepared to recover IT assets should disaster strike.

Interestingly, despite their aggressive compliance requirements, just over half of respondents at healthcare organizations feel very prepared to recover from an outage or incident. We believe there are a couple of explanations as to why respondents in healthcare felt this way. First, 18 percent of healthcare organizations are relying on public cloud for their disaster recovery. With regular public cloud outages in the news this group is predictably nervous. Additionally, one-third of healthcare companies are still using backup tapes, and nearly 47 percent are using a secondary mirror site. Lastly, five in 10 healthcare respondents report believe their DR budget is underfunded which is 11.5 points higher than the average for all respondents to the survey (37.5 percent).

Disaster recovery efforts in the education and manufacturing fields also appear to be lagging. Only 38 percent of those in the education space feel very prepared to handle a disaster and just 35 percent of manufacturing firms feel the same. The manufacturing field is also adopting newer technologies more slowly than other industries with more than half of those surveyed acknowledging they are still relying on backup tape drives.

What Makes IT Pros Feel Prepared?

Our research revealed factors that influence IT professionals when it comes to feeling “very prepared” for a potential event. The first of these was having established DR compliance requirements. Organizations with clearly defined compliance requirements tend to be more confident in their ability to recover from a disaster; largely because they were forced to address the issue. The second factor pertained to hosted solutions, with IT professionals feeling more assured if they use Disaster Recovery as a Service (DRaaS) and/or a managed service provider (MSP) environment. Leveraging DRaaS, which provides near real-time recovery of IT assets via the cloud, increased confidence by 17.5 points. While moving IT infrastructure offsite by deploying a managed service provider environment increased confidence by 22 points.

DRaaS, unlike backup legacy solutions, enables near real-time recovery of assets through the cloud and awareness of the service among those polled has increased. In fact, 67.5 percent of those surveyed were familiar with DRaaS, an 8.5 percent increase from our 2014 survey. However, there is an awareness gap between IT professionals and C-level executives with 7 in 10 IT professionals familiar with the technology, compared to just 5 in 10 executives. This awareness gap of the benefits of the service, means many IT professionals need to begin educating their executives before gaining budget approvals for disaster recovery efforts.

A Look at Disaster Recovery Hygiene

Compared to our DR survey in 2014, a growing number of organizations are adopting hosted disaster recovery solutions to maintain business continuity. Of those surveyed, 22.5 percent are now using a public cloud, an increase of 9.5 points and 9 percent of respondents are now using DRaaS, an increase of 55 percent. On the other hand, just 35 percent are now using backup tapes, a decrease of about 10 points.

The survey also revealed some areas of disaster recovery hygiene that showed little movement. For example, 42.5 percent of respondents are using additional servers and devices at their primary site. Also, only 16.5 percent of organizations are using a MSP; as noted earlier, this offering typically makes companies feel more secure in light of unexpected events. This MSP percentage is a slight uptick from 15 percent in 2014. Finally, one-third of companies are using a site within 50 miles of their primary data center. This close proximity opens up risk during widespread natural disasters such as flooding, snow/ice, high winds, and more.

What Does an Outage Really Mean for a Business?

Our survey also produced new data around the number of DR events suffered by organizations. Just over four in 10 respondents who had suffered a DR outage indicated they actually had to deal with multiple disasters. The leading cause of outages continues to be hardware failure and server room issues, which was reported by 48 percent of respondents. Deliberate, malicious attacks were noted as the cause of outages by 13 percent of respondents, a 200 percent increase from our 2014 survey.

While most businesses believed they were able to fully recover from a disaster, 56 percent of those surveyed who dealt with a major incident experienced a financial loss and one in 10 organizations experienced permanent data, application or system losses. More than 12 percent suffered a loss of $100,000 or more. In addition, 31.5 percent of companies revealed that recovery took up valuable staff time that impacted their business. Finally, as a result of their experiences, 11.5 percent of respondents who suffered an outage increased their budget for disaster recovery.

The longer a company is down, the greater the productivity loss, and the higher the likelihood of losing profits. It is here that compliance initiatives really showed their value. Just 42 percent of those with compliance requirements took more than one business day to recover from a major incident while 64 percent of organizations without compliance requirements took more than one business day. Based on those results, as you might expect, DR compliance was noted by those surveyed to drive confidence in the ability to recover IT and related assets in the event of an incident.

A Closer Look at Disaster Recovery and Business Continuity Plans

Kinka2In the technology community DR plans are generally considered a “must have” by IT leaders and more than three-quarters of those surveyed have implemented a DR plan. Interestingly, compliance seems to be a catalyst for moving from a “must have” to “actually having.” Some 88 percent of respondents with compliance requirements have a DR plan while just 60 percent of organizations without compliance requirements have a DR/BC plan implemented.

The plans however still need some work. Of the organizations surveyed with a DR plan in place, less than three-quarters actively document recovery time objectives (RTOs), the targeted amount of time that business processes must be restored after a disaster. Ten percent of those polled were not familiar with the term RTO before taking the survey. An even greater number, 16 percent, were unfamiliar with recovery point objectives (RPOs), the point in time from which data is recovered. Only 67 percent of respondents reported they currently document RPOs in their DR plan.

Additionally, the survey revealed that 93 percent of organizations take into consideration remote access, 88 percent include communications, and 87 percent define how employees will get access to recovered data, all of which are a sign of efficient DR planning. However, documented access to desktops fell short, with just 63.5 percent noting it as a factor in their DR/BC plans.

While having a plan is great start, businesses must still fund the infrastructure and associated costs of DR. Surprisingly, a majority of respondents spent less than $50,000 annually on DR and another 6 percent spent no money at all. As you would expect, larger organizations are spending more on disaster recovery with 16.5 percent of organizations with 2,001 to 5,000 employees spending between $500,000 and $1 million on DR and 41.5 percent of those with more than 5,000 employees spending more than $1 million. Of the most concern on budgets, according to the IT professionals surveyed, 30 percent of organizations with 2,001 to 5,000 employees and 16 percent of firms with more than 5,000 employees are spending less than $50,000 on disaster recovery.

What Does This All Mean?

Companies are becoming increasingly aware of the need to protect critical business assets from major outages, whether malicious or unintentional, human error, hardware failure, or a natural disaster. These organizations are making efforts to avoid risky backup policies such as using backup tape or replicating onsite or to a secondary mirror site less than 50 miles from their main data center. Instead, a growing number of companies are developing a strategic, disaster recovery plan and educating themselves about the benefits of new DR approaches, such as DRaaS.

However, a lack of DR awareness and education at the executive level, ultimately translates to a lack of budget and poses an undeniable risk to today’s businesses. IT professionals and C-level executives need to engage with one another and assess their confidence in their organization’s current DR plans and ability to recover. Additionally, all stakeholders must make a concerted effort to better understand to real cost of downtime on a companywide scale, as well as recognize their current DR risks. These practices will ensure appropriate budgets are assigned, compliance adherence will be improved, and better solutions will be implemented that assure recovery options.

Kinka ScottScott Kinka serves as chief technology officer for Evolve IP. An award-winning, 20-year technology veteran with expertise in virtualization, cloud security and telecommunications, Kinka designs the Evolve IP roadmap, leads Evolve IP’s project team, and works closely with customers and partners. Kinka was named one of Philadelphia’s “40 under 40” and selected as the region’s Top IT Innovator by the Philadelphia Business Journal. Kinka is also a nationally recognized technology expert having appeared on CBS News along with being quoted extensively in publications like USA Today, FOX News, and CIO Magazine. The press release linking to the survey discussed in the article can be found at http://www.evolveip.net/c-level-professionals-disagree-organizations-ability-recover-disaster-evolve-ip-survey-reports.