The final chapter in this blog series focuses on IT disaster recovery plans, some stats on DR budgets, and a look at the ‘big picture’ of what organizations should take away from this discussion. Similar to parts 1, 2 and 3 I will be referencing results from Evolve IP’s survey on disaster recovery services which polled of 500+ C-level executives and IT professionals.
In the technology community, IT disaster recovery plans are generally considered a ‘must have’, as over three quarters of those surveyed have implemented one. Interestingly, compliance seems to be a catalyst for moving from a ‘must have’ to ‘actually having’. 88 percent of respondents with compliance requirements have an IT disaster recovery plan while just 60 percent of organizations without compliance requirements have implemented one.
The plans however still need some work. Of the organizations surveyed with a plan already in place, less than three quarters actively document Recovery Time Objectives (RTOs), the targeted amount of time that business processes must be restored after a disaster. Ten percent of those polled were not familiar with the term RTO before taking the survey. An even greater number, 16 percent, were unfamiliar with Recovery Point Objectives (RPOs), the point in time from which data is recovered. Only 67 percent of respondents reported they currently document RPOs in their IT disaster recovery plan.
Additionally, the survey revealed that 93 percent of organizations take into consideration remote access, 88 percent include communications, and 87 percent define how employees will get access to recovered data, all of which are a sign of efficient planning. However, documented access to desktops fell short, with just 63.5 percent noting it as a factor in their plans.
While having an IT disaster recovery plan is great start, businesses must still fund the infrastructure and associated costs of DR. Surprisingly, a majority of respondents spent less than $50,000 annually on recovery capabilities and another six percent spent no money at all. As you would expect, larger organizations are spending more on DR, with 16.5 percent of organizations with 2,001 to 5,000 employees spending between $500,000 and $1 million on DR and 41.5 percent of those with more than 5,000 employees spending more than $1 million. Of the most concern on budgets, according to the IT professionals surveyed, 30 percent of organizations with 2,001 to 5,000 employees and 16 percent of firms with 5,000+ employees are spending less than $50,000 on disaster recovery.
What Does This All Mean?
Companies are becoming increasingly aware of the need to protect critical business assets from major outages, whether malicious or unintentional, human error, hardware failure or a natural disaster. These organizations are making efforts to avoid risky backup policies such as using backup tape or replicating onsite or to a secondary mirror site less than 50 miles from their main data center. Instead, a growing number of companies are developing a strategic, IT disaster recovery plan and educating themselves about the benefits of new DR approaches, such as Disaster Recovery as a Service.
However, a lack of DR awareness and education at the executive level, ultimately translates to a lack of budget and poses an undeniable risk to today’s businesses. IT professionals and C-level executives need to engage with one another and assess their confidence in their organization’s current DR plans and ability to recover. Additionally, all stakeholders must make a concerted effort to better understand to real cost of downtime on a companywide scale, as well as recognize their current DR risks. These practices will ensure appropriate budgets are assigned, compliance adherence will be improved, and better solutions will be implemented that assure recovery options.