Disaster recovery planning for the IT professional

Flooding resulting from cyclones in Central Queensland caused millions of dollars in damage earlier this year - impacting not only on local communities but also on businesses as offices, equipment and business-critical information drives were lost or destroyed. With an expected increase in cyclones this season, the state government has provided a free webinar educating local business on the importance of disaster planning and business continuity.

In business, as in life, we regularly learn that the unexpected is a reality. For IT leaders, the cyclone season serves as a reminder to review disaster recovery processes, policies and procedures to prepare their critical technology infrastructure in the face of a natural or human-induced disaster.

In 2010, the lure of improving existing disaster recovery efforts and finding cost efficiencies has seen Australian businesses increasingly adopt virtualised IT systems and move to the cloud. However, with the added complexity of virtualisation, a recent survey by Symantec shows businesses have not yet mastered the art of managing data across these new environments.

The rapid rise of virtualisation has brought with it a new challenge: protecting and managing the new and disparate virtual, physical and cloud resources that have been created. According to the survey, between one quarter and one third of all applications are now in virtual environments in Australian and New Zealand enterprises, compared to one fifth in 2009. Significantly, global and local respondents reported that their organisations run approximately 50% of ‘mission-critical’ applications in the cloud.

However, as these changes have taken place, businesses have not been able to keep up with protecting data across these environments using new, wide-ranging tools. For example, only half of the data on virtual systems is being regularly backed up and only one quarter of organisations in Australia and New Zealand are using replication and failover technologies to protect their virtual environments.

In Australia and New Zealand, where natural events are a leading cause of disaster recovery situations, local businesses are experiencing an average of six downtime incidents annually. Incidents such as fires (affecting 93% of Australian and New Zealand businesses), man-made impacts like power cuts (63%), malicious employee behaviour (61%) and system upgrades (59%) were highlighted as major causes of outages in the past five years.

The implications of losing access to, or the ability to run, vital business applications, systems and infrastructure due to these incidents has a tangible impact on business. The survey¹ showed, for example, that 72% of businesses in Australia and New Zealand have experienced an outage from cyber-attacks, resulting in an average of 38 hours of downtime to business functionality. It is estimated the financial cost of a disaster - depending on the size of a company and robustness of disaster recovery initiatives - can be as high as $27,288 per hour of downtime for a custom line of business applications, when aspects such as loss in revenue, penalties and worker productivity are taken into account.

Outages caused by disasters also have reputational implications as businesses fail to meet customer needs due to IT downtime. This includes aspects such as damage to competitive standing in the marketplace, impact on supplier relationships and damage to customer loyalty.

Another key finding of the survey was the large gap in how fast IT leaders think they can recover from a disaster recovery scenario and how fast they actually do. The study showed that the time required to recover from an outage is up to three times as long as respondents perceived it to be. With the potential difference one hour can make to a business, effective disaster recovery planning is something that can set apart businesses that are prepared.

A key recommendation for disaster recovery planning is not to cut corners. Faced by the common threat of a disaster scenario, organisations should implement basic technologies and processes that protect in case of an outage, and not take shortcuts that could have significant consequences.

The best path for organisations facing resource challenges is to adopt tools that provide a comprehensive solution with a consistent set of policies across all environments (virtual, cloud and physical). To assist this approach, IT leaders should look to simplify and standardise data protection processes so they can focus on best practices that help reduce downtime. This includes embracing low-impact backup methods and deduplication, using integrated tool sets that manage across multiple environments and help automate processes, and look to identify potential issues early.

By taking these steps, organisations will enhance their disaster recovery planning and ultimately minimise the downtime experienced in the event of an outage, saving money and time, and ultimately keeping their company competitive.

1. Annual global disaster recovery survey commissioned by Symantec which highlights the new challenges 1700 IT leaders in businesses of 5000 people or more. The sample included 90 Australia and 60 New Zealand companies.

By Paul Lancaster, Director Systems Engineering, Symantec