Organisations’ back up and DR plans inefficient or non-existent

Organisations’ back up and DR plans inefficient or non-existent

iland, a global secure cloud services provider, has revealed the worrying results of its 2018 Virtual Environment Data Protection Report, carried out in partnership with Veeam.

The report, which surveyed 300 enterprises about their approach to data protection and recovery in the virtual environment, uncovered a concerning mismatch between their stated targets for data protection, backup and recovery and their actual ability to deliver them.

Key research findings include:

  • 68% of businesses had needed to fully recover an application or virtual machine due to an outage in the past year
  • 23% of organisations back up less than half of their virtual environment daily
  • Nearly 50% of organisations protect less than half of their VMs with a recovery plan
  • 21% of organisations have no disaster recovery plan for any part of their virtual environment
  • 45% test backups annually or only at recovery
  • 44% rely on some form of replication as part of their backup/disaster recovery strategy
  • Only 11% of businesses can restore their critical systems ‘within minutes’ despite 25% of organisation stating that they have zero tolerance for data loss 
Recovery capabilities and targets don’t match up

Three-quarters of those surveyed had experienced issues resulting in systems outages in the past year. Of these, 46% were the result of hardware failure while 41% originated in human error. Malicious attacks accounted for 24% of the total.

By far the biggest concern for businesses about the impact of suffering a data interruption event was the risk of lost data (54%), followed by lost productivity (16%) and loss of revenue (12%). Loss of reputation came in lowest, at just 5%.

Once an outage occurred, 34% of businesses saw downtime of more than four hours, with 11% of these seeing downtime of 24 hours or more. The larger the organisation’s virtual environment, the longer the reported downtimes.

89% of organisations required ‘a few hours’ up to as long as 24 hours to recover critical applications – only 11% were confident that they could recover within minutes. When asked about Recovery Point Objectives (RPO) for data loss, 25% of organisations said they have zero tolerance, with a further 41% having a tolerance of less than four hours of lost data.

Commenting on these figures Amy Hawthorne, VP, global marketing at iland said, “These RPO targets simply don’t reflect reality. If only 11% of organisations can restore systems within minutes, there’s no way that the 25% who have zero tolerance for data loss can meet their objectives, and little chance that those who are aiming for an RPO of four hours or less can hit that, either.”

Reliance on replication for backup and disaster recovery

SAN/NAS machine replication (44%) and virtual machine replication (43%) were the preferred methods for executing disaster recovery plans among respondents. The difficulty with data replication alone is data durability; if the source data is encrypted, for example, due to a ransomware attack, replicated data will also be affected.

When it came to testing backup and disaster recovery plans, a worrying 25% only test their DR plan at recovery. A further 26% only test annually. The largest VM environments were among some of the least robust about testing; those with more than 251 VMs were the largest proportion of respondents who stated that they test annually and the second largest of those who test only during recovery.

Amy Hawthorne added, “These figures suggest that many organisations have work to do to meet their own targets for data protection and that size is no indicator of resilience. It paints a concerning picture of the ability of businesses to recover in the face of an outage in their virtual environment. Infrequent DR testing, partial VM backup, slow recovery times and a reliance on replication for DR execution means that the processes in place to facilitate backup and recovery don’t match the business continuity targets they’re meant to achieve.”

The report also discovered that while 80% of respondents had some portion of their virtual environment hosted in the cloud, with 29% hosting more than half of it there, only 43% of those organisations also use the cloud as one of their backup technologies. Given the stated goals for recovery, it is surprising that more businesses are not taking advantage of the security and speed benefits of backup and disaster recovery in the cloud.

Visit https://www.iland.com/data-protection-report/to view the full report.