Key research findings include:
· 68% of businesses had needed to fully recover an application or virtual machine due to an outage in the past year
· 23% of organisations back up less than half of their virtual environment daily
· Nearly 50% of organizations protect less than half of their VMs with a recovery plan
· 21% of organisations have no disaster recovery plan for any part of their virtual environment
· 45% test backups annually or only at recovery
· 44% rely on some form of replication as part of their backup/disaster recovery strategy
· Only 11% of businesses can restore their critical systems "within minutes" despite 25% of organisation stating that they have zero tolerance for data loss
Recovery capabilities and targets don't match up
Three-quarters of those surveyed had experienced issues resulting in systems outages in the past year. Of these, 46% were the result of hardware failure while 41% originated in human error. Malicious attacks accounted for 24% of the total. By far the biggest concern for businesses about the impact of suffering a data interruption event was the risk of lost data (54%), followed by lost productivity (16%) and loss of revenue (12%). Loss of reputation came in lowest, at just 5%.
Once an outage occurred, 34% of businesses saw downtime of more than 4 hours, with 11% of these seeing downtime of 24 hours or more. The larger the organisation's virtual environment, the longer the reported downtimes.
89% of organisations required "a few hours" up to as long as 24 hours to recover critical applications only 11% were confident that they could recover within minutes. When asked about Recovery Point Objectives (RPO) for data loss, 25% of organisations said they have zero tolerance, with a further 41% having a tolerance of less than four hours of lost data.
Commenting on these figures Amy Hawthorne, VP, Global Marketing at iland said: "These RPO targets simply don't reflect reality. If only 11% of organisations can restore systems within minutes, there's no way that the 25% who have zero tolerance for data loss can meet their objectives, and little chance that those who are aiming for an RPO of 4 hours or less can hit that, either."
Reliance on replication for backup and disaster recovery
SAN/NAS machine replication (44%) and virtual machine replication (43%) were the preferred methods for executing disaster recovery plans among respondents. The difficulty with data replication alone is data durability; if the source data is encrypted, for example, due to a ransomware attack, replicated data will also be affected.
When it came to testing backup and disaster recovery plans, a worrying 25% only test their DR plan at recovery. A further 26% only test annually. The largest VM environments were among some of the least robust about testing; those with more than 251 VMs were the largest proportion of respondents who stated that they test annually and the second largest of those who test only during recovery.
Amy Hawthorne added: "These figures suggest that many organisations have work to do to meet their own targets for data protection and that size is no indicator of resilience. It paints a concerning picture of the ability of businesses to recover in the face of an outage in their virtual environment. Infrequent DR testing, partial VM backup, slow recovery times and a reliance on replication for DR execution means that the processes in place to facilitate backup and recovery don't match the business continuity targets they're meant to achieve."
The report also discovered that while 80% of respondents had some portion of their virtual environment hosted in the cloud, with 29% hosting more than half of it there, only 43% of those organisations also use the cloud as one of their backup technologies. Given the stated goals for recovery, it is surprising that more businesses are not taking advantage of the security and speed benefits of backup and disaster recovery in the cloud.