iland and Veeam recently teamed up to conduct a data protection survey of 300 IT organizations. We talked to companies worldwide, with virtual environments ranging from less than 25 virtual machines (VMs) all the way up to 250 or more. Let’s spend a few minutes reviewing a summary of the responses covering data protection, backup and disaster recovery.
To read the full report, click here.
So, what stood out?
Data loss is a top concern.
Now that we’ve covered a few of the responses from the report, let’s talk more about what those numbers mean.
To keep it short and sweet, the responses suggest that processes are not keeping pace with priorities.
Considering that the focus of the survey was data protection, the responses that stood out the most to me were the expectations for acceptable data loss during a failover. Half of the respondents have a one hour or less RPO (Recovery Point Objective) and 25 percent said that they couldn’t afford to lose any data.
Those types of data loss thresholds are not covered by a backup technology, but by a replication technology at the virtual, OS, storage or application layer. Keeping that in mind, I found it surprising that 47 percent of organizations had less than half of their VMs covered by a DR plan. Even considering that not all VMs are required to be part of a DR plan, critical workloads remain unprotected from site or application level issues and certainly aren’t meeting the RPO goals referenced above.
Another surprising finding in the survey were respondents recovery capabilities.
So, what did respondents say when they were asked what their current RTO (Recovery Time Objective) capabilities are?
46 percent said they could recover within a few hours (which would require regular planning and testing of the orchestration services). However, when asked about testing frequency of the DR plan, only 9 percent responded that they test at least monthly. A quarter said they test during the recovery.
Again, we find a gap between priorities and internal processes.
Finally, the survey asked respondents to rate their confidence level in meeting their internal standards for RPO and RTO.
78 percent said they were confident or very confident that they are meeting their RTO, and 75 percent indicated that they were confident or very confident in meeting their RPO.
Our respondents’ confidence seems to be misplaced.
The findings in this survey have been enlightening.
As a solutions architect, I interact with IT teams of all sizes to address their backup and DR requirements. From my discussions with these varied organizations over the years, I’ve been able to give context to the survey results and the alarming finding that processes don’t keep pace with data protection priorities.
Organizations are expected to keep their critical applications running 100 percent of the time, while pushing down the costs of IT and doing it with the least possible number of personnel. This is especially true of DR, which has typically been considered an expensive insurance policy.
The good news is that this mindset that DR is just an insurance policy is changing. Protection and recovery of data spans a number of scenarios. Natural disasters are down on the list, while data corruption and malicious activities are on the rise. Technology and processes have to be flexible enough to respond to any number of issues. There’s been no mention of compliance requirements to this point, which are also pushing organizations to formalize, verify and document their recovery processes.
The survey didn’t send me spiraling off into a complete panic, though. There were also some positive takeaways. Despite the gaps in data protection processes, IT groups are actively implementing targeted technologies and employing third-party services to fill the space between the requirements and what’s being accomplished. IT organizations are also actively storing multiple copies of backup and replication data off-site. (There is, however, still room for improvement).
So, if you’re like the majority of organizations in this survey and your data protection plan needs improvement, we’ve got some good news for you. Technology and service providers like iland and Veeam take the guesswork and complexity out of data protection and provide compliant, secure and easy to use tools to meet internal organization and industry requirements.