Cloud based recovery is growing at a phenomenal rate
Over the past few years businesses have been buying cloud based recovery like it’s going out of fashion. Depending on which report you read, compound annual growth rates for cloud based recovery range from 13% to 55%.
But DR success rates are still very poor
What’s less impressive is the lack of improvement in disaster recovery success rates. I would encourage you to do the research on organization’s ability to achieve RTO and RPO objectives without issues or significant issues.
Depending on your level of Disaster Recovery (DR) maturity, success rates range from 2%. Yes that’s right 2%, rising up to 69% for those with the most mature DR capability. Only 1.5% of businesses have the highest level of maturity.
Most organizations find themselves in the 4-15% recovery success rate range.
Other reports that I’ve seen for testing indicate 65% of businesses are failing to meet their DR test objectives – let me declare now, that report was published in 2014. Yesterday I found another report from a competitor where the scores were coming in at around the 50-60% DR success rates.
Why is recovery performance so poor?
The truth is, DR for a mid to large size enterprise is hard to deliver if your IT environment is complex and hybrid. This explains why, despite the current IT fashion to talk about digitization, AI, The Internet of Things blah, blah blah – good old DR is still amongst the highest ranking enquiries going into some IT analyst firms.
Disaster Recovery is difficult to perform well. In fact, for a mature medium sized enterprise with a mix of legacy and new IT/applications you are really up against it.
First – do you really know what your IT estate is comprised of. From our experience when assessing customer needs, it would seem many don’t. It’s not been accurately documented so how do you recover what you don’t know about? How do specify what your IT recovery needs are?
Secondly – There is a good chance the new sexy new apps currently in your development environment will to some extent be reliant on some of your old physical IT, that does much of the day to day grunt work. So despite the promising speeds of back up / recovery software. Your RTO and RPO performance could still be determined by your older kit.
Third – If you are recovering from a Malware attack – you may well need a DR environment that isn’t connected to the internet so that you don’t re-infect yourself when rebuilding your IT. This gives you the space and time to ensure it’s Malware free before connecting it back up to your business.
Fourth – you and your team spend much of your time on day to day tasks. There isn’t the time to accurately document your IT changes and this is made worse by IT staff leaving and taking “their” change knowledge with them.
Resilience and Recovery is now a business imperative
Your business will experience IT down time and you will be attacked. You will need to recover quickly. The range of forces ranging from foreign governments, proxies, anarchist groups and disgruntled employees is a constant andgrowing threat. This is a mega issue for the board and you must show leadership to help executives understand the risk and the investment needed to make the business resilient so at time of attack/disaster, the business can spring forward whilst others are succumbing to disruptive forces.
You still need to be agile and super competitive
The key to resilience success is to do it in a way that doesn’t hold back business growth. It must still let you exploit new business opportunities in new markets and geographies quickly, with minimum capital expenditure and in the shortest time scales to stand up your production and recovery IT operations. It must also offer the best end user experience whilst still being compliant to local data protection laws.
These operational requirements therefore spell the end of the on-premise data centers for all but the wealthiest businesses who can still afford to simultaneously build production and recovery data centres in target markets.
Unless you get to grips with Resilience and DR (i.e. having the ability not only to recover but also to protect and quickly retrieve data when needed), you are going to fall behind in competitive terms.
[su_box title=”About Daren Howell” style=”noise” box_color=”#336588″][short_info id=’103987′ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.