• No results found

Disaster Recovery Plan - Current Scenario

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Disaster Recovery Plan - Current Scenario"

Copied!
17
0
0

Loading.... (view fulltext now)

Download now ( 17 Page )

Full text

(1)

Disaster Recovery

Directions

 2013 / 2014

How Australian businesses are dealing with today’s Disaster

Recovery challenges

25 October 2013

VERSION 2, RELEASED

(2)

CONTENTS

EXECUTIVE SUMMARY ... 2

ABOUT THIS REPORT ... 4

INTRODUCTION ... 4

ABOUT ZDNET AND CBSINTERACTIVE ... 4

ABOUT MACQUARIE TELECOM... 4

OVER THREE-QUARTERS OF BUSINESSES HAVE DISASTER RECOVERY COMPLIANCE OBLIGATIONS ... 5

MOST BUSINESSES HAVE DISASTER RECOVERY PLANS, BUT TEST THEM INFREQUENTLY ... 6

MOST BUSINESSES HAVE A DISASTER RECOVERY PLAN ... 6

DISASTER RECOVERY TESTING IS INFREQUENT IN MOST BUSINESSES ... 7

ALMOST THREE-QUARTERS OF BUSINESSES TEST LESS FREQUENTLY THAN THEY WOULD LIKE ... 8

DR TEST METRICS AND OUTCOMES ... 9

RECOVERY TIME AND RECOVERY POINT OBJECTIVES ARE CHALLENGING ... 9

TESTING RESULTS SHOW DR OBJECTIVES ARE NOT ALWAYS ACHIEVED ... 11

A VARIETY OF DR APPROACHES ARE IN USE... 13

ON-PREMISES DR CAPABILITY STILL MOST COMMON ... 13

DR BUDGETS VARY CONSIDERABLY ... 14

METHODOLOGY AND RESPONDENT DEMOGRAPHICS ... 15

INTRODUCTION ... 15

(3)

Executive Summary

Australian organisations increasingly rely on information and communications technology (ICT) to connect with customers and deliver services. ICT offers great benefits to businesses, but also brings potential vulnerabilities if systems become unavailable. As a result, businesses must make adequate provision to enable business continuity for mission critical processes – and in a cost-effective way.

Balancing these demands is important for all businesses – there are many examples of disaster-affected businesses that failed to recover. The threat of business disruption is not the only driver for businesses in making responsible provision for disasters. Compliance requirements for large businesses and for those in critical industries such as the finance sector make boards responsible for providing adequate disaster recovery precautions.

This research study looks at how Australian organisations with 200+ staff deal with their disaster recovery (DR) challenges. The key findings are:

 Over three-quarters of businesses have DR compliance obligations

 While industry-specific obligations are most common, respondents also report compliance obligations to government or other regulation such as Sarbanes-Oxley.

 These regulations should not be taken lightly – in some cases Boards are responsible for ensuring compliance is appropriate to the organisation’s operations.

 Regulations also stipulate the need for regular testing and review of disaster recovery/business continuity plans.

While most businesses have disaster recovery plans, they test their plan infrequently

 Almost nine out of every ten businesses has a DR plan.

 Only one-third (33%) of businesses test their DR plans more than once a year.

 The remaining two-thirds risk their DR plans becoming outdated: if they don’t test their DR plan often how do they know it’s still appropriate?

Businesses would like to test DR plans more frequently but obstacles frustrate them

 67% of businesses face resource and/or cost challenges in optimising their DR test plans.  48% say it takes too much time and effort to arrange and execute DR tests.

(4)

Test results indicate room for improvement

 58% of businesses do not meet their RTO target every time they run a DR test.

 Even though the remaining organisations meet their targets “most times” that still leaves doubts – would a real disaster be like most times, or like one of the times where targets aren’t met?

 10% frequently fail to meet RPO targets, and 8% frequently miss RTO targets - the DR plans in these businesses are not fit for purpose, and need improvement.

 Almost two-thirds of businesses depend partly or completely on on-premises DR

capabilities

 60% of businesses depend partly or wholly on DR capabilities based in their premises. 34% of businesses have on premises DR capabilities only. That’s a high risk should a disaster destroy those premises or render them inaccessible.

 A further 26%provide DR from a mix of on-premises and off-premises assets, either hosted or hosted private cloud, or public cloud.

 32% have a DR capability hosted off-premises (but not public cloud). These organisations stand a better chance to avoid disruption from local disasters than others that rely only on on-premises DR. Only 2% have DR capabilities provided solely via public cloud.

Respondents report annual DR budgets as low as $5K or less all the way up to $100K and above

 Almost one-half (46%) of respondents have to make do with a DR budget of less than A$10K.  More than one-quarter (28%) have a DR budget worth between $10K to $50K.

 A smidgen over one-quarter (26%) have DR budgets of $50K or more.

Many businesses are making responsible plans to mitigate IT disaster risks, and are following through by investing appropriately in DR, and in testing plans regularly. However, others need to do more to provide adequate protection:

 13% of businesses don’t have a DR plan – they need to get one.

 25% of those with a DR plan test it less than once a year or not at all, and 37% test once a year. All of these businesses need to be testing DR plans more often.

 Time, effort and resource challenges prevent most businesses from testing DR plans more often. These businesses should review available DR approaches, and keep up to date with new services such as public cloud that may better suit their budgets.

 While 42% of businesses meet DR targets every time they test, the remaining 58% that don’t should take action – either by enhancing their DR capabilities to meet the DR targets, or reviewing RTO and RPO with business leaders and adjusting targets where possible to what’s achievable with their current DR assets. If current inadequacies are not addressed the business is left open to potentially unacceptable risk.

(5)

About this report

Introduction

This report was commissioned by Macquarie Telecom in September 2013 with the goal of understanding how Australian businesses with 200 or more staff are dealing with growing disaster recovery (DR) challenges.

Disaster recovery and business continuity is a topic of major interest to ZDNet and an exciting area to work on. If you were one of the 112 IT decision-makers who responded to the survey we thank you sincerely for your time to provide the information that lies at the centre of the report. If not, we hope you may join us in future research studies. We trust you find this report

interesting and we welcome your feedback.

About ZDNet and CBS Interactive

ZDNet (www.zdnet.com) is where technology means business. The site attracts an enthusiastic audience of business technology decision-makers, who visit for the latest coverage and analysis of how technology impacts business. Around 500,000 unique visitors per month in Australia and New Zealand take advantage of ZDNet’s in-depth content.

About Macquarie Telecom

Founded in 1992, Macquarie Telecom (ASX:MAQ) is Australia’s number one Managed Hosting and business-only telecommunications company. Macquarie Telecom is a full service hosting provider offering managed dedicated servers, managed colocation, and managed private and public clouds for mid-size businesses and corporate IT departments. Macquarie Telecom’s fully owned

Australian based Intellicentre 2 is the most certified data centre in the country, offering our customers ISO27001 and PCI compliance.

(6)

Over three-quarters of businesses have DR compliance

obligations

Business in the survey all have a minimum of 200 staff, and are more likely to have compliance obligations for disaster recovery than smaller organisations.

Industry-specific compliance is most common

 More than one-third (36%) of respondents report compliance obligations related to their industry sector.

 Examples include the finance sector where the Australian Prudential Regulation

Authority’s (ARPA) prudential standard CPS 232 “requires each regulated institution ... to implement a whole-of-business approach to business continuity management that is appropriate to the nature and scale of its operations”. In addition, the standard states “The Board is ultimately responsible for the business continuity of the regulated institution”.

Government compliance obligations apply to 31% of respondents, and 10% have more general obligations based on ASX and SOX regulations.

(7)

Most businesses have DR plans, but test them

infrequently

Most businesses have a disaster recovery plan

Almost nine out of every ten businesses has a DR plan

87% of Australian businesses with 200 or more staff have a DR plan in place.

However, 22% test their plans less than once per year.

(8)

DR testing is infrequent in most businesses

Only one-third (33%) of businesses test their DR plans more than once a year

 17% of businesses test their DR plan at least once per quarter, and 16% do so at least once every six months.

 Given the speed at which businesses and their supporting ICT infrastructure change, it’s surprising so few businesses test DR capabilities quarterly.

32% test their DR plans once a year, the, most common testing interval

Almost one-quarter (22%) of businesses have no assurance their DR plans actually still work

 11% test less often than once a year, while another 11% don’t test their plan ever.

13% don’t have a DR plan at all

 While 8% will implement a plan in the next year, 5% have no plans to introduce one in the next year.

(9)

Almost three-quarters of businesses test less often than they would

like

67% of businesses are facing resource and/or cost challenges in optimising their DR test plans

The time and effort involved in DR testing is the major barrier to testing more often

 48% say it takes too much time and effort to arrange and execute DR tests

Limited resource and budget also contribute to sub-optimal testing

 23% cite cost and resource obstacles as barriers to frequent testing (13% don’t have internal resources to handle testing, 6% can’t convince management to increase the testing budget, and 4% say testing is too expensive)

(10)

DR Test metrics and outcomes

Recovery time and recovery point objectives are challenging

Businesses typically specify recovery targets in their DR plans. The main targets are the recovery time objective (RTO) –the time it takes to re-establish systems following a disruption or disaster-and the recovery point objective (RPO) – the time elapsed since the last back-up version of the company’s systems.

Close to two-thirds (64%) of businesses have a target of 4 hours or less to re-establish systems and processes following a disaster or disruption.

 Almost one-fifth (19%) are so reliant on IT systems they need to recover in less than one hour.

(11)

Recovery point objectives are also demanding. Almost two-thirds (63%) have a maximum data loss threshold of 4 hours, of which 29% can tolerate data loss of less than one hour.

(12)

Testing results show DR objectives are not always achieved

An important part of DR testing is to prove whether RTO and RPO targets can be met, and to use test results as the basis for ongoing improvement of DR plans.

While close to one-half of businesses meet their RTO target (42% do so) every time they run DR tests, more than one-half do not.

 46% meet their RPO target every time.

It’s true that 49% and 44% respectively meet RTO and RPO targets “most times”, but that still leaves doubts – would a real disaster be like most times, or like one of the times where targets aren’t achieved?

10% often fail to meet RPO targets, and 8% frequently miss RTO targets - the DR plans in these businesses are not fit for purpose, and need improvement.

Graph showing businesses that meet their Recovery Time Objective (RTO) – time to re-establish systems:

(13)
(14)

A variety of DR approaches are in use

On-premises DR capability still most common

Over one-half (60%) of businesses depend partly or completely on DR capabilities based in their own premises.

 Just over one-third (34%) of businesses have on premises DR capabilities only, a risky approach should a disaster destroy those premises or render them inaccessible.

 A further 26% provide DR from a mix of on-premises and off-premises assets, either hosted or hosted private cloud, or public cloud.

The 32 % who have off-premises DR facilities are better placed to overcome local disasters

 Just under one-third (32%) have a DR capability hosted off-premises. These organisations stand a better chance to avoid disruption from local disasters that others that rely on on-premises DR. That goes also for the 2% of respondents that have DR capabilities provided solely via public cloud.

(15)

DR budgets vary considerably

Respondents report DR budgets from as little as $5K or less all the way up to $100K and above.

Almost one-half (46%) of respondents have to make do with a DR budget of less than A$10K

 26% have <$5K and 20% have $5K to $9.9K

More than one-quarter (28%) have a DR budget worth between $10K to $50K.

 11% have budgets between $10K to $19.9K, and 17% have $20K to $49.9K

A smidgen over one-quarter (26%) have DR budgets of $50K or more

(16)

Methodology and Respondent Demographics

Introduction

In September 2013, ZDNet Australia invited registered members and readers to take part in The

Disaster Recovery Directions survey. These business and IT leaders regularly visit the ZDNet Australia Website, and are therefore well-informed about the topics covered in this survey.

The survey used an online questionnaire to complete the fieldwork, and the resulting analysis based on a quantitative analysis of the responses. The online questionnaire did not present all questions to businesses that don’t have a DR plan. As a result, responses to these subsequent questions include a subset of the total respondents.

The total sample comprises 112 businesses and has a margin of error of 9.23%

Respondent organisations

(17)

The sample comprises a good spread of organisation types across industry sector. The largest sectors are education, government, healthcare, and manufacturing.

References

Download now ( PDF - 17 Page - 901.49 KB )

Related documents

Festo Hidraulica

Por ejemplo, en todo el mundo se utilizan máquinas de procesamiento de madera, máquinas herramienta, equipos de procesos continuos, prensas, máquinas de procesamiento de materiales

UNIT 2 : INCOME FROM HOUSE PROPERTY

(i) As per section 25A(1), the amount of rent received in arrears from a tenant or the amount of unrealised rent realised subsequently from a tenant by an assessee shall be deemed

Disaster Recovery Planning

Management of DR Activities Form Disaster Recovery Event Recording Form Disaster Recovery Activity Report Form Mobilizing the Disaster Recovery Team Form Mobilizing the

THE ESSENTIAL GUIDE TO

The main focus of a disaster recovery (DR) plan is the technology, while a business impact analysis (BIA) focuses on the business processes and the people who perform the processes..

Exploring the association of legalisation status of cannabis with problematic cannabis use and impulsivity in the USA.

US state legalisation status was obtained in 2015, and individuals were classified into two groups: states where cannabis use was legal for recreational and/or medical

Evaluating voluntary sector involvement in mass incarceration: The case of Samaritan prisoner volunteers

In addition, citizens campaign to voice their experiences and reform legislation (e.g.. Evaluating one case of voluntary organisation involvement in criminal justice, the Samaritans

Power Quality Issue of Grid Connected DFIG Wind Farm System

Grid-connected DFIG system based wind farm is expected to respond with specific grid codes, such as power quality, frequency, voltage, real and reactive power control and

Attachment A. Forms. Request for Proposal Number 4724Z1

Bidder is required to review State Agencies' credit card transaction information on at least annual basis and make recommendations on how the State Agencies can reduce