Businesses are not conducting proper data recovery checks due to the complexity of moving into cloud computing and other types of technology including virtual servers, a new survey from Symantec has revealed, putting thousands of SMEs at risk.
The sixth annual Disaster Recovery Study has found that 82% of backups occur only weekly, or less frequently, when they should be conducted daily. Other alarming figures include that a majority of respondents said they expect downtime to be only two hours after an outage, but in reality, the median downtime per outage was six hours in Australia and New Zealand.
Symantec spokesperson Brad Newton says the survey, which compiles results from companies with over 5,000 employees, reveals three distinct problems with virtualisation, cloud computing and a lack of information regarding how to properly go about backing up data.
“What we’ve found is that virtualisation and the cloud are making disaster recovery a lot more complex. More and more applications are being used, more is going into the cloud and less than 25% of this data is being protected in the event of a disaster.”
The term “virtualisation” refers to a practice whereby companies use virtual software. Newton says the most typical use for this is when companies buy servers to host a website or other products.
Usually, only one server can host one particular type of product or service. But virtualisation software allows users to split that server into multiple “virtual” servers, allowing businesses to save money – “it’s easier to buy one server rather than 10,” Newton says, but warns this also increases the complexity of actually backing up data.
“You probably won’t find an organisation today that doesn’t take advantage of this. But the use of more virtual servers increases complexity, because many organisations don’t know how to back up that data. It’s a very complex system to approach.”
The other complex issue here is cloud computing. Newton says local organisations reported 50% of mission-critical applications are now in the cloud, with 94% of companies in ANZ reporting security is the main concern when moving into a cloud environment.
“We’ve seen over the last 12 months a move into moving mission-critical stuff into cloud providers. But many businesses aren’t making sure their cloud provider is compliant with all necessary regulations around the proper use of data.”
While Newton says the use of virtualisation and cloud computing is all well and good, the survey reveals some severely alarming statistics about what happens when these services actually crumble.
First of all, only 50% of organisations are backing up the data they use in these virtual environments, with many saying they simply don’t know how. “Only half of all these virtualised servers are covered in data-recovery plans.”
Meanwhile, Newton says data recovery practices in Australia are still below-par. The survey shows that while businesses expect the average downtime to last about two hours, the reality is the median outage lasts about six hours – and they have experienced an average of six downtime incidents in the past 12 months.
Respondents also said only 93% of backups occur only weekly, or less frequently, when they should be conducted daily, while 59% said a lack of resources including people, budget and space hindered their ability to backup virtual environments.
And Newton says businesses are increasingly at risk of different types of downtime incidents caused by a range of factors including system upgrades, power outages, cyber-attacks and natural disaster s including fires and tsunamis.
He recommends businesses review their data recovery plans with IT professionals and staff, including ensuring that mission-critical data is treated the same across all environments, whether they are virtual, in the cloud or physical.
He also recommends simplifying data protection, plan and automate system upgrades to minimise downtime and make sure your cloud providers are reputable and reliable.
“Your reputation has a role to play here, the impact on your brand if you go down could be pretty high. You need to regularly test your data recovery plans and make sure that you get an independent security audit of your service providers. Make sure you have contingency plans.”