cloud backupDRaaSVeeam

Survey Results: Gap Between Data Protection Processes and Priorities

ByAugust 31, 2018
Veeam Data Protection Surveyiland and Veeam recently teamed up to conduct a data protection survey of 300 IT organizations. We talked to companies worldwide, with virtual environments ranging from less than 25 virtual machines (VMs) all the way up to 250 or more. Let’s spend a few minutes reviewing a summary of the responses covering data protection, backup and disaster recovery.

To read the full report, click here.

So, what stood out?

Data loss is a top concern.
By more than a 3-1 margin, respondents rank data loss as the biggest threat to business continuity during an outage. This sentiment cut across all respondents, regardless of VM count— which reinforces that an organization’s data is among its most valuable assets.

Based on the aggregate responses from the survey, respondents overestimate their abilities to prevent data loss and recover from failures.

Outages and recovery occurrences are far too high.
Respondents indicated that nearly half of all outages were a result of hardware failures and human error, followed by data corruption and malicious activity. The average downtime for 60 percent of respondents was greater than an hour to more than 24 hours. 38 percent of organizations initiated VM recovery two or more times per year.

Failovers are a given, but the length and severity of outages can be managed with the right planning and tools.

Backup strategies are lacking.
Less than half of any group in the survey backed up all of its VMs daily. That means the majority of companies aren’t keeping daily backups of all VMs. That is shocking, especially considering the value respondents placed on data combined with the outage occurrences. Best practice says that critical workloads should be backed up every 24 hours or less.

Get our data protection checklist and make sure you’re following all best practices.

Recovery and testing practices need to be improved.
As an added layer of vulnerability, nearly half of the respondents tested recovery for existing backups once a year or less — and a significant percentage of those respondents reported that they only verify the validity of their backups during recovery. The organizations on the smaller end of the VM spectrum contribute to most of that statistic. 56 percent of the group with less than 25 VMs indicated that testing occurred at recovery or never.

Never. Let that sink in. These responses are alarming. If there was an error during the backup process, finding out in recovery is too late.

Let’s dig deeper

Now that we’ve covered a few of the responses from the report, let’s talk more about what those numbers mean.

To keep it short and sweet, the responses suggest that processes are not keeping pace with priorities.

Considering that the focus of the survey was data protection, the responses that stood out the most to me were the expectations for acceptable data loss during a failover. Half of the respondents have a one hour or less RPO (Recovery Point Objective) and 25 percent said that they couldn’t afford to lose any data.

Those types of data loss thresholds are not covered by a backup technology, but by a replication technology at the virtual, OS, storage or application layer. Keeping that in mind, I found it surprising that 47 percent of organizations had less than half of their VMs covered by a DR plan. Even considering that not all VMs are required to be part of a DR plan, critical workloads remain unprotected from site or application level issues and certainly aren’t meeting the RPO goals referenced above.

Another surprising finding in the survey were respondents recovery capabilities.

So, what did respondents say when they were asked what their current RTO (Recovery Time Objective) capabilities are?

46 percent said they could recover within a few hours (which would require regular planning and testing of the orchestration services). However, when asked about testing frequency of the DR plan, only 9 percent responded that they test at least monthly. A quarter said they test during the recovery.

Again, we find a gap between priorities and internal processes.

Finally, the survey asked respondents to rate their confidence level in meeting their internal standards for RPO and RTO.

78 percent said they were confident or very confident that they are meeting their RTO, and 75 percent indicated that they were confident or very confident in meeting their RPO.

Our respondents’ confidence seems to be misplaced.

In summary

The findings in this survey have been enlightening.

As a solutions architect, I interact with IT teams of all sizes to address their backup and DR requirements. From my discussions with these varied organizations over the years, I’ve been able to give context to the survey results and the alarming finding that processes don’t keep pace with data protection priorities.

Organizations are expected to keep their critical applications running 100 percent of the time, while pushing down the costs of IT and doing it with the least possible number of personnel. This is especially true of DR, which has typically been considered an expensive insurance policy.

The good news is that this mindset that DR is just an insurance policy is changing. Protection and recovery of data spans a number of scenarios. Natural disasters are down on the list, while data corruption and malicious activities are on the rise. Technology and processes have to be flexible enough to respond to any number of issues. There’s been no mention of compliance requirements to this point, which are also pushing organizations to formalize, verify and document their recovery processes.

The survey didn’t send me spiraling off into a complete panic, though. There were also some positive takeaways. Despite the gaps in data protection processes, IT groups are actively implementing targeted technologies and employing third-party services to fill the space between the requirements and what’s being accomplished. IT organizations are also actively storing multiple copies of backup and replication data off-site. (There is, however, still room for improvement).

So, if you’re like the majority of organizations in this survey and your data protection plan needs improvement, we’ve got some good news for you. Technology and service providers like iland and Veeam take the guesswork and complexity out of data protection and provide compliant, secure and easy to use tools to meet internal organization and industry requirements.

Watch the on-demand webinar, The Great Disconnect of Data Protection — Perception, Reality and Best Practices to learn more about the survey results.
Pete Benoit

Pete Benoit

Pete is an Enterprise Solutions Architect at iland, currently based out of Dallas with over 20 years of experience in the IT Services industry including time with hardware vendors, VARs and IaaS providers. His career began in the US Air Force as a Communication-Computer Systems Operator before joining the private sector and moving to Texas in 1996. Pete has a wide range of industry experience as a technician, support engineer and solutions engineer and excels at customer service. A proud graduate of the University of Louisiana at Lafayette, Pete is a husband and father of two and enjoys golf and spending time with family and friends.