Data recovery -- more needs to be done

Von Samantha Perry

Veritas Software Corp. last week released the results of its third annual Disaster Recovery study, which revealed, amongst other things, that some 97 percent of businesses surveyed in EMEA would be unable to continue normal operations following a data center fire. The survey, conducted worldwide by UK-based Dynamic Markets, polled some 1 259 IT professionals, at companies with more than 500 employees.

Of the EMEA IT managers surveyed, only 3 percent said they would be able to continue with business as usual after a data center fire. 38 percent had no idea how long it would take to resume bare bones operations, 31 percent could achieve bare bones service within 12 hours, and 38 percent did not know how long it would take to get back to business as usual. Perhaps more worryingly, 52 percent said that the only copy of their organization"s Disaster Recovery plan was stored in the data center.

According to the research, 16 percent of companies surveyed in EMEA do not have a DR plan in place. 34 percent of these companies said they had not got around to it, 24 percent were in the process of putting a plan together, a further 24 percent feel that they do not need a DR plan, of these, 19 percent say the company is too small to merit it, and 6 percent say that the board would not back an initiative like that.

Of those that do have DR plans in place, the majority do not review them often enough, and these plans are falling behind in the face of rapidly changing technology.

Reassuringly, 92 percent of those companies with plans do actually review them. 13 percent do so monthly, 8 percent do so every three months, 14 percent every six months, 34 percent annually, 12 percent review on an ad hoc basis, and 9 percent review either less than every three years, never review, or do not know if they review. The figures for those companies that actually test their plans are much the same.

Given that, in today"s world, most organizations apply patches on a monthly basis (at a minimum), and that systems are upgraded regularly, and, less regularly, new systems are put in place, DR plans that do not keep pace with these changes are pretty much useless, and change control is thus critical.

Says Veritas vice-president marketing, EMEA, Dr Chris Boorman: "The issue of change control is an interesting one, particularly in light of the substantial increase in patches that we have been seeing lately, and spiralling concerns about viruses and accidental or malicious employee behavior."

"While patch updates will rarely trigger the need for a change in DR strategy, IT departments should certainly be reviewing their DR plans more frequently than once a year," he concludes.