The dangers of DIY disaster recovery
Do-it-yourself (DIY) disaster recovery exposes companies to risk, and those looking to mitigate this risk should consider outsourcing.
So said Tshepo Masigo, business development executive at IBM, during the ITWeb Business Continuity 2013 Summit yesterday.
According to Masigo, firms of all sizes agree that availability, uptime and disaster recovery are more critical than ever.
He noted that, in a recent Forrester study, organisations were asked what their top hardware priorities were for the next 12 months; 60% responded that improving business continuity and disaster recovery capabilities were a high or critical priority.
While many firms run at least a portion of their disaster recovery in-house, he points out that spend on business continuity and disaster recovery as a proportion of IT budgets is at an all-time high.
"In Forrester's recent budgets and priorities tracker survey from 2012, it was found that enterprises spent on average 6.2% of their IT budgets on business continuity or disaster recovery," he said.
"And 28% of firms spend between 6% and 10% of their budgets on business continuity or disaster recovery. Since 2010, the average spend on business continuity or disaster recovery has grown almost a full percentage point. The need for human resources devoted to business continuity or disaster recovery is also on the rise."
Forrester found that enterprises employ, on average, more than 31 full-time employees to support business continuity management corporation-wide, Masigo added.
He also noted that, despite increased spend on disaster recovery, total cost of ownership (TCO) is a leading driver in outsourcing considerations.
"When organisations were asked what would make them consider outsourcing part, or all, of their disaster recovery capabilities, 56% responded that they would be swayed if the TCO was proven to be less for outsourced disaster recovery versus in-house."
Thus, he urged organisations to understand the costs and implications of running disaster recovery in-house. "Before deciding whether to in-source or outsource disaster recovery capabilities, it's critical to understand all of the costs and impacts that are associated with the decision," he noted.
Many organisations make the leap without fully considering if they have the expertise in-house needed to run and maintain an effective disaster recovery programme, he explained, adding that more than one third of respondents in the survey indicated that this was a challenge for them.
Almost 40% of respondents feel that maintaining funding is a challenge when running a disaster recovery programme, Masigo pointed out. Before moving to outsourcing, businesses should dedicate proper resources to the programme and ensure consistent testing, he said.
Describing the most common IT considerations when establishing a disaster recovery solution, Masigo said organisations must look at recovery time objective, which he defined as the time between application unavailability and recovery.
"Recovery point objective (RPO) - the last data point to which production is recovered upon a failure - is also another consideration. Ideally, customers want the RPO to be zero lost data. Practically speaking, we tend to accept a recovery point associated with a particular application state."
Planned downtime and geographic dispersion should also be considered when talking about data recovery, Masigo said. Other considerations include ease of management, ease of deployment, as well as integration and support, he pointed out.