Disaster-recovery plans fall short

By Ann Silverthorn

—A recent Applied Research survey of 500 IT managers shows that nearly half of the responding companies do not have a disaster-recovery (DR) plan in place. Why? Lack of resources was cited by 33% of those respondents, while 27% don't see a need for DR plans.

The questions in the survey were designed to determine the level of IT organizations' disaster recovery readiness, deterrents to DR implementations, and future plans for DR and business continuity.

Even among companies that do have disaster-recovery operations in place, the implementations are often inadequate, according to Peter McKellar, a group product manager at Symantec, which commissioned the Applied Research survey. "They need a lot of help from a technology perspective, but also from a process and people perspective," he says. "They may migrate all their servers and applications to a disaster-recovery site if an event happens, but they often don't take into consideration who will operate those systems."

Of those companies that have a disaster-recovery or business continuity plan in place, 61% listed data corruption as a primary motivating factor. McKellar says data corruption can come from a variety of sources, including human error as well as software or hardware failures. "Some sophisticated applications have multiple modules writing to the same file, which can cause conflict. A server can lose power in the middle of a file being written, or a hard drive can fail," says McKellar.

Cost was mentioned most frequently (by 23% of the survey respondents) as the biggest challenge regarding disaster-recovery and business continuity plans. In light of this statistic, McKellar notes that vendors and users have to come up with ways to make DR more cost-effective. One solution is to set up different levels, or tiers, for DR and business continuity.

"Every application has its own level of availability requirement," says McKellar. "Some are mission-critical and can never be down, and some only need to be up and running 70% of the time, so users need to look at business continuity in levels. Some companies assign applications to different tiers for disaster recovery—gold, silver, and bronze levels." McKellar adds that it's even possible to create tiers of availability within an application.

This article was originally published on January 19, 2006