IT resilience requires simpler tools, survey says

A survey on the state of IT resilience concluded backup, DR and BC fall on a continuum of data availability, and many organizations want to merge them.

A recent global survey of IT professionals found nearly all of them experienced a successful malicious attack in the past year, and most of the attacks led to unrecoverable data. Overwhelmingly, the IT pros said they want to converge backup and disaster recovery tools to reduce cost and complexity.

The State of IT Resilience survey consisted of 500 globally distributed respondents. IDC conducted the survey and presented the results at ZertoCon 2019 last week.

According to the survey, 89% of respondents said they experienced a successful malicious attack in the past 12 months, and 56% said these attacks led to some unrecoverable data. Perhaps IT complexity is part of the problem. The study also found 93.4% of respondents want to converge data protection tools.

Sixty percent of the survey's respondents reside in North America, with 20% each in the Europe, Middle East and Africa and Asia-Pacific regions. Respondents were IT professionals from a range of verticals that included manufacturing, professional services and financial.

IDC research director Phil Goodwin suggested backup, disaster recovery (DR) and business continuity are simply different ways of achieving IT resilience. He said they were all similar processes that, at their core, create data copies you can use to restore from when something bad happens to the originals.

"When you think about it, backup is just a mechanism of replicating data," Goodwin said during a ZertoCon keynote. "We can't have separate environments and tests. They need to be seamlessly integrated."

Historically, organizations have used separate products to handle backup, DR and data archiving. This approach also creates silos for those functions. Naveen Chhabra, senior analyst at Forrester Research, said this separation isn't strictly necessary, but has been the result of how vendors have built and categorized their offerings over the past few decades.

Data protection vendors have moved to converge secondary storage functions in recent years through single platforms designed to protect and manage data in on-premises appliances and public clouds.

Photo of Phil Goodwin's keynote at ZertoCon 2019
IDC research director Phil Goodwin spoke at ZertoCon 2019.

"As a direction, this convergence of backup, archival and DR sounds good. [Their separation] had been essential not because of purpose, but because of how the industry solutions were developed and aligned," Chhabra said. "The big challenge now would be changing the old habits and processes that organizations have developed for decades."

When you think about it, backup is just a mechanism of replicating data. We can't have separate environments and tests. They need to be seamlessly integrated.
Phil GoodwinResearch director at IDC

Goodwin said while it's impossible to prevent all data loss from cyberattacks, it's not impossible to build systems to restore that data after an attack occurs. Yet, organizations are still losing data.

According to the survey, these are the top reasons leading to unrecoverable data:

  • 59.8% of respondents said data loss occurred in the gap between snapshots.
  • 53% said their backup or recovery system failed.
  • 48% said it was human error.
  • 41.6% said tapes with backup data were lost or damaged.

"Other than human error, all of these are totally avoidable causes," Goodwin said.

The rest, he concluded, could be solved with the right technology and training. A combination of finding or building systems with shorter recovery point objectives, frequently testing and refining the recovery system, and moving off tape for backup would significantly cut down on unrecoverable data.

Goodwin said the survey results showed many organizations are keenly aware of their shortcomings. More than half of respondents self-assessed themselves as below average when it came to business resilience -- that is, the ability for their organization, and not just IT, to weather a disruptive event.

"Overall, within the industry, there's a very low level of resiliency," Goodwin said in an offstage interview. "Almost a quarter of organizations rate themselves as ad hoc when it comes to DR and business resilience. By that, I mean they have no plan, no people [and] no infrastructure in place."

The full results of the 2019 State of IT Resilience survey will be released later this year. You can find the 2018 resiliency report here.

Dig Deeper on Cloud disaster recovery

Data Backup