Security

Virtualization Complicates Disaster Recovery

There has been a ''significant increase' in the number of organizations rethinking their disaster recovery (DR) plans because of virtualization, according to Symantec, in its fourth annual IT Disaster Recovery survey.

The survey found that due to the increasing popularity of virtualization, more than half of the respondents (55 percent) are rethinking their DR plans, and in North America, this rises to 64 percent.

"Virtualization has crept out from the developer test environments, where it was not part of the enterprise DR plan, and has made the shift into production environments," said Dr Guy Bunker, Symantec's chief scientist.

"In the old days, when you had one server running all the enterprise software, DR plans used to be straight forward," added Bunker. "Now the virtual server can be running up to 20 apps, and the server must have the capacity to handle it. DR processes have broken down because IT admins haven't thought of these issues."

Rather worryingly, 35 percent of respondents to the survey said that their virtual servers were not covered in their organizations' DR plans, and only 37 percent backup their virtual systems.

"Only 37 percent of people backup their virtual systems, which is a ridiculous stat," Bunker told Techworld. "The CIO will, quite rightly, tell the IT admin not to put a virtual machine in a data center if he can't back it up."

Bunker said that 33 percent of respondents blamed the lack of tools that will backup a virtual system in an automated fashion for the poor showing of those who backup their virtual environments. Meanwhile 54 percent said resource constraints were their top challenge with backing up virtual systems. 35 percent cited too many different tools as their biggest challenge in protecting data and applications.

"A virtual machine a great, big blob of a thing," Bunker said. "When you come to do a backup or restore, it is complex. But now you can automate backing up virtual machines on a granular layer, instead of the whole virtual machine."

"People look at virtualization, and they mainly think of consolidation of server boxes and reduced energy costs etc, but they don't think of the management cost," he added. "Management of virtual machines (especially when a user has moved away from a single supplier) is tough. But it doesn't mean that IT admins can shirk their responsibilities."

Bunker warns that if a virtual server fails, instead of it taking out just one or two applications, it could take offline up to 20 applications.

This is the fourth disaster recovery report from Symantec, and it surveyed more than 1,000 IT managers in large organizations across the UK, the rest of Europe, the US and Canada, as well as the Middle East, Asia Pacific and Latin America.

The survey also found nearly one third of organizations have had to implement part of their DR plan in the past year. The reasons for this vary, but include hardware and software failure (36 percent); external security threats (28 percent); power outage/failure/issues (26 percent); natural disasters (23 percent); IT problem management (23 percent); data leakage or loss (22 percent); and accidental or malicious employee behavior (21 percent).

"People think of disasters like flooding, terrorist attack etc when thinking of DR," said Bunker. "But it is also a disaster if you lose data and end up on the front page of the news."

"DR planning now has to take into account data loss," Bunker added. "We are seeing data loss crisis teams being set up in organizations. Customers are generally understanding when it comes to natural disasters, such as flooding. But with data loss, customers are not at all understanding, and people are much less tolerant of data loss."

"So you end up with a crazy situation where losing a laptop is much more of a danger than losing a data center, which sounds completely daft," he said.

Meanwhile, 93 percent of IT organizations say they have tested their disaster recovery plan since it was created, yet 30 percent of those tests are not fully successful - which is an improvement from 50 percent failed tests in 2007. Only 16 percent say that DR tests have never failed.

The survey also found that fewer and fewer C-level executives are involved in the planning of disaster recovery, which Bunker said was "short sighted." In 2007, 55 percent of respondents said their DR committees involved the CIO, CTO, or IT director. But this fell to only 33 percent worldwide in 2008.

Subscribe to the Security Watch Newsletter

Comments