When disaster strikes, will federal data be safe?
- By Rutrell Yasin
- Jun 04, 2013
Federal agencies are grappling with an unprecedented growth in data at the same time that backup solutions are nearing capacity, a situation that could hamper efforts to recover data in the event of an emergency.
Moreover, agency officials are not testing their disaster recovery solutions as often as they should, raising questions about their preparedness for a natural disaster or man-made incident, according to a survey of 150 federal defense and civilian IT managers in a new MeriTalk report.
5 steps to preparedness
- Get an honest, clear assessment of the DR environment.
- Share assessment with leadership to increase its priority.
- Use DR experts to design and implement a complete plan that includes technology, people and processes.
- Test regularly and often.
- Re-assess as data is constantly growing.
Source: MeriTalk Survey: "Disaster Unpreparedness"
The study, “Disaster Unpreparedness,” reveals that federal IT professionals lack confidence in their data resilience and disaster recovery capabilities. Although 70 percent of the IT professionals give themselves high marks — an “A” or “B” — in data backup and disaster recovery preparedness, only 8 percent are completely confident that they could recover 100 percent of the data subject to service-level agreements in the event of a disaster.
Almost half of the IT professionals think their agency’s current data resilience and disaster recovery (DR2) solution is sufficient for the next 12 months, while one quarter believe their solution will get them through the next 12 months but not beyond. The average agency has 51 percent capacity left in its current backup solution, according to the report, which was underwritten by NetApp and SwishData.
Insufficient testing also poses a major concern. IT managers said their agencies tested disaster recovery solutions on an average of 2.5 times in the last 12 months, while most of the respondents recommend their agencies test on an average of 5.3 times per year. Most respondents said lack of budget prevented them from testing more often; others reasons for insufficient testing were lack of support from mission owners and incomplete testing solutions. Still, 61 percent of the IT managers said their agencies tested DR2 without any impact or interruption to production systems.
The growth of mobile devices poses more challenges because agencies are finding it difficult keep up with the demand to integrate them within their current disaster recovery systems. IT managers estimate that only 53 percent of data stored on mobile devices could be reliably restored to meet the requirements or their service-level agreements.
Agencies should be exploring more cloud-based disaster recovery solutions, because relying entirely on on-premise backup solutions could jeopardize government data, the report states. Fifty-nine percent of the agencies do not use any form of cloud-based disaster recovery solutions. Just one in three plan to increase, or start, using off-premise cloud backup in place of on-premise backup. Only 55 percent test their ability to restore data from a second location, the report states.
Interestingly, more than half of the survey respondents said virtualization has had a positive impact on their disaster recovery profile. Virtualization lets organizations decouple data and applications from an underlying physical infrastructure, allowing for more flexibility in provisioning new operating environments and balancing data loads across available resources, according to industry experts.
Virtualized workloads are increasing in government agencies and can have a positive impact on DR2, IT managers say. On average, IT managers expect virtualized workloads to almost double in the next four years, according to a 2012 MeriTalk survey. As a result, agencies need to look for ways to effectively manage disaster recovery in virtualized environments, the report states.
To achieve a more effective disaster recovery posture, agencies should assess their DR environment and perform regular tests, including on-premise and secondary locations, the report recommends. Agency disaster recovery plans should include an assessment of all facets of disaster recovery including people, processes and technology.