By Brian Fonseca
September 12, 2007
Six years after the events of 9/11, many corporate IT operations are
overconfident about their ability to handle a disaster, according to a
Forrester Research, Inc. report released on Tuesday.
The survey of 189 data center decision makers found a severe lack of IT
preparation for natural and manmade disasters.
For example, the report found that 27% of the respondents' data centers
in North America and Europe do not run a failover site to recover data
in the event of a disaster. About 23% of respondents said they do not
test disaster recovery plans, while 40% test their plans at least once a
year. About 33% percent of respondents described their operations as
"very prepared" for a manmade or natural disaster while 37% called their
sites simply "prepared" for such events.
Stephanie Balaouras, a senior analyst at Cambridge, Mass.-based
Forrester, said she was surprised at how "overly confident' enterprises
are about their ability to confront disasters when they their
preparation is actually minimal.
"Without regular testing, the chance that your disaster recovery plan
will execute flawlessly during a disaster is pretty slim," said
Balaouras, who authored the report. "The last thing you want is to have
no idea how to recover" from a disaster.
Balaouras said that many enterprises are leery of conducting tests of
disaster recovery plans because they can be disruptive to the operation
of a data center. For example, testing could require key production
applications to be taken offline for some time, she said.
And as budgets continue to tighten, IT operations and infrastructure
staff face growing challenges to justify spending on disaster recovery
programs and testing, Balaouras noted. Companies can validate such
programs by determining the potential cost of downtime during disasters,
including revenue lost by not closing monthly books on time, due to late
payment costs and to lost worker productivity, she said.
Forrester said that many companies must scramble to create disaster
recovery programs as partners and strategic suppliers increasingly
require the corporations they deal with to have redundant systems
The researcher also contended that companies should have an easier time
creating such operations today due to improvements server virtualization
technology, the availability of larger bandwidth pipes, declining
telecommunications costs and storage area network (SAN)-based
"That alternate site doesn't have to be just idle. You can read your
read only workloads there, like reporting, or have secondary workloads
like application development and testing, or you can offload backup,"
Visit the InfoSec News Bookstore