Availability and protection gaps – study

April 28th, 2017, Published in Articles: EE Publishers, Articles: EngineerIT


Claude Schuck

The sixth annual Veeam Availability Report, analysed by Jason Buffington, principal analyst at ESG, indicates that too many business-accelerating and digital transformation initiatives are being hindered by inadequacies in their current IT systems’ availability.

Buffington surveyed more than 1000 business professionals and senior decision makers for the report, which seeks to quantify whether organisations are meeting their availability goals, assess the impacts to organisations that are insufficient in their IT service levels, and understand how these challenges are affecting strategic business initiatives such as digital transformation and the move to hybrid cloud.

Availability Gap refers to the difference between the service levels expected and an organisation’s ability to deliver the application and information that users demand while the Protection Gap refers to an organisation’s tolerance for lost data being exceeded by IT’s inability to protect that data frequently enough.

The research study (which did not survey South African businesses) reveals that companies and organisations continue to struggle with availability assurance within their IT environments, with the vast majority of organisations lacking levels of confidence in their ability to reliably protect/recover data within their virtual environments. 82% of respondents recognised their Availability Gap based on the inadequacies of their recovery capabilities when compared with their business SLA expectations.

The findings of this study are consistent with past ESG research, all clearly illustrating that organisations must reconsider their data availability, protection, and recovery capabilities. A company’s failure to better align these key resiliency capabilities with the expectations of their business constituents will continue to put their organisations at risk and hinder innovation and digital transformation strategies.

Buffington found that the sentiment regarding the availability and protection gaps respondents almost universally acknowledged that their IT teams cannot recover fast enough, reliably enough, or thoroughly enough.

Alarmingly, more than four out of five organisations surveyed recognise they have an Availability Gap, and nearly three out of four organisations recognize they have a Protection Gap. It is notable that so many decision makers are acknowledging, for the third year in a row, that they continue to suffer an Availability Gap, with similar trending apparent in relation to the Protection Gap—each with nearly equal year-over-year occurrence.

It is vitally important for an organisation to recognise the precariousness of its IT systems and avoid trivialising downtime when it happens. On average, more than one in four (27%) servers suffer at least one unplanned outage each year. Companies experienced median length of an outage of 23 minutes – a long time in the modern world.

Any IT professional can share war stories related to system outages and how those outages resulted in disruptions. Considering the potentially high impact of outages, coupled with the insufficiency of legacy IT-based efforts to back up and recover data, the desire among executives to seek out better availability tools is warranted.

By extrapolating figures from the 2016 report, the Availability Gap and consequently the Protection Gap in South Africa is significantly higher than in the USA, Europe and Australia. However, during the past year, we have seen positive action from South African companies and government enterprises to address their vulnerability of being off line and their inability to recover their systems fast. Our growth of over 30% in the past years is a clear indication of this.

The report recommends a first few basic steps to becoming an always-available company. The first and most crucial step in ensuring the viability of the IT systems is to accept that you have an Availability Gap. Too many organisations that lack accurate metrics or monitoring processes presume that their systems are sufficient and are therefore hindering their organisations through their naiveté. Instead, presume that you have the problem, and then quantify it.

Next, quantify your business SLAs and assess the company’s protection mechanisms and recovery capabilities. Only by comparing availability and protection expectations with your real-world capabilities will you be able to determine the size of the gaps in your strategy. Convert your gaps into impact analyses.

In the business continuity/disaster recovery (BC/DR) world, this is referred to as a business impact analysis (BIA), which is accomplished by simply asking, “If a system were to fail, what would that cost us [in economics, process, perception, etc.]?” By looking at past systems logs, most will discover that those systems have had interruptions in the past, which can now be quantified as business impact. With an accurate understanding of the frequency and duration of outages within your environment, compared with the SLA expectations of your constituents, and an assessment of the economic and perception impacts specifically to your organisation, you are ready to reimagine what it would take to become an always-on enterprise.

Send your comments to engineerit@ee.co.za