Barracuda recently conducted a survey of its European customers to gather insights on backup and disaster recovery strategies and on the achievement of state-of-the-art recovery point and recovery time objectives. Our survey covered around 200 customers across organizations ranging from very small (0-1 employees) to very large (>10,000 employees), in a wide range of industries.
The responses showed backup strategies are fragmented, with many organizations struggling to meet restore requirements. Whereas local infrastructures appear to be protected in varying degrees, the majority of data in Microsoft Office 365 is not protected against modern threat such as ransomware and targeted attacks appropriately.
- The majority of respondents back up more than one location; one-third covers one location only, about 18 % have to cover more than 10 sites.
- 32 % of organizations use only one backup solution. 61 % use two or three different solutions.
- 59 % of respondents are protecting more than half of the data using modern disk-based backups, 54 % responded that less than one quarter of the data is stored on tapes.
- 74 % do not replicate data to cloud, 85 % do not backup directly to cloud.
- 31 % of organizations back up the most important applications and data at least every four hours, 21% backup once an hour, 17% create backups every 15 minutes or more frequently.
- 30 % do not know their RPO, 16% do not know their RTO.
- About half of the respondents is “fairly confident” to be able to meet RTO/RPO.
- 76% have disaster recovery plans in place; out of those 40% always complete their disaster recovery testing successfully.
- 66 % do not protect their Office 365 environment.
- More than half had a backup fail to restore.
Multiple solutions confuse backup strategies
Surprisingly, the majority of the organizations participating in the survey use two or more different backup solutions. Despite the clear separation between production and backup systems, we believe a fragmented approach with multiple data protection solutions, in many cases across multiple locations, is error-prone and difficult to test.
After all, the survey results prove that organizations have difficulties meeting their self-imposed requirements. This lack of a consolidated strategy could definitely be a contributing factor here.
DR is a disaster zone
Consolidation also requires reviewing the replication in disaster recovery setup. Leveraging public cloud infrastructures could certainly help to simplify disaster recovery testing, and to achieve better test results. It is concerning to see that many organizations struggle to complete their disaster recovery testing successfully.
About one quarter of the participants does not even have a disaster recovery plan in place. Instead of maintaining DR sites and all the surrounding infrastructure internally, cloud infrastructures (which are able to provide access to servers, services, and files in just a few mouse clicks) provide much better availability and reliability, and cause a lot less effort in testing.
In a real disaster, when entire servers or services have to be restored, like the majority of our participants has already experienced, external public cloud services can cut down the RTO to a minimum. The actual restore becomes less urgent, because an external infrastructure is able to bridge the restore time by making the service available to users.
Of course, organizations that do not know their RPO and RTO should work on their strategy. A simple but powerful, cloud connected all-in-one solution can help to avoid exorbitant effort in maintaining one or multiple products, and free up time to focus on the important aspects.
The shared security model is paramount
Whereas public clouds are a great tool to provide infrastructure when your own infrastructure is in trouble, they also need protection in their role as a production system, such as Office 365.
With 66 % of respondents not protecting their Office 365 environment, it appears that many organizations assume public cloud services would have sufficient built in protection. However, following the shared security model, while it is the providers’ role to protect the infrastructure, it is the users’ responsibility to protect their data. From that perspective, data in the cloud is not so different from data on premise.
The risk of natural disasters and hardware failures of course is lower in a redundant system, but other threat vectors such as software error, human error, and targeted or random attacks apply in the same way and require mitigation.
The Barracuda Essentials for Office 365 bundle provides a comprehensive solution to keep attackers out, and to ensure the ability to restore data over a customizable time just in case.
Read the full white paper here