EMC GLOBAL DATA PROTECTION INDEX KEY FINDINGS & RESULTS FOR APJ 1
THE DATA PROTECTION LANDSCAPE ARE YOU ON SOLID GROUND? 2
GLOBAL KEY FINDINGS GLOBALLY, ENTERPRISES ARE LOSING AS MUCH AS $1.7 TRILLION THROUGH DATA LOSS AND UNPLANNED DOWNTIME 62% of respondents said at least one of the following: big data, hybrid cloud, mobile devices, is difficult or very difficult to protect Adopting advanced data protection tools leads to reduced data loss 87% of businesses are behind the curve for data protection maturity and 71% of businesses are not fully confident of restoring their data 3
DEMOGRAPHICS INTERVIEWED 3,300 IT DECISION-MAKERS IN 3 REGIONS: Americas (575) Europe, Middle East, and Africa (1,475) Asia Pacific Japan (1,250) 24 COUNTRIES TOTAL ORGANIZATIONS OF 250 OR MORE EMPLOYEES BOTH PRIVATE AND PUBLIC ORGANIZATIONS INDEPENDENT RESEARCH AND ANALYSIS 4
DATA PROTECTION MATURITY 5
MATURITY INDEX Maturity scored between 1 100 points* More points awarded for: Shorter recovery times Confidence in backup infrastructure Modern backup systems Off-site replication Points awarded based on the maturity of their data protection strategy * Exact scoring included in appendix questions show points used for the original model with a maximum score of 68. All scores multiplied by a factor of 1.47 to create a model of 100 points 6
WHO IS LEADING THE WAY? Global Results APJ Results Leaders 2.4% Leaders 3.8% Adopters 11.3% Adopters 13.0% Evaluators 49.5% Evaluators 46.2% Laggards 36.8% Laggards 37.1% Leaders (scored 76-100 points) Adopters (scored 51-75 points) AHEAD OF MATURITY CURVE Evaluators (scored 26-50 points) Laggards (scored 1-25 points) Figure 1: Analysis of maturity Base: all respondents (3,300) Figure 2: Analysis of maturity Base: all respondents from APJ (1250) 7
GLOBAL IT MATURITY SHOWING FREQUENCY OF POINTS SCORED AHEAD OF THE CURVE 700 Laggards 37% (1,214 Companies) Evaluators 50% (1,635 Companies) Adopters 11% (372 Companies) Leaders 2% (79 Companies) 600 NUMBER OF COMPANIES 500 400 300 200 100 APJ 0 25 50 75 100 MATURITY POINTS SCORED Figure 3: Analysis of maturity showing frequency of points scored Base: all respondents (3300) 8
PROFILE CHARACTERISTICS Use archiving application with retention policies Use archiving application with offsite replication Disaster tolerant replication with near-zero RPO/RTO Back up with deduplication & offsite replication Recovery time one hour or less Very confident of ability to restore Standby or virtualized servers are core component of strategy LEADERS ADOPTERS Recovery time 2 5 hours Moderately confident of ability to restore Active-active instances are core component of strategy Archive to tape Backup to tape LAGGARDS Archive to disk Backup to disk Recovery time more than one day Not confident in ability to restore EVALUATORS Recovery time 6 24 hours Doubtful of ability to restore Backup is core component of strategy Replication is core component of strategy 9
WHERE ARE THE MOST MATURE ORGANIZATIONS? AVERAGE SCORE ON THE MATURITY MATRIX AMERICAS: 33.7 EMEA: 32.2 APJ: 34.7 42.5 41.7 37.6 34.3 31.0 29.1 37.8 35.6 34.8 33.5 31.8 31.5 31.0 30.9 27.3 27.0 39.1 37.8 36.6 32.9 30.7 29.5 29.5 26.9 Figure 4: Analysis of average maturity score by region and country Base: all respondents (3300) 10
MATURITY RANK WHICH MARKETS ARE AHEAD? Businesses in China and Hong Kong most likely to be ahead of the curve Outside of Asia, the US and the Netherlands most likely to be ahead of the curve UAE, Turkey and Switzerland are least likely to be ahead of maturity curve RANK COUNTRY % OF BUSINESSES AHEAD OF MATURITY CURVE* 1 China 29.6% 2 Hong Kong 27.2% 3 Netherlands 20.8% 4 Singapore 20.0% 5 USA 19.5% 6 India 19.2% 7 South Africa 18.4% 8 Indonesia 18.4% 9 Mexico 17.6% 10 Germany 15.5% 11 Australia 14.4% 12 UK 13.0% 13 The Philippines 11.2% 14 Thailand 11.2% 15 Canada 9.6% 16 Russia 9.6% 17 Italy 9.6% 18 Brazil 8.8% 19 Japan 8.0% 20 South Korea 8.0% 21 France 6.5% 22 Switzerland 6.4% 23 Turkey 5.6% 24 UAE 0.0% *Please note that the percentages have been rounded to one decimal place 11
THE IMPORTANCE OF DATA PROTECTION 12
THE CRITICALITY OF DATA PROTECTION DO YOU CONSIDER DATA PROTECTION CRITICAL TO THE SUCCESS OF YOUR ORGANIZATION? Not very important Very Important But Not Critical 21% 7% 1% Totally critical 71% Plays no role in our success 71% consider data protection to be totally critical to their organization s success: China (90%) Thailand (78%) Indonesia (76%) 81% from the manufacturing sector see data protection as totally critical 81% of organizations with 3,000-5,000 employees consider it to be totally critical Figure 5: Do you consider data protection to be critical to the ongoing success of your organization? Base: all respondents (1250) 13
SPENDING ON DATA PROTECTION 8.03% Average percentage of annual IT budget that is spent on data protection Average company spend: $140 million on IT $11 million on data protection Indonesia (9.27%) and China (8.91%) spend the biggest proportion of their IT budget on data protection 8.99% Average percentage of domestic annual revenue that is spent annually on IT Figure 6: Analysis of average spend of revenue on IT, and of IT budget on data protection Base: all respondents (1250) The financial service sector spends the most on data protection (9.57%), while the public sector only spends 5.83% of their IT budget 14
THE NUMBER OF DATA PROTECTION VENDORS 66% have more than one data protection vendor Three vendors on average Life sciences (87%), energy (80%), and public healthcare (71%) sectors are most likely to use more than one vendor 21% Have one vendor 13% Have no specific vendor 66% Have more than one vendor Figure 7: Is your data protection infrastructure built on technology from more than one vendor? Base: all respondents (1250) 15
THE EFFECT OF NUMBER OF VENDORS ON SPEND SHARE OF ANNUAL IT BUDGET SPENT ON DATA PROTECTION Those with three or more vendors spend more of their IT budget on data protection In APJ, those with three vendors spend 9.00% compared to 7.98% with one data protection vendor 7.98% One data protection vendor 7.76% Two data protection vendors 9.00% Three or more data protection vendors Figure 8: Analysis of average spend of IT budget on data protection, cut by number of data protection vendors Base: all respondents (1250) 16
SUFFERING DISRUPTIONS DISRUPTIONS SUFFERED IN LAST 12 MONTHS 66% suffered disruption in the last 12 months 82% of public healthcare 81% of public sector 75% of IT 66% Suffered data loss or unplanned downtime 49% Suffered unplanned downtime 35% Suffered data loss 18% Suffered data loss and downtime Figure 9: Has your organization suffered from either unplanned systems downtime or data loss in the last 12 months? Base: all respondents (1250) 23% of Adopters & Leaders suffered data loss, compared to 35% of Laggards APJ is the most likely region to suffer disruption (66%) compared with Americas (64%) and EMEA (63%) 17
THE EFFECT OF THE NUMBER OF VENDORS ON DISRUPTIONS 24% 34% DISRUPTIONS SUFFERED (BY NUMBER OF VENDORS) 44% 44% 51% 52% The more vendors a business has, the more likely it is to experience disruption Those with one vendor are least likely to experience data loss or downtime Data loss Unplanned systems downtime One data protection vendor Two data protection vendors Three or more data protection vendors Figure 10: Analysis of the organizations suffering disruptions, cut by the number of data protection vendors Base: all respondents (1250) 18
DATA LOSS 2.57 Total AVERAGE DATA LOSS IN TERABYTES (TB) 2.64 No external data protection vendors 0.94 One data protection vendor 2.02 Two data protection vendors 3.48 Three or more data protection vendors Average annual loss per company is 2.57TB of data Equivalent to around 26 million e-mails Costs $1.08 million Businesses with one vendor lose the least data, while those with 3 or more vendors lose the most data Figure 11: Analysis of the average data loss over the last 12 months, cut by number of data protection vendors Base: respondents whose organization has suffered data loss (436) 19
WHAT IS THE COST OF DOWNTIME? AVERAGE COST OF UNPLANNED SYSTEMS DOWNTIME (IN MILLIONS OF DOLLARS) $3.41 There were around 26 hours of unplanned downtime on average in the last 12 months, at a loss of $1.49 million $1.49 Total $0.46 No external data protection vendors $0.22 One data protection vendor $0.44 Two data protection vendors Three or more data protection vendors The more data protection vendors in use, the greater the cost of downtime to the business Figure 12: Analysis of the average cost of downtime, cut by number of data protection vendors Base: respondents whose organization has suffered downtime (617) 20
ESTIMATED ANNUAL COST FOR DISRUPTIONS Data loss $483.3 Billion $1.0 TRILLION TOTAL Downtime $565.2 Billion 21
FREQUENCY OF CONTINUOUS BACKUP PERCENTAGE OF DATA BACKED UP CONTINUOUSLY BY BUSINESSES 27% 3% 4% 4% 22% 40% 0% of data backed up continuously 1% - 25% of data backed up continuously 25% - 50% of data backed up continuously 50%- 75% of data backed up continuously 75% - 99% of data backed up continuously 100% of data backed up continuously On average, 26% of data is backed up continuously Around a fifth (22%) of organizations do not back up anything continuously & suffer 41 hours downtime (vs. 26 hour downtime average) 92% of those ahead of the curve back up some data continuously, while only 66% of Laggards do so Figure 13: Analysis of those that backup data continuously Base: all respondents (1250) 22
WHAT IS CAUSING THESE DISRUPTIONS? Hardware failure 55% Software failure 43% Loss of power Data corruption 37% 39% Accidental user error Security breach (e.g. malware, spyware, viruses, botnets or cyber-terrorism) Loss of backup power 28% 26% 30% Physical security (e.g. loss/theft of equipment) The fault of service/cloud providers Natural disaster (e.g. tsunami, hurricane, earthquake) Deliberate employee sabotage 16% 13% 13% 12% Figure 14: What were the causes of your data loss and/or systems downtime? Base: respondents whose organization suffered data loss or downtime (824) 23
THE CONSEQUENCES OF DISRUPTION Loss of employee productivity 51% Delay in product/service development Loss of revenue 42% 40% Loss of customer confidence/loyalty 31% Loss of a new business opportunity 25% Loss of business to a competitor Loss of an incremental business opportunity Delay in getting products/services to market Loss of customers Loss of repeat business 20% 19% 19% 18% 16% There have been no commercial consequences 4% Figure 15: Have any of the above been commercial consequences of the data loss and/or systems downtime you have experienced over the last 12 months? Base: respondents whose organization suffered data loss or downtime (824) 24
ARE ORGANIZATIONS CONFIDENT? Not very confident 73% Very confident 27% 73% are not fully confident that they can recover systems/data today from all platforms Those from APJ (27%) are significantly less confident than those from the Americas (37%) Organizations in the IT sector are most confident (36%), only 11% of organizations in the public sector very confident Figure 16: How confident are you that, in the event of a data loss incident, you can fully recover systems/data today from all platforms, on-premise and off-premise, in order to meet business service level agreements? Base: all respondents (1250) Used for maturity matrix 25
DATA PROTECTION METHODS 26
WHAT STRATEGIES ARE IN PLACE? Backup is the main component of our availability strategy Replication is the main component of our availability strategy 20% 48% 48% use backup as the primary protection strategy; much more than EMEA (33%) Standby servers on a remote site are the main components of our availability strategy Virtual servers with restart capabilities (including cloud) are the main components of our availability strategy Active-active instances of applications (including cloud) are key component of our availability strategy 13% 10% 9% 9% use active-active as a key component Those with active-active as key component suffered less data loss than those with backup 15% active-active vs. 33% backup Figure 17: Which of the above best characterises your organization's current data protection environment infrastructure? Base: all respondents (1250) Used for maturity matrix 27
WHAT OTHER STRATEGIES ARE IN PLACE? THERE IS NO CONSENSUS ON THE TECHNOLOGY IN PLACE FOR AVAILABILITY, ALTHOUGH AN AVERAGE OF THREE STRATEGIES SHOWS A VARIED APPROACH ACROSS ALL ORGANIZATIONS STRATEGIES TO HELP MANAGE AVAILABILITY OF APPLICATIONS, SYSTEMS & DATA Automatic backup to the cloud Tape backup and tapes are kept off site (on own premises) 45% 48% Disk-based backup and recovery including clones/snaps 40% Backup appliance with deduplication WAN-based replication of backup and recovery images to second site Replication of both applications and data (such as virtual machine images) Tape backup and tapes are kept off site (on 3rd party premises) 32% 30% 29% 28% Dynamic mobility of virtual applications between data centres Replication to a second site with restart capabilities (active/passive) 21% 21% Tape backup and tapes go home with employees 15% Disaster tolerant replication (active/active) with near zero RPO and RTO 9% Figure 18: Which technologies/strategies are in place to help you manage the availability of your applications, systems, and data? Base: all respondents (1250) Used for maturity matrix 28
WHO IS IN CHARGE OF THE CLOUD? RESPONSIBILITY FOR DATA PROTECTION FOR PUBLIC CLOUD-BASED APPLICATIONS DESIRE TO HAVE VISIBILITY/CONTROL OVER DATA PROTECTION (ON-PREMISE & IN CLOUD) My IT department as a whole 80% Yes I want to have to visibility of how the organization's on-premise and offpremise data is being protected 72% The cloud service provider 63% Yes - I want to have to control of how the organization's on-premise and offpremise data is being protected 57% Each department in my organization, dependent on their use of the application in question 24% No I only want to manage my local data; the cloud service provider should manage off-premise data 4% Figure 19: For public cloud based applications, which organizations are responsible for data protection? Base: respondents whose organization is using a type of cloud as a platform for infrastructure (853) Figure 20: Do you want to have visibility and/or control over how your data is being protected both on-premise and in the cloud? Base: respondents whose organization is using a type of cloud as a platform for infrastructure (853) 29
WHERE IS DATA STORED? PRIMARY DATA On-premise (physical servers) 31% On-premise (virtualized servers) 20% On-premise (private cloud) 12% Mainframe 9% Public cloud 9% Desktop/laptop Hybrid cloud (applications run on a combination of private and public clouds) 9% 8% Mobile devices (e.g. tablets, smartphones etc.) 2% Figure 21: Analysis of average amount of primary data on different platforms Base: all respondents (1250) 30
WHAT IS HARDEST TO PROTECT? MAJORITY DO NOT HAVE DISASTER RECOVERY PLAN FOR SOME APPLICATIONS THEY FIND HARDEST TO PROTECT APPLICATIONS/PLATFORMS WITHOUT A RECOVERY PLAN MOST DIFFICULT APPLICATIONS/PLATFORMS TO PROTECT Mobile devices 77% Big data 46% Hybrid cloud applications 72% Hybrid cloud applications 37% Big data/data lakes 69% Mobile devices 33% Figure 22: Analysis of applications/platforms that do not have disaster recovery plans Base: all respondents (1250) Figure 23: Analysis of applications/platforms that are difficult to protect Base: all respondents (1250) 31
FUTURE STRATEGIES DATA PROTECTION CLOUD SERVICES 57% Backup-as-a-Service 36% 43% Archive-as-a-Service 47% 42% Data recovery-as-a-service 49% 57% currently use backup-as a service; further 36% plan to in the future 47% plan to use archive-as-aservice and 49% plan to use data recovery-as-a-service in the future Currently using Plan to adopt at some point Figure 24: Are you currently, using or looking to adopt, any of the above data protection cloud services in the next 12 months? Base: all respondents (1250) 32
SUMMARY FOR APJ ENTERPRISES ARE LOSING AS MUCH AS $1.0 TRILLION THROUGH DATA LOSS AND UNPLANNED DOWNTIME 71% consider data protection to be totally critical to their organization s success, still 66% suffered downtime or data loss in last 12 months More data protection vendors means more data loss and more spending on data protection 83% of businesses are behind the curve for data protection maturity and 73% of businesses are not fully confident in their ability to restore apps/data 33
CONCLUSION Most companies globally are behind the curve and feeling pain Newer workloads and exploding data volumes will continue to put pressure on data protection Data loss and downtime are expensive This can t be fixed in silos isolated solutions by different vendors increase cost and risk A continuum of technologies supports availability and protection requirements for different tiers of apps/data 34
EMC RECOMMENDATIONS Make sure there s an appropriate data protection solution in place for all of your critical data no matter where it is or how it is generated Manage an integrated data protection strategy and maintain a level of visibility and control for application owners Evaluate the gaps in your protection strategy that may emerge from disparate vendor solutions Match your data protection approach with the availability and protection requirements for your tiers of applications/data Understand who owns data protection especially in the cloud 35
APPENDIX (i) MATURITY SCORING Which of the following best characterises your organization's current data protection environment infrastructure? Backup is the main component of our availability strategy (1pt.) Replication is the main component of our availability strategy (3pts.) Standby servers on a remote site are the main components of our availability strategy (4pts.) Virtual servers with restart capabilities (including cloud) are the main components of our availability strategy - (5pts.) Active-active (two or more production data centres that are always on, 24/7 with no downtime) instances of applications (including cloud) are key component of our availability strategy (6pts.) What best describes your organization's archiving strategy? We don t have an archiving strategy (0pt.) We use a backup application to archive data onto tape (1pt.) We use an archiving application to archive data online (e.g. onto disk) (3pts.) We use an archiving application to archive data to appliances that provide retention locking, litigation hold etc. (5pts.) We use an archiving application to archive data to appliances that provide retention locking, litigation hold etc. and replicate/keep a copy off site - (7pts.) 36
APPENDIX (ii) MATURITY SCORING Which technologies/strategies are in place to help you manage the availability of your applications, systems, and data? (Please select all that apply) Tape backup and tapes go home with employees (1pt.) Tape backup and tapes are kept off site (on own premises) (2pts.) Tape backup and tapes are kept off site (on 3rd party premises) (2pts.) Automatic backup to the Cloud (2pts.) Disk-based backup and recovery including clones/snaps (3pts.) Backup appliance with deduplication (4pts.) WAN-based replication of backup and recovery images to second site (4pts.) Replication of both applications and data (such as virtual machine images) (5pts.) Replication to a second site with restart capabilities (active/passive) (5pts.) Dynamic mobility of virtual applications between data centres (7pts.) Disaster tolerant replication (active/active) with near zero RPO and RTO (8pts.) 37
APPENDIX (iii) MATURITY SCORING During an unexpected event causing downtime to our most critical applications, how long is your recovery time? Our recovery time is more than one working day (please specify) (0pt.) Our recovery time is 12-24hours (1pt.) Our recovery time is 6-12 hours (2pts) Our recovery time is 3 6 hours (3pts) Our recovery time is 2 3 hours (4pts) Our recovery time is 1 2 hours (5pts.) How confident are you that, in the event of a data loss incident, you can fully recover systems/data today from all platforms, on premise and off premise, in order to meet business service level agreements? Very confident (6pts.) Moderately confident (4pts.) Some doubt (3pts.) Not very confident (1pts.) Not at all confident (0pts.) Our recovery time is less than an hour (6pts.) Our recovery time is zero (7pts.) I do not know (0pt.) 38