07-18-16 | Blog Post
Picture this: The second quarter of 2008. My sales vice president and I were doing a pipeline review with our sales team. Every person reported that most of their IT disaster recovery opportunities were in a holding pattern. Companies were defunding DR in preparation of tough economic times. In other words, our prospects were saying disaster recovery was not necessary to continue collecting revenue.
Why was this important in our Q2 2008 pipeline meeting? Because as the bottom fell out of the economy, so did the demand for IT disaster recovery. If you’ve forgotten how severe the recession was, this graph shows how dramatic an economic downtown we all experienced in 2008.
But even without the economic downturn, it was still easy to justify cutting DR from the budget. It was hard back then. Virtualization was merely a research project, if on the radar at all. Creating a functioning recovery environment required duplicating the hardware, software, replication applications and all the networking found in the production stack, just to provide a basic 24 hour RPO. An RPO of minutes required extremely expensive infrastructure, storage and computing power. In essence, DR was very expensive and could easily double the costs for a workload. So with the forecasted tough economic cycles, it was quickly defunded.
Forrester found a similar pattern. In its report in 2012, it found that “The reality is that enterprise budgets have stayed constant at 6% despite a string of devastating and high profile disasters in 2010 and early 2011. … The likely culprit in stalled BC/DR spending is the continuing economic uncertainty. Even in the best of economic times, it’s difficult to build the business case for an initiative like BC/DR that’s primarily about cost avoidance rather than return on investment. In tough economic times, it’s almost impossible.”
Keeping that in mind, I think of companies’ DR investments as mimicking that of the economic cycle. Over the long haul, disaster recovery budgets will rise, as the economy does. But they tend to dip during economic challenges.
Since 2008, we’ve seen a resurgence in demand for disaster recovery, especially Disaster Recovery as a Service (DRaaS). I suspect this is because of two reasons: First, the economic environment is in a growth mode, not a dramatic recession. The second reason is that DR is much more cost effective and data is much more valuable than ever. Today, it’s just too easy to implement a DR solution and, given the value of data, too risky not to.
This lower cost is driven by virtualization, IT as a Service and falling data transport costs. We move workloads between data centers, with the click of a mouse, using capacity available in existing cloud infrastructures. This was a pipe dream for most organizations in 2008. All of the above factors make the incremental cost of DR for a production environment so much less expensive than before virtualization.
Transport costs have fallen exponentially, as shown below:
CPU, RAM and storage historical pricing graphs have a similar shape. These falling costs, along with the rise in cloud computing have made DR much less expensive than in 2008.
At the same time that DR costs have fallen, the value of the data has gone up exponentially. The cost of a stolen medical record, personal identify, credit card, Facebook credentials, etc. have skyrocketed over the past 20 years. Medical records now fetch up to $363 on the black market. Multiply that by thousands of records, and there’s a potential for millions in losses if it’s stolen.
Twenty years ago, the market for stolen credit cards was sourced by pickpockets and unscrupulous retail operators and merchants. Today, hacking is an organized crime that can steal tens of millions of records in days, or hours. Think how many arms a pickpocket would need to accomplish that. Don’t believe me? The table below lists prices for stolen data on the black market:
Although some of these prices seem low, the risk to your business and reputation is high. Again, these numbers should be multiplied by how many records you hold. For most businesses, that means that even in tough economic times, they literally can’t afford not to have data protection and, by extension, disaster recovery.
So, will the DRaaS promise of lower TCO and the growing value of data be enough to avoid the budget cuts of the next downturn? Will a board still demand a “second site” if they are forecasting losses and lack of expected or desired growth in the top line?
We’ll see, just hopefully not too soon. Despite a slow first quarter to 2016, the economy continues to recover from 2008. I am confident that the simple, inexpensive DRaaS options from data center providers, combined with the value of data are compelling enough to keep IT disaster recovery in enterprise budgets during the next slow quarter. What do you think?