Symantec released its third annual technology usage survey last week. What grabbed attention was not any particular technology but the lead role that midsize organizations are taking in the adoption of new IT.

The study defines midsize enterprises as those with 2,000-10,000 employees. Not exactly mom-and-pop operations, these are big enough to leverage the advantages of IT and to invest in IT skills but not so big as to be weighed down by entrenched technology processes and practices.

For example, midsize organizations are adopting cloud computing and deduplication technology at higher rates (11 to 17 percent higher) than either large or small organizations. Here are the study’s top findings.

The latest study’s top five findings were:

1. Midsize enterprises leading the way.

2. Data center getting more complex and harder to manage.

3. Security, backup and recovery, and continuous data protection key initiatives in 2010.

4. Staffing and budgets remain tight.

5. Disaster recovery plans vulnerable.

The second finding is hard to dispute. All the technologies intended to simplify IT — SOA, virtualization, cloud computing — also turn out to complicate things. Virtualization, for example, enables organizations to consolidate servers, which lowers costs and simplifies some things. However, it complicates the deployment and management of those servers. Similarly, cloud computing eliminates the need to own and operate chunks of the application and systems infrastructure, but as wiredFINANCE pointed out a few weeks ago, it complicates GRC.

In terms of increasing complexity, Symantec found that most enterprises have 10 or more data center initiatives rated as somewhat or absolutely important. To manage even just 10 important IT initiatives surely must become a nightmare. More typical, one organization currently trying to implement two new core systems, one of which is a major SaaS application, is stretched to the limit.

The disaster recovery (DR) finding is scary. DR is an absolute requirement, if not by regulatory mandate than by sheer necessity. The lack of a tested DR plan is suicidal from a business standpoint. Yet, the Symantec survey found that one-third of disaster recovery plans are undocumented or need work. Furthermore, the survey found that important IT components, such as cloud computing, remote office, and virtual servers are often not included.

Making matters even worse, almost one-third of enterprises haven’t re-evaluated their disaster recovery plan in the last 12 months. If you don’t test the DR plan at least annually, you are just guessing that it will work when you need it.

In another Symantec survey on DR in June, about one-third of respondents reported testing their DR plans once yearly or less frequently. Discouraging for sure, but it actually represents a 12 percent improvement over the previous year. Even more discouraging: One in four tests fail!

So why don’t companies test their DR plans? Four reasons:

1. Lack of resources in terms of people’s time (48 percent)

2. Disruption to employees (44 percent)

3. Budget (44 percent)

4. Disruption to customers (40 percent)

If you’re concerned about disruption to customers, imagine what a failed recovery will do. ###