Data Recovery and Business Resilience: An RPO and RTO Refresher

A quick search using the term “business resilience” turns up “business continuity planning” in Google’s “answer box.” That says it all. With most companies now dependent on data to conduct their business, when resilience and business continuity comes up, heads usually turn to IT.
IDC’s 2019 State of IT Resilience Report makes it clear that these heads are likely turning in the right direction, with 91 percent of executives and IT pros responding that they had experienced a tech-related business disruption in the past two years, and, of those, 74 percent suffered some organizational impact. Since the odds suggest you’re likely to—at some point—become one of those statistics, the best way to make sure your business is resilient is to make sure you’ve got both prevention and recovery covered. In this post we’ll focus on data recovery and how it relates to your backup and disaster recovery (DR) planning.

Backup Frequency: Setting Your RPO

Your recovery point objective (RPO) is one of the most important metrics you need to consider when building your backup and DR plan. It establishes the frequency for your backups and it’s important because the time between backups essentially equals the amount of data you could lose in a data disaster. Some companies, such as those in financial services, healthcare, and other critical industries, can’t afford to lose any data without substantial impacts. These organizations may measure their RPO threshold in milliseconds. Others may find losing hours or days of generated data to be acceptable. That’s where another important metric comes in: cost. Each backup you take requires storage space. The more frequently you back up your data, the more space you’ll need for storage. Backups also take up network bandwidth, which could slow down your network. So your RPO is a cost-benefit calculation. You’ll need to weigh the projected cost to your organization of lost data against the cost of storage. You’ll also have to factor in the importance of each of the systems you’re backing up. Critical systems will probably require shorter RPOs if data losses could have a serious impact on your organization. Your retention policies also factor heavily into your storage needs. Keeping a year's worth of backups obviously takes up more space than three months worth of data. Backup software typically will allow you to balance storage space and data recovery needs through retention policies that you set.

Downtime Threshold: Setting Your RTO

Your recovery time objective (RTO) is also a critical metric. It establishes the acceptable length of time between a data loss and recovery—your downtime. While any downtime is problematic, RTO also comes down to a cost-benefit assessment. If it takes an hour to get back online, what’s the cost to the business? What about days or weeks? Faster recovery might increase IT costs but is often worth it. Check out this StorageCraft post for one way to calculate your costs. It’s also important to note that you’ll likely set different RTOs for each of your servers or applications. Those that are used frequently—like your Exchange server—should be able to be recovered more quickly than those that are used less frequently. Balancing these differences helps you make sure your recovery plan both effective and efficient. StorageCraft’s Disaster Recovery as a Service (DRaaS) offers cloud-based recovery in seconds, while other available technologies may take longer but could meet your requirements.

Plan Ahead

Setting your RPO and RTO—then deploying technologies that ensure you can meet them—are the keys to making your company more resilient. For a quick overview of the components, you should consider when planning for recovery, check out our disaster recovery planning checklist.

You May Also Like