Understanding and implementing a business data backup plan based on RTO (recovery time objective) and RPO (recovery point objective) is the key difference between standard BDR (backup and disaster recovery) and true business continuity.
Simply put, BDR refers to the recovery of business data from a previously archived source in the case of a loss or catastrophic event (disaster). A catastrophic event does not necessarily mean a natural disaster or other force of nature, but most often refers back to hardware failure or human error. For example, if your hard drive stopped working or you accidentally deleted a file, you could implement your backup and disaster recovery plan and if a successful backup is available, recover the single file, or in the case of the failed hard drive, the complete volume of data that was lost. It really is that simple.
The problem with having only a BDR plan, however, is that while waiting to recover the missing data, you’re company will be experiencing what is referred to in the world of data loss prevention, downtime. In the case of the single missing file, this may not be a huge loss, but without proper planning and the correct solutions in place, servers or workstations that are vital to the operation of a business could be down for hours, if not days or even weeks. While the business’s data may be ultimately safe, long periods of downtime could lead to the loss of revenue, damaged client relationships, or even the closing of the business.
Which leads to the importance of RTO and RPO. RTO, recovery time objective, refers to the amount of downtime a business can endure before being negatively effected. RPO, recovery point objective, refers to the amount of data a business can afford to permanently lose in the case of a catastrophic event or failure.
Let’s start with RPO. If a business’s backup and disaster recovery plan is set to backup data every Friday night at 10 PM, and the server hosting that data experiences a catastrophic power surge at 9 PM on a Friday night, just one hour before the weeks backup is set to happen, an entire weeks worth of work will be lost. However, if backups are set to happen every night at 10 PM, in the same scenario, only one days worth of work will be lost. When it comes to RPO, each business is different. For a manufacturing company, losing a weeks worth of data may not be the end of the world, especially when compared to the added cost of data storage for the extra backups. However, for the engineering firm that designs the widgets manufactured by the first company, losing a weeks worth of data could result in the permanent closure of the business.
Just as a business must consider how much data they can afford to lose, how much downtime they can afford to endure must be considered too. RTO refers to how long a business can afford to be down before becoming negatively affected. Referring back to our previous example, the manufacturing company can probably keep right on churning out widgets for a week, maybe even two, while they order a replacement server and get things back up and running. The widget design company, however, may not be able to go even a day before they are missing deadlines and negatively impacting client relationships because they can’t access the tools they need to design new widgets.
In a perfect world, every business would back up their data as it is created and have the tools resources to be up and running instantly in the case of a failure. However, data storage is expensive, as are BDR servers, spare workstations, and off-site virtualization solutions, to name just a few of the tools that can be used to quickly recover from a disaster. Every business must choose a balance between cost and a quick RTO and comfortable RPO. If you would like help choosing yours, contact us today.