Backing up enterprise data to the cloud is fast becoming a standard in disaster recovery planning, but it’s not an out-of-the-box solution. Every business is different, and processes and departments within a single organization may also have different needs. In order to have a disaster recovery plan that provides effective safeguards for business continuity, managers and IT teams must take Recovery Point Objectives and Recovery Time Objectives into account.
The Recovery Point Objective (RPO)
How much data can be lost before a recovery plan is no longer viable?
Many people are familiar with GMail and other online services that automatically save drafts every few seconds. In the event of a browser crash, usually only a few words or sentences may be lost. On the other hand, when composing in a desktop word processor, the recovery points are spaced much further apart: usually whenever the typist decides to stop and save. If they haven’t saved in the length of a typical work session, pages of data may be erased in a crash.
GMail can get away with saving every few seconds because it’s working with very small amounts of data in the form of text. Businesses, especially in the field of big data, will likely find that continuous backups increase their overhead beyond acceptable levels. Less-frequent backups save money, but increase the likelihood of data loss in the event of an emergency.
The Recovery Time Objective (RTO)
What is the maximum acceptable amount of business downtime after an incident?
Recovery processes aren’t instantaneous. While the time it takes to write a backup to storage may not be high on a list of concerns, the time it takes to read a backup and restore necessary software is critical. Many factors impact this, such as the format in which data is backed up (for example, many small compressed files versus one extremely large data dump), the location of backup servers, and the number of processes impacted.
Thinking Beyond Backups
RPO and RTO are useful guiding metrics, but a robust security plan doesn’t start and end with them. Instead, those metrics should frame a plan which is responsive to business needs at a fine level of detail. Some examples of these details may include:
- Do certain business processes need to be up and running before others? Does the recovery process allow for tasks to be prioritized?
- Do certain business processes require more frequent backups than others? Does the backup process allow for tasks to be prioritized?
- Who declares an emergency? What is the communications plan when a disaster occurs? Who has the authorization and responsibility to initiate backups?
- How often can the system be tested? How often are disaster recovery plans reviewed? If a plan is several years old, will it continue to represent current business needs?
By taking many factors into account, backup and disaster recovery plans become more than an expensive, ineffective chore – they become a powerful and integral part of business continuity planning. Contact us today to discuss the most effective backup and disaster recovery plan for your business.