Understanding RPO And RTO For Disaster Recovery
Downtime is unpredictable but inevitable. What’s more, if disaster strikes and you don’t have a disaster recovery solution, it can have a negative impact on your productivity, revenue and data.
The extent of damage caused will be determined by the strength of your business continuity and disaster recovery plan (BCDR).
A robust BCDR plays a central role in minimising financial damage after a disaster. Two of the most important protocols are the Recovery Point Objective (RPO) and Recovery Time Objective (RTO).
RPO and RTO take centre stage in outlining a disaster recovery strategy that will minimise impact when your business is compromised.
In addition to a disaster recovery plan, you also need to devise a business continuity plan which details a contingency plan that to keep things ticking over whilst your IT network is out of action.
In brief:
RPO determines how much data you can afford to lose before it financially hurts your business continuity
RTO is an estimate of the impact downtime will have on your business operations in relation to a specified timeframe
What is Recovery Point Objective (RPO)?
The RPO should state the maximum amount of time you are prepared to absorb after a data loss. A good question to ask is how much time can you afford to be without operations considering the amount of productivity you will lose in the interim.
You can also think of RPO as the amount of time it will take to recoup lost data if your system crashes.
For example, if you spend an entire afternoon working on a report and have a power outage at 5 pm, how much of the report will be lost?
If your data is not regularly backed up, you could lose everything you have written in the last four hours. With cloud backup as part of your disaster recovery plan, regular updates will salvage the vast majority of the document.
You might lose a sentence or a paragraph, but you won’t have to rewrite the entire report.
To determine your RPO, analyse the potential loss of productivity from a financial aspect. This will be different for every business and there is no one-size-fits-all approach.
However, there are general questions you can consider as guidelines:
- How much will a data loss and/or loss of operations cost each department?
- The number of employees that will be potentially impacted
- What will be the extent of damage in relation to the type of disaster (power outage, cyberattack, fire/flood, irretrievable theft)
- The sensitivity of the data (customer data, intellectual property)
- What are your data storage options and which options are best equipped to maximise business continuity and minimise loss
- Consider the compliance commitments for your business (i.e GDPR, data protection act)
- Cost of implementing efficient disaster recovery solutions
What is Recovery Time Objective (RTO)?
RTO deals with the length of time your systems need to be restored after an outage. This protocol should identify an acceptable timeframe that you can be without operations that rely on your IT system.
Your RTO should start from the moment the disruption to your business occurs to the point your team starts working again.
The Importance of Data Protection
The most devastating data loss a business can suffer is arguably a cyberattack. A ransomware breach, for example, involves your IT framework being held hostage.
A data breach typically damages the reputation of a business and customers lose faith that you are able to protect their sensitive data.
If the drop-off in business doesn’t destroy your business, the GDPR penalty probably will. Fines for infringements are hefty.
Businesses that fail to protect customer data are handed fines of up to £17m or 4% of your global annual revenue, whichever is the greater. Penalties are awarded on a case-by-case basis but according to reports 60% of companies that suffer a data breach go out of business within six months.
Ensure your BCDR has a dedicated section that deals with how to protect, restore and update customer data in accordance with GDPR compliance criteria for your industry. Not every business has the same criteria.
Implementing a Disaster Recovery Plan
The key purpose underlying a disaster recovery plan is how you will navigate problems and mitigate the risk of suffering a significant financial loss.
Bear in mind that your business could lose data in a variety of ways:
- Power outage
- Human error (accidental deletion of a file/document)
- Cyberattack
- Software or hardware failure
- Natural disaster
To avoid setbacks to productivity, loss of customer data and lengthy timelines that could be avoided, your disaster recovery plan should include:
- Risk assessment (identify vulnerabilities in your system that could invite a disaster)
- Data protection strategy that enables you to avoid or minimise penalties
- Address concerns of investors, employees and owners
To help you decide how to prioritise data and implement an effective disaster recovery plan, perform business impact analysis using a three-tier model.
Tier-1: Deals with mission-critical data that is subject to the minimal amount of RTO (i.e 1 minute)
Tier-2: Outlines business-critical data that falls outside Tier 1 (data that doesn’t require immediate backup)
Tier-3: Non-critical data that can be backed up at the end of the day
Disaster Recovery vs Business Continuity
There is a misconception that a disaster recovery plan and a business continuity plan are one and the same. Whilst there is some crossover, the two strategies deal with disaster in different ways:
Disaster recovery details how you will respond to a potentially damaging event; how will you get hardware, software and apps up and running again as quickly as possible.
Business continuity is a proactive plan that outlines how you can maintain operations and meet service level agreements in the absence of inaccessible data.
A continuity plan involves assessing your business resources and assets and contemplating how they may be compromised and what you can do when resource and assets are not available.
A business continuity plan should include:
- The operational procedures for your entire business
- How many people will be affected by a data loss (employees/customers/suppliers)
- Potential repair costs to computers equipment, servers and networks
- Business property
Without a business continuity plan, you are more likely to cause more damage to your business in the event of a mishap. Bear in mind that traditional IT systems can take 7-10 days to recover completely.
The best BCDRs give you the capacity to work offline and online. A hybrid solution of cloud computing and on-site data storage is the preferred choice.
How Can MicroPro improve your disaster recovery plan?
Until a few years ago, the dominant solution for disaster recovery was tape and disk backup. They are still popular options. However, traditional data recovery strategies do have several weaknesses.
The major problem with onsite disaster recovery solutions is there’s a limit on how much data can be recovered after a common power failure. You could have a dedicated member of your IT backing data up every minute but this would be a very expensive method of saving data.
If you’re running your backups once a day or overnight, you will suffer from unnecessary data loss and downtime every time you have a power outage or computer malfunction.
Ideally, airtight RTO and RPO protocols represent the minimum amount of disruption and financial loss. Because cloud backup solutions cut data loss close to zero, businesses are adopting cloud computing strategies to reinforce data backup options.
MicroPro provides a comprehensive range of cloud-based services that bolster your IT infrastructure and minimises the amount of downtime you could potentially suffer.
Our IT support solutions mitigate tricky and often complex problems. For example, we have advanced technologies that proactively monitor your IT systems 24/7 and identify potential problems before they occur.
We also have a highly experienced team of knowledgeable IT professionals that continuously monitor the health of your IT network and ensure your servers deliver high availability. We strive for 99.999% uptime.
With the threat of hackers presenting a real concern for businesses of all sizes, our cybersecurity technologies give you more resilience. Cybersecurity is particularly crucial for companies that deploy a mobile workforce.
Malicious actors use a variety of techniques and technologies in an attempt to get access to IT networks. Cybersecurity firms reported a 358% increase in malware last year whilst phishing attempts account for more than 80% of all reported incidents.
MicroPro helps to defend your business against a data breach with fully managed patch management and anti-virus solutions.
Our experienced IT professional can also help you create an effective disaster recovery and business continuity plan.
We appreciate disaster recovery strategies are difficult for small business owners and C-suite executives to understand when you are not familiar with the capabilities of cloud computing. So feel free to get in touch and speak with one of our experts.