Posted by Adam Marget
Adam Marget
Recovery
“All you have in business is your reputation, so it’s very important that you keep your word.”
— Richard Branson
Businesses have little tolerance fordowntime,especially if you consider that theaverage cost ofITdowntimeis $5,600 per minute. This translates to thousands of dollars lost in revenue in a matter of minutes. Moreover, if you add costs from loss of productivity, customer churn, and non-compliance fines and penalties, you may even be staring at permanent shutdown.
The irony is that disasters are bound to happen to any business. However, theway anorganization deals with disruptiondeterminesthetrue costofdowntime. To mitigatedowntimerisks, businesses and IT teams need to be preparedby having a solid business continuity and disaster recovery (BCDR) plan in place.
The two most important parameters of a good (or bad) BCDR plan are the recovery point objective (RPO) and recovery time objective (RTO). They quantify the losses that potentially ensue if critical systems fail, and set protocols for rebooting services to resume operations and to meet service level agreements (SLAs). In essence, they provide a realistic backdrop against which IT leaders can plan and execute a successful BCDR plan.
In this article, we break down RPO and RTO, their role in a BCDR plan, and whyit’sessential for businesses to define and understand their RPO and RTO.
RPO and RTO Defined
Let’sstart by defining RPO and RTO.
What Is RPO?
A recovery pointobjectiveor RPO is themaximumacceptable amount of data loss measured in time. It marks the time during the disruption when the quantity of data lost exceeds the BCDR plan’smaximumallowable threshold.
The purpose of RPO is todetermine:
What theminimumbackup schedule frequency is
How much data can be lost after a disaster
How far back the IT admin team should go to employ sufficient restoration without delaying data loss against expected RTO
An example of RPO:
When disruption occurs, if the most recent backup copy of data is from 10 hours ago, and the standard RPO for the business is 15 hours, then we are still within the bounds of the RPO as specified in the BCDR plan. Essentially, RPO answers the big question, “Up to what point in time can the recovery process move tolerably given the volume of data lost during that interval?”
What Is RTO?
Recovery time objective or RTO is the timeframe within which applications and systems must be restored after an outage. Itdeterminesthe quantity of time that an application or system is allowed to be inoperational without causingsignificant damageto the business. To put it simply, RTO measures the amount ofdowntime“tolerated” as per the BCDR plan.
The purpose of RTO is todetermine:
The real-time duration required to recover an asset (file/host/site) from the point in time the incident interrupts the normal flow of operations until restored.
IT preparations for implementing the BCDR plan.
The acceptable level of risk of data loss, when key systems or applications go offline.
An example of RTO:
Due to issues with the Microsoft Exchange Server, applications that include emails, calendar and collaboration services (such as Teams) go down. If your RTO is set at six hours, this means the maximum tolerable downtime your business can survive is six hours, and your RTO for the Exchange Server must be less than six hours to avoid serious damage to the business.
Importance of RPO And RTO
If you think your business can do without RPO and RTO, think again.
Here are a few reasons why you need to invest in understanding and establishing RPO and RTO:
Increases BCDR Plan Effectiveness
Should a disruption occur, no business can endure data and reputational loss without RPO and RTO. You will be clueless with regards to how much and for how long your business can afford a data loss. An effective RPO and RTO give your BCDR plan a more pragmatic layer, making the policies more effective.
Protects Critical Applications
Critical applications are applications without which a business cannotoperateunder any circ*mstance. One of the tenants of RPO and RTO is application priority. This leads to a reliable IT infrastructure where critical applications are spun up first, bolstering your disaster recovery efforts.
Defines Your SLA
RPO and RTO help you define yourSLA during disruption. It also includes prioritizing SLA to ensure the end user isn’t affected by the disruption of business operation. If you can lower your RPO/RTO, you can guarantee tighter deliverables.
Effective Staff Allocation
Based on the RPO/RTO, businesses divert relevant personnel to data recovery during a disruption, allowing the rest of the staff to work on more productive tasks that impact the bottom line.
How Do You Calculate RPO and RTO?
Different businesses have different and unique RPOs and RTOs. However, the methodology to calculate RPO and RTO are somewhat similar. Start with understanding thecost of downtimefor your organization.
Secondly, as part of your BCDR plan, build an inventory of every system and application used by your organization. Don’t forget to consider internal teams and end users that may be affected by systems rendered inaccessible. These systems are categorized intotiers.
For instance:
Tier 1/ Gold = 15 min – 1hr RTO
Tier 2/ Silver = 1hr – 4hr RTO
Tier 3/ Bronze = 4hr – 24hr RTO
To define these tiers and come up with an appropriate RPO and RTO, ask yourself these questions:
RPO:
- How much data do we project to lose should operations be interrupted?
- What is themaximumamount of data loss we can tolerate?
- What is the cost of lostdata?
- What is the cost to reenter lost data?
- How much will it cost to implement a solution that can meet our requirements?
RTO:
- How much revenue do we project to lose if this system is inaccessible?
- Does this system handle customer data? If yes, what SLAs are in place with customers?
- If X system went offline, does it have dependencies? What other systems would be impacted? What are the RTOs for those systems?
- What customer-facing systems or applications do we have that would result in loss, churn or customer dissatisfaction if they were unavailable?
- How much will it cost to implement a solution that can meet our requirements?
Shape Your RPO and RTO With Unitrends
Unitrends offers the perfect tech stack to shape RPO and RTO that perfectly fits your business needs.
Incremental Forever: Meet more aggressive RPO by incrementally backing up a protected asset, meaning IT admins can track changes to the protected system since the most recent backup.
Block Agent: Advanced recovery options, like Instant Recovery with image-level backup, enable faster backups of protected Windows assets by protecting them at the disk volume level.
Recovery Assurance:Test backups and their recoverability in a sandbox testing environment. Subsequently, track RTO and RPO in exportable compliance reports and know what to expect when you need to recover.
Learn more about why Unitrends is the right fit for your organization.Get in touch with us today!
