In our previous blog post on this topic, we defined and provided real-world examples of Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) to try and help you better understand what they are and how they should be incorporated into your disaster recovery plan. We also discussed some ways in which you can determine and measure these objectives using your business processes. In this post, we’ll be focusing more on how exactly you can figure out your own RTO and RPO. This way in the event of an outage or disaster, you’ll know your business is prepared and can weather a disruption to operations.
Understanding the Basics
So, just how exactly do you determine what your RTO and RPO are? With disaster recovery plans in general, it’s about getting to know your business’ ins & outs – all the little details and intricacies that run your business effectively. Like we mentioned last time, part of this includes your IT department interviewing business leaders and process stakeholders who know your business best.
It also includes bringing together the IT team, leadership, and your backup provider to organize and run a planned server recovery test. We recommend having your IT department start the discussion and navigate the group through the preparation and implementation of temporarily bringing down the system and then restoring it from a backup. This test run determines your baseline – what your RTO and RPO are right now. How long did take to restore and bring your systems back online? When the data was fully recovered, was it accurate and precise? Did you struggle to get back online or lose any valuable information during the test? The answers to these questions will identify your baseline objectives and assist with figuring out what your RTO and RPO should be in your disaster recovery plan.
Silence Isn’t Golden
Our last blog on this topic touched on the importance of communication, but we believe this is a critical enough point to recap again. Recently, a BT Partners client who had not done this prep work had a security incident and their leadership expected IT to be back online in only a few hours after an outage. Our client’s leadership team said, “Well, we have a backup, why can’t we just restore that backup?” It turned out that communication of expectations was non-existent, which resulted in major incongruence between this client’s IT and leadership teams.
We worked closely with their team to resolve this issue, review options for future situations, and improve communication. With only 2% of businesses organizations recovering from their latest incident in under an hour, it’s clear that it’s not as easy as some people think. That needs to be discussed well in advance of a disaster so everyone is on the same page. The principle here is making sure everyone is aware of deliverables and expectations – communication is key. Get a dialogue going ahead of time so you can put processes in place where you see potential gaps. Your home is only as good as the foundation it sits on, and the foundation in data recovery is accurate communication between IT, with respect to deliverables, and leadership, with respect to expectations.
What is your expectation for RTO and RPO? The usual answer we get from clients is “right away”. This would be great, but of course isn’t realistic. Even though a response like this isn’t helpful, it generally leads into a productive conversation of how and why that’s not possible. One thing to keep in mind is that the lower the RTO and RPO, the higher the cost of maintenance. Almost anything is possible if you have a large enough budget. For example, if you want it “immediately”, then you need to set up a disaster recovery hot site. This hot site is an identical replication of the infrastructure off-site. This sounds like a perfect solution but is very costly and not possible for most organizations.
To figure out what your business can afford, identify your boundaries of cost vs benefit or Mitigated Risk vs Accepted Risk. For example, we mitigate the risk by having the system in place AND maintaining our objectives and then we accept the risk because we’re not going to set up a whole second system.
Datto for Disaster Recovery
Nobody is immune, as 90% of companies have experienced technical issues leading to downtime at some point. Fortunately, and as mentioned before, there are technology solutions, almost in every case, that can help fill your data recovery cracks one way or another – it can be done. The challenge in most cases is, frankly, just the costs.
BT Partners works with is Datto, which is a third-party solution. Datto provides a service that, essentially, ends up being a force multiplier for our clients. Businesses pay a fixed monthly fee for this service and that service pays for recovery, appliance, and verification services. This reduces your objectives simply by farming the work out and is an integral part of our ability to recover for our clients.
We assume you have a lot on your plate no matter what your position is at a company, so we don’t expect you to also be an expert on disaster recovery or business continuity. We do, however, hope you now understand and appreciate the importance of RTO and RPO and what they can mean for your business. These simple but fundamental objectives are tools you can have in your toolbox to help you build an effective and solid disaster recovery plan. This will give your company a strong footing to recover and rebuild from should you ever need to. If you have any questions or would like some guidance through the process of developing your RTO and RPO, our Managed Services team is available to help. Our experts will offer smart, yet logical, advice on how a company can better plan, prepare and perform in a disaster.