However, many do not have an effective plan for restoration, nor do they pay any regard to the necessary framework required to perform an efficient restoration. This is where recovery point objectives (RPO) and recovery time objectives (RTO) come into play. These are the two objectives that are essential for data recovery, designed to aid businesses who have suffered a disaster to come back and resume normality.
So, what is RPO & RTO?
RPO (Recovery Point Objective) is the point to which information used for an activity is restored to enable the activity to operate on resumption. This can also be referred to as ‘maximum data loss’. This term generally applies to a system or application that stores data. RPOs are metrics for determining how much data you are willing to lose, from backup to disaster recovery.
Some factors that may influence RPO are:
- The number of critical applications and systems
- Data volume
- Data back-up methods
- How frequently data changes
- Data back-up frequency
- Data storage & accessibility.
Whilst many businesses have a routine data and system backup process in place, this process may not occur at the same frequency an organisation needs. This is something that is often not discovered until after an attack or significant disruption occurs.
There are many reasons why backups may not be done frequently. The cost of doing this may be one reason. This is because the more data you have and the more it is replicated and stored, the more storage space is required, thus, resulting in increased costs. Ultimately, if data is important to the functioning of a company, then so too is frequent backups and determining the RPO. If you experience a disaster or disruption to your business, your RPO helps determine how much data you can risk losing based on the amount of your most frequent backup to return to normal.
What is RTO?
RTO (Recovery Time Objective) is the period of time following an incident within which a product, service or activity is resumed, or resources are recovered. Generally speaking, RTO is the answer to the question: “how much time did it take for a business to recover after a business was notified of a disruption?”
RTOs will vary from business to business and it can range from several hours, days or even weeks and it will end only when your systems are back online and your data has been recovered. Here are some of the factors which might influence your RTO:
- How much revenue your business will lose for every hour of downtime
- How much loss your business can endure
- Resources needed to restore operations to normal
- If you understand the strength of your business infrastructure.
The final stages for consideration involve work recovery time (WRT) and maximum total downtime (MTD). Once RTO is defined, your work recovery time will follow, referring to the period of time within which a business is expected to verify the systems and the data integrity. Being aware of your WRT ensures that the virtual environment has successfully recovered and can resume normal operations again. Finally, MTD (maximum total downtime) is the sum of RTO and MTD together. This stage represents the total amount of time that your business can allow for the full disaster recovery process, without suffering significant loss and repercussions.
Essentially, RPO, RTO, WRT and MTD are the four fundamentals for information security and disaster recovery. Business owners must understand each of these requirements to help best determine the recovery infrastructure and processes needed to respond to disasters.
Are you worried about the cybersecurity of your business? Talk to LoughTec today – our team of experienced IT specialists can carry out an in-depth assessment of your business, to highlight potential weak spots in your IT infrastructure. We can work with you to develop a strategy to mitigate any risks.
Contact Cyber Security Company LoughTec for a free no-obligation discussion on your business cyber security posture. Call +44 (0) 28 8225 2445 or email email@example.com.