Looking for Expert Advice?
We're here happy to help
A couple months ago I wrote about how business priorities should drive how an organization goes about preparing for a disaster that could impact the IT systems on which it is dependent. The reasoning is pretty simple. With all the things we rely on systems to do, it’s obvious that some are more important to the corporate mission, and its health, than others.
If our priorities are dictated by the negative impact we seek to avoid—as they should be—then to translate those priorities into an effective disaster recovery program we have to consider other factors as well. While the concepts involved are simple enough—”time is money” leading the way—there are some complications. Most notably, we have some decisions to make that are going to affect the cost of our plan.
This is one reason that planning for business continuity can be so difficult. It’s not just a matter of knowing what systems are most critical. It’s balancing the risks associated with downtime with the expense of minimizing it, and it’s doing so in the context of any number of systems that support the organization. If there’s a recipe for an easy and foolproof method for concocting the perfect disaster recovery plan, I haven’t found it. It takes hard work and tough decisions, along with an awareness that embracing imperfection is better than succumbing to paralysis.
When we’re talking about setting goals pertaining to disaster recovery, we can pretty much sum them up using the terms—if you’ll pardon the jargon—recovery point objective (RPO) and recovery time objective (RTO). RPO addresses the question, “How much data can we tolerate losing?”, and it directly impacts, for example, the intervals we select to perform backups for a given system. The shorter the RPO, or the less data we’re willing to lose, the more frequently we have to perform backups and the more data $torage we’ll need (See what I did there?). RTO addresses the question, “How quickly must we—in case of a system outage—have a system up and running again?”. As you might surmise, shorter RTO likely means a more sophisticated (and expensive) solution.
Determining RPO and RTO is a balancing act. The costs associated with downtime and data loss are weighed against the costs of implementing backup and recovery solutions, metrics that will vary across different systems and services within an organization. An e-commerce website might have a short RTO because downtime directly impacts revenue, whereas a less critical internal application might have a longer RTO.
Setting objectives is a collaborative process involving stakeholders from IT, business units, and sometimes even external partners or vendors. Once set, RPO and RTO metrics serve as essential guidelines for selecting appropriate data protection and recovery solutions.
Making good decisions is infinitely more likely when there is good data to work with, as it illuminates both risks of downtime and the costs associated with minimizing it when it occurs. For the latter, we must have a complete inventory of current systems, components, and the workload profiles associated with each of them. With a clear picture of the technology on which we are dependent, we can, at least, begin the process of planning for failover.
In the ever-evolving world of IT offerings, partnering with an experienced solutions provider offers some advantages. Here are a few that come to mind:
Disruptions can be caused by natural disasters like floods and earthquakes as well as human-induced events such as cyberattacks, hardware failures, or even simple human errors. The absence of a robust disaster recovery plan can result in significant financial losses, erode customer trust, disrupt business continuity, and even lead to the failure of the business in extreme cases. Investing in a comprehensive disaster recovery plan is not just an insurance policy against unforeseen calamities. It’s a fundamental business practice for safeguarding the future viability of an organization.
Contact Prescriptive Data Solutions today to find out more about how we can help protect your organization from a disaster.