Disaster Recovery Planning Essentials
With work at home being a requirement for many industries the need for planning and policies has increased with it. Much like the current environment, disasters to your network can be unforeseen and unexpected; however your response and how you limit your exposure can be planned. This article will explain some of the basics for a disaster recovery plan.
Imagine waking up in the morning and walking into your office, ready to begin your day. You’re starting your workstation while thinking about sending out that proposal for 9:00AM. You put in your credentials, hit enter and boom! Your computer didn’t explode but your day did as a screen popped up, telling you that your data has been encrypted and in order to get access you have to email the address shown. How are you going to recover? Well, if you have a disaster recovery plan, you may be caught off guard but you are prepared. This disaster recovery plan begins with understanding your RTO and RPO.
What is RTO
RTO stands for Recovery Time Objective. What it means is how long your business can sustain a computer system outage. RTO puts a metric of: when does the loss of productivity or the inability to conduct business become unsustainable. Each business is going to be different. A coffee shop who buys coffee beans and other supplies via an app or computer program may be able to keep open and serve coffee for a few days, with the stock they have on hand. Perhaps they can call their supplier and get restocked while the network gets rebuilt. Where a logistics company whose entire production, supply-chain, sales, accounting and all other business process is computerized, would be at a stand still and become inoperable nearly immediately. A coffee shop may have an RTO of two weeks, whereas a logistics company may have an RTO of an afternoon.
What is RPO
RPO stands for Recovery Point Objective. What it means is what amount of data can you lose with minimal business impact. In other words how much data can be lost in the event of a disaster and easily be re-created versus being unrecoverable or too time consuming to re-create. An RPO will determine what gets backed up, how often and how long the backups are kept. An RPO will help you define how much data you’ll be backing up. Like a RTO, it will be different for each business. A small consultancy firm may have a standard rate per hour they work from, which could be re-created very quickly versus a large medical supply company who has complex price listings and product descriptions. The small consultancy may have the same pricing model for years whereas the medical supply company may have different prices based on changing vendor contracts or daily changes in currency types. These two companies would have very different RPOs and policies for what gets backed up, how often and how long the backups are kept.
Why Recovery Points Matter
Have you ever deleted an important document, like a price list or procedure guide? Depending on how often you retain your backup and how often you backup will determine if this document is still available. At AbleIT we recommend 14 day retentions and a daily backup at a minimum. What this means is that every night a backup will occur and a copy of that backup will be held for 14 days. In the scenario of the deleted document, it would be recoverable up to 14 days from the most recent daily backup. If you deleted the file at 8:00AM you would have a recoverable file from what was backed up the night before. The backup schedule and retention schedule can be set to almost any configuration but the general rule is the more you backup and the longer you retain the copies, the more cost and infrastructure it takes. This is why understanding your RTO and RPO is important, to balance risk of recovery to costs of recovery.
There is Much More to Consider
Looking at your RPOs and RTOs and what kind backup/retention schedule is just scratching the surface. Other things to consider in reducing your risk are redundant or replicated sites; is your backup being stored at just one location or multiple. You would also want to consider if your backup is cloud based and offsite; disasters are not just ransomware related but could include fires and floods; if your data is stored just locally a fire or flood could destroy it. What kind of back up do you have, image based or file based. Like many things in life the limits could be endless but defining these will determine how quickly you can recover and how secure your data is.
If you have any questions or would like AbleIT to help you with your disaster recovery planning, please contact us below!