Understanding recovery objectives for enterprise data protection

Prasanna Malaiyandi, Product Architect

For many, the lottery is a 50-50 proposition: you either win or you don’t. For a lot of IT techs, disaster recovery/business continuity (DR/BC) is similar: you’re either online and providing services or you’re not. However, IT CIOs and managers have budgets, and the business units they support have budgets and pipelines. For them, a simple “yes-it’s-available” or “no-it’s-not” can be an aggravating answer. Like most enterprise business processes, they need metrics that tell them what to expect.

The metrics

Recovery point objective (RPO) and recovery time objective (RTO) are the two metrics most commonly used to define DR/BC needs and goals. They’re very different and serve different purposes yet they are utterly interdependent. First, definitions:

  • Recovery point objective (RPO), the maximum time between backups
  • Recovery time objective (RTO), the time it takes to get up-and-running again

In simple terms, RPO corresponds to the amount of data and work that a business can afford to lose. If your RPO is eight hours and you back up every night, you could lose up to whatever it costs to generate a day’s worth of work. It’s a metric that helps teams understand the value of their work and their time. Backups are insurance against lost work, and insurance always has a cost. To insure something correctly, you have to quantify its value.

Whereas RPOs are about data, RTOs are about processes. How long before a salesperson can access the CRM? How long before manufacturing’s ERP is online? As with RPOs, correctly insuring against losses from being down requires knowing how much you stand to gain by being up-and-running faster.

Data protection is your insurance

Setting the right RPOs/RTOs depends on the costs of losing data/work, the costs of not being able to do business, and the cost and capabilities of your insurance: your data protection and management solution. Protection capabilities particularly relevant to RPOs/RPOs include:

  • Ease of restoring enterprise data across endpoint, data center, and cloud workloads — does the solution back up salespeople using their smartphones in airports as reliably as it backs up an office desktop?
  • Speed of spinning up VMs and IT infrastructure — does the solution enable cloud virtualization for emergency operations?
  • Scalability and pricing — does the solution automatically accommodate rapid changes in data volumes? Does hot and cold data automatically move within tiered storage? Does it have a consumption-based, pay-as-you-go pricing model?

Putting numbers on the value of work and data from multiple business units and converting them into appropriate RPOs/RTOs is a science, and probably an inexact one at best. More of a constant is the quality of your data protection solution and making sure you have the right one deserves careful attention.

Druva’s disaster recovery as-a-service can save your business when disaster strikes. For more detail about why the cloud is the place for enterprise data protection and management, download “The Definitive Guide to Enterprise Data Backup and Recovery Architectures.”