One of the main responsibilities in all the well-run IT organizations is to maintain and evaluate the risk of data loss, and establish business continuity plans that give a proper outline of backup and recovery along with the needed recovery point objective (RPO) and recovery time objective (RTO). In the age of cloud and SaaS,
• Existentially critical- The organization or the enterprise will stop functioning completely if these first- tier systems or data are not available or compromised with.
• Mission critical- If these second-tier systems are compromised with, the organization or the business will suffer significant loss and damage but won’t incur any existential harm
• Optimal- for- performance- If these third-tier systems face any kind of damage, the organization will face a reduction in efficiency, but otherwise the impact is limited.
When it comes to calculating RTO and RPO, there is no common answer. The stakeholders should assess the maximum tolerable period of disruption (MTPD) on each application and dataset, and then apply a protective layer based on how the specific organization has defined existentially critical, mission-critical, and optimal for performance.
With the wide adoption of a myriad of applications, a few of the responsibilities and costs of IT have been offloaded to the vendors, thereby letting IT focus better on protecting their applications. Although most vendors offer some level of protection to the mission-critical applications, IT is ultimately responsible for ensuring the security of the organization. RPO and RTO are to be established so that the sync errors can be recovered which may otherwise corrupt or permanently delete the data of the organization.
To ensure the safety and proper application of RPO and RTO, following steps needed to be taken:
• Reviewing the current RPO and RTO to ensure that they reflect the best of the organization while serving data.
• Assessing the potential impact of ransomware and the current plan to tackle it
• Test the recovery approach of RTO