Recovery point objective definition
A recovery point objective (RPO) is part of an enterprise disaster recovery strategy that defines an organization’s data loss tolerance. RPO specifies the maximum amount of data loss a company or business is willing to tolerate in the event of a data loss. The value of the recovery point objective is expressed as an amount of time without data a company is willing to risk. For example, if only a single day’s worth of data can be lost, then the RPO would be one day. Larger RPO values indicate higher tolerance for data loss.
In the world of data backup & recovery, RPO has a twin called recovery time objective (RTO), which is also part of a data protection strategy. RTO specifies the application time tolerance, or how long an app can be down without causing significant business pain. RTOs vary by application.
What is a recovery point objective?
A Recovery Point Objective, or RPO, refers to how much data the business will risk as non-recoverable, and will drive the decision of how often a company will back up their data. The modern digital economy necessitates robust and airtight data protection policies and practices with smaller RPOs that help maintain compliance with regulatory requirements and reduce data loss potential.
Organizations adopt backup policies as part of the overall disaster recovery posture that seeks to avoid data loss or extended shutdowns due to unexpected events. A prudent data protection and disaster recovery plan would include the correct values for recovery point objectives. From a practical standpoint, less critical data tend to select higher RPO values that match their data loss tolerance, while critical business data opt for lower RPO values. Major retailers and stock exchanges execute thousands of transactions per second and cannot afford to lose any portions of that data.
As enterprises formulate their disaster recovery strategies, they must adopt recovery point objectives and recovery time objectives that match their tolerance for data loss or unplanned disruptions.
What is a recovery point objective and how does it work?
As the recovery point objective determines the amount of data loss that can be tolerated, selecting the right RPO value is crucial for protecting customer data and maintaining regulatory compliance. As part of creating a disaster recovery plan, IT teams need to look at all departments, all applications used, identify the essential data, and evaluate the impact of loss, then establish an RPO priority list for applications. Priorities are set based on overall data, as recovery time objectives address application failures and restoration.
A robust data protection and disaster recovery plan always supports recovery point objectives and other elements such as frequent backups and checks on backup copies’ health and more. Considerations alongside determining RPOs include:
- Frequent backups. Companies need to adopt a strict policy for and enable regular backups to minimize the potential for data loss. Smaller RPOs help reduce potential losses, but they can be more effective when coupled with disciplined and frequent backup practices. It is a good IT practice to identify and call out in DR plans the parties responsible for administering and conducting backups
- The 3-2-1 rule of backup. A backup or disaster recovery policy should allow for three backup copies stored in two separate locations, with one off premises – which could include tape or more modern alternative – cloud copies for air gapped protection. Having an on-premises copy of your data allows for speedy recovery of on-premises data should a disruption occur.
- Automation. The best protection against human errors and skipped backups is automation. Taking the guesswork out of backing up critical data ensures speedy recovery and avoids unexpended higher costs of unwanted disruptions.
- Backup checkups. Avoid unpleasant surprises of corrupt or unavailable backup copies by regularly checking the integrity of the backup copies. Few things are costlier than relying on something that is not there when you are counting on it in a time of need.
- Review and improve. Things change and IT needs to periodically review data recovery plans and RPOs to ensure that they are suitable for company business needs. IT should also check and adjust employees’ roles in the data protection plans when necessary.
Why is the recovery point objective important?
The amount of data created daily is staggering, and all of it must be stored and protected against loss. By 2025, it is estimated that 463 exabytes of data will be created each day.1 It is also estimated that by 2023, at least 50% of commodity server workloads still hosted in data centers will use a public cloud for disaster recovery.2 The exponential expansion of data in the cloud opens to door for efficient and speedy backups around the clock. Setting the right recovery point objective helps ensure business continuity in the face of outages even if onsite and offsite data centers experience failures or attack, which happen more than anyone likes to see. Users expect to have the data they need accessible and available around the clock under all circumstances.
With a sound data protection and disaster recovery policy and appropriate RPOs and RTOs, businesses can safely store and backup their data and quickly restore it to keep the business running and customers satisfied. It is almost inevitable that a company would experience some data loss and application failure due to unscheduled disruptions. With the right backup and restore policies and sound recovery point objectives, organizations can minimize or avoid vital data loss due to extended disruptions or lengthy recovery timelines. In short, the right RPOs strengthen your data protection and disaster recovery strategy and accelerate recovery time, reducing the costs of disruptions regardless of their causes.
Benefits of a recovery point objective
Digital data and applications are the drivers of business growth. Adopting a disaster recovery strategy is vital for businesses and protects against data loss’s potentially harmful impact. An essential component of a successful data protection and disaster recovery plan is carefully considered RPOs and RTOs.
Adopting and enforcing efficient RPOs enhances data protection and disaster recovery plans and enterprises in numerous ways:
- Granular recovery. An efficient RPO should require a backup solution that offers granular data restore. The ability to recover the exact piece of data from a backup allows companies to save time and cost without complexity. With granular recovery users can find and get back a single file or document with ease. This recovery method avoids having to recover an entire system, or storage drive just to retrieve one file.
- Data protection and compliance. Companies need to maintain compliance and verifiable data is an essential part of that. It would help if you adopted a disaster recovery strategy with the right recovery point objectives that ensure adequate backups with no potential for critical data loss. One can take advantage of available data encryption and access management security available on the cloud. One can only benefit from maintaining regulatory compliance if they have protected current data. Cloud delivered solutions give companies access to broad capabilities in that area, including GDPR, SOC2, and ISO 27001.
- Cost-optimized operations. Protect existing IT investments with an effective backup policy that includes proper recovery point objectives to ensure protected and up-to-date backups. Extending data protection to the cloud delivers added benefits as it frees investments tied up in on-premises infrastructure and shifts upfront capital expenditures to budget-friendly operating expenses.
Common use cases for recovery point objective
Organizations of all sizes need protection against data loss. The right data protection policies provide RPO support allowing customers to reduce downtimes and speed up recovery following a disruptive event. RPOs contribute to maintaining data current for use in many ways, including disaster recovery, data protection and compliance:
- Business continuity. With the right RPOs in place, businesses can recover their data as needed to bring business back to life following unpredictable disruptions. The RPOs enable rapid recovery and shorter downtimes.
- Data protection. Without proper protection, your data remains susceptible to potential loss and corruption. A correctly established recovery point objective with automated backups preserves your data integrity and provides usable copies of lost or corrupted information.
- Regulatory compliance. Companies can use backup copies of their lost data to make their case for compliance and to meet audit requirements. It is also important to note that data copies may have to be stored in specific locales to satisfy some regional regulations.
Does Metallic support recovery point objectives?
Yes! Metallic Backup as a Service (BaaS) solution supports your RPOs and a wide range of data backup and protection services. The Metallic BaaS portfolio includes data backup and recovery for SaaS application data including Office 365, Salesforce; endpoints; databases, files and object storage; and VMs (virtual machines) and Kubernetes. Metallic Cloud Storage is also available as a cloud backup target location. These solutions protect data on-premises or in the cloud, for future-proof data protection, whatever your needs.