Exercising Your Organization’s Data Loss Recovery Abilities
Our last post on backup and recovery testing was intended for small to midsize businesses (SMBs). In this post, we’ll also look at the data loss recovery issue, but with an eye toward managed service providers (MSPs) and enterprise organizations.
The ability to recover from data loss is a measure of cyber fitness. As with any good fitness plan, it requires regular workouts as part of an overall fitness regimen. The difference is, instead of lifting heavier weights for more reps, the goal you’re working toward is assurance that service level agreements (SLAs) can be met. To get started, take an accounting of all the systems, software and platforms in the organization and create categories:
- Mission-critical to the business
- Recovery Time Objective (RTO) or acceptable downtime
- Recovery Point Objective (RPO) or acceptable loss of data
- The people who access this information
- The department responsible for the application or platform
- Total cost of downtime
- Important to the business but can do without for a period of time
- Recovery Time Objective (RTO) or acceptable downtime
- Recovery Point Objective (RPO) or acceptable loss of data
- The people who access this information
- The department responsible for the application or platform
- Total cost of downtime
- Not critical to the business and can be rebuilt from new without major impact
- Recovery Time Objective (RTO) or acceptable downtime
- Recovery Point Objective (RPO) or acceptable loss of data
- The people who access this information
- The department responsible for the application or platform
- Total cost of downtime
Now that we have buckets for different systems, we can look at where they fit in our recovery plan. This will help us define a framework for mapping our internal SLAs back to the business need and category. It also helps IT determine the best strategy for recovering and, in turn, the best method of protecting systems in each category.
At this point, it’s important to have the business application stakeholders along with IT build the plan for stress-testing the different workflows. Together, they can establish the different scenarios to be tested based on business needs and risk tolerances. This means figuring out where
- Page 1
- Page 2