How are your applications doing today? Have you checked and verified that the backups are occurring? Have the application business owners relayed to you the importance of their application and the effect an outage would have on their mission? Recovery Time Objective (RTO) and Recovery Point Objective (RPO) could possibly be the two most important phrases exchanged between the IT team and the business team. You may want to check that your agency’s backup strategy aligns with the business team’s needs.
- Backup cycles must align with the needs of the business team’s application needs.
- RPO may have a higher value to a business team over RTO.
- Business teams must understand the backup longevity to ensure it matches their needs and their budget.
- Business teams must prioritize application restoration efforts for on-premises or cloud-based data centers (especially important for large application portfolios).
Depending on the scope of an IT team to restore applications, the effort required to return to some level of normalcy could easily exceed the throughput capacity of the teams involved in the recovery process. IT teams must ensure that the RTO & RPO information on each application within their scope of responsibility accurately reflects each application owner’s needs. Once verified, review each application’s backup cycle to see if it matches. Denote all the ones that do not match. Seems simple, right? Unfortunately, in many cases they do not match, and in the scenarios where the RPO is less than the backup cycle, either the backup cycle must be shortened or the business teams must acknowledge that a greater loss of data is acceptable. The latter option is normally not chosen by the business teams unless the potential cost increase for a smaller backup cycle (to match needs) presents budget challenges for the business teams. If so, then they must make a difficult decision whether to risk losing data or to seek additional funding to cover the extra backup storage costs.
What can IT teams do to help this scenario? Well, possibly not a lot, in terms due to shorter backup cycles. Instead, the IT teams should work with the application business owners to help define the RTO/RPO needs and impact on the agency if/when an application is not available.
- For each application, validate RTO/RPO has been captured correctly (or capture it now).
- Compare the backup cycle for the application to ensure it matches the RPO needs and denote any differences.
- For applications deemed highly/strategically critical and have a mismatch on the backup cycle and the RPO, help craft a budget estimate so business owners can seek additional funding.
While RTO and RPO are mentioned in this article, it focuses on RPO for each application. A large-scale application outage/disaster will stress every team within the IT department (and many business teams). Business teams must take a holistic view of the entire application suite to determine the restoration order the IT team must follow in that scenario if everything fails at once. Setting these expectations early helps ensure proper planning steps can be made.
Dan Kempton is the Sr. IT Advisor at North Carolina Department of Information Technology. An accomplished IT executive with over 35 years of experience, Dan has worked nearly equally in the private sector, including startups and mid-to-large scale companies, and the public sector. His Bachelor’s and Master’s degrees in Computer Science fuel his curiosity about adopting and incorporating technology to reach business goals. His experience spans various technical areas including system architecture and applications. He has served on multiple technology advisory boards, ANSI committees, and he is currently an Adjunct Professor at the Industrial & Systems Engineering school at NC State University. He reports directly to the CIO for North Carolina, providing technical insight and guidance on how emerging technologies could address the state’s challenges.
Leave a Reply
You must be logged in to post a comment.