Everything You Need To Know About Data Loss
A recent survey conducted by a multinational technology firm has indicated that almost two-thirds of the Australian companies surveyed experienced some form of data loss during the last 12 months. The majority of those surveyed were also not fully confident in their ability to recover from a data disruption in the future.
While instigating a robust data protection strategy can be complicated, not doing so can have a disastrous impact on the success and longevity of your business. So what causes data loss and how can you ensure you have the right data recovery strategy in place to maintain business continuity if a loss occurs?
What Causes Data Loss?
Critical data loss can be as a result of a variety of different failures including:
- Loss or theft of devices
- Power failures which can corrupt data and hard drives
- Property damage and arson
- Data breaches and cyber crime
- Virus and malware data corruption
What Sort Of Data Can Be Lost?
Businesses often have unique data and system assets they are dependent on. When data loss occurs, key data assets are at stake and these include:
- Financial and customer records
- Communication history like emails
- Private or important documents on computers and devices
- Contact information of partners, suppliers and/or customers
- Programs used to perform and record work
How Do I Avoid Data Loss?
In terms of business data recovery, there are a range of key metrics you need to consider, and two of the most crucial are Recovery Time Objective (RTO) and Recovery Point Objective (RPO).
Both help to determine how often data backups should occur, the maximum tolerable hours for data recovery, and what your data recovery process should look like. However, they are both quite different, so let’s look at their definitions and what makes them unique.
Recovery Time Objective (RTO)
Analysing your RTO is also a great first step in terms of establishing a disaster recovery plan — and one that’s absolutely necessary. A RTO helps to calculate how quickly you need to recover your IT services following a disaster before operations are restored. This can dictate the preparations you need to implement and the budget you’ll assign. For example, if your RTO is only five hours, you may need to ensure a higher level of preparation and a bigger budget to ensure systems can be recovered quickly.
However, you need to keep a couple of things in mind. Firstly, you’ll need to base these time measurements on an application-by-application basis, not on a server-by-server basis. Secondly, the timing starts when the application goes offline and doesn’t restart again until end users can effectively access and use the system again.
Determining a time measurement may sound simple – just ask the users right? But the reality is, even those using the simplest of systems will declare they can’t do without them for more than a few minutes! However, once all users do decide on a reasonable time, you’ll need to combine the individual time estimates for each set of applications on a single server.
In the world of Windows, there may be only one large application on a server, so it’s relatively easy. However, with other systems, there could be dozens of applications on each server. If this is the case with your organisation, you’ll first need to determine if any applications take precedence over others on the same server. If yes, use that application’s RTO as it will no doubt have the smallest RTO threshold.
Once you’ve determined the RTO, it should be combined with other factors like Recovery Point Objectives (RPO’s) to determine which software and hardware solutions offer the closest match for your organisation’s data protection strategy needs.
Recovery Point Objective (RPO)
This metric is a measurement of the loss tolerance of your data, and it is determined by the time between your data backups and the amount of data that could be lost in between those backups due to a disaster. It can also refer to how much data can be lost before your business is significantly harmed, which is also known as your business’ ‘loss tolerance’.
Because data use has fewer variables and is largely consistent, RPO’s are generally easier to implement than RTO’s. However, because restore times are calculated on your entire organisation and not just your data, the opposite is also true.
RPO is significant because in most cases, you’re likely to lose some data — even if it’s backed up in real-time. For example, if you back up data every day at midnight and a disaster occurs at 8am, you would lose eight hour’s worth. If your RPO is 24 hours or longer, your data recovery strategy is in good shape. But if your RPO is eight hours, you’re not!
If you can negotiate a flexible RPO there are a variety of options, including hardware-based mirroring, software-based replication systems and other snapshot tools. These can often be mixed and matched to create a solution that meets RPO’s from a few minutes to several hours. They can also be applied to individual data systems giving them the ability to handle different systems with different RPO estimates.
What Are The Main Differences Between Them?
The major difference between the two metrics is their purpose. RTO is usually large-scale and involves your whole business and the systems involved. RPO focuses solely on data and your company’s overall resilience to the loss of it.
The costs associated with maintaining a demanding RTO may be greater than those of a granular RPO, because RTO involves your entire organisation’s infrastructure, not just data.