In the past, there wasn’t a lot of flexibility and customization in backup and recovery services. Today, our services adhere to two different metrics: recovery time objective (RTO) and recovery point objective (RPO). RTO is defined as the duration of time and a service level within which a business process must be restored after a disaster. RPO is the maximum allowable period during which data might be lost due to a major incident but is not a direct measure of how much data might be lost.
For some businesses, RTO must be as short as possible. Companies that depend on orders or uninterrupted access to the network (for example, financial institutions, retailers, media companies, and entertainment companies) will want a very short RTO. Other businesses may be trade-off a lower cost against RTO of an hour or more.
Likewise, reduced RPOs become more costly as the criteria for minimizing data loss increases. Most companies can assign different RPOs to different tiers of applications. They often reserve shorter RPOs for mission-critical applications that might also be subject to industry data and application compliance regulations. They’ll use longer RPOs for operational or back-office applications that can sustain some data loss without catastrophic impacts on the business.
Service Level Agreements
One thing to keep in mind about SLAs: Most cloud providers don’t offer them on recovery services. There may be language that sounds like an SLA, but if you don’t see a guarantee based on specific RPOs and RTOs, the guarantee is vague and open to interpretation.
How Does a Cloud Provider Guarantee RPO and RTO Times?
Experienced, professional cloud providers continually audit and test their data centers and their own processes to ensure they can back their SLAs with demonstrated service levels. Many things go into ensuring a reliable, world-class backup and recovery service in the cloud, including:
• Operational excellence is based on the number of and consistent adherence to specific industry certifications, including the ITIL® v3 and ITSM standards; ISO-20000-1 certification (formerly ISO 9000-2001), which audits how a cloud provider delivers IT services; SSAE 16 Type II audits conducted annually to look at physical controls, security, and project management; FISMA-NIST; and the provision of and ongoing support of facilities built to support regulatory requirements such as PCI-DSS and HIPAA.
• 24×7 support that combines industry best practices, robust help desk tools, and extensive technical and engineering expertise.
• Service desk with dedicated support staff that provides: proactive and informed customer communications if a technical issue arises; prompt problem resolution along with change request processing; internal and external problem notifications, and the use of a Service Now Portal Ticket System for tracking processes.
• Customer Portal that provides access to essential information, such as infrastructure performance, problem and change activity, account information, and more.
The costs for a cloud-based backup and recovery service can be calculated once RTO and RPO numbers are assigned for network resources and applications. An experienced provider will guide you through this process with questions that will result in the most appropriate service-level agreements (SLAs).
For more insight, download “Five Key Considerations for Selecting Cloud Recovery Services,” a white paper from Allstream and Sungard.