Data backup and recovery has two critical goals. The Recovery Time is the expected length of time between a system failure or a data interruption to be corrected. A crash that keeps employees from access to data for an hour is obviously less devastating than one that keeps employees from working for days. The Recovery Point describes the point in time at which a system and its data is protected. Both elements of data backup and recovery are critical in an overall data protection strategy.
Determining a recovery point can be tricky. There is an automatic assumption that the best recovery point is immediate and continuous. Clearly, having only five minutes of risk with data is better than five hours or five days, right? The answer might surprise you. For a company with minimal alteration of data, a day might represent acceptable risk. Many professional offices, for example, have critical data that is updated infrequently. A nightly backup might fully address the needs of the company. Other enterprises might have ongoing and constant data modification, making a much shorter recovery time necessary. Essentially, the number of updates and the cost of losing those modifications all must be factored into the calculation of the optimal recovery point.
The decision should be made as all business decisions should be made, by weighing the costs of implementing a strategy against the benefits. Backup and recovery costs include the software, its implementation, and the ongoing operations of its use. Certain software products may require an interruption in accessibility to the data or system downtime. All of these issues impact a company’s decision-making when determining the right point. In some cases, a recovery point may not be static. Monday through Thursday may allow for a twelve-hour acceptable risk while Friday may have critical data updates that may require multiple back-up procedures.
One of the problems companies face is that most of the data protection strategy analysis is done by software companies who create packages designed for a broad number of circumstances. This is effective for the software companies but is ineffective in terms of the operational management of a company. Each business has needs that should be addressed by the management of that business. Determining a recovery point should not be left to the functionality of a particular product or even to an IT department. Like any other aspect of business contingency planning, it is the responsibility of management to make the call.