A re-post of a posting at b2bsol.com.
Too many organizations do not have adequate protection of their data and are susceptible to data loss. While security is important and you might think this post is about implementing policy to limit your exposure to hacking, I am talking about something much more basic than that–I am talking about database backups. A database backup is the first step in ensuring data availability and limiting exposure to corruption or human error.
What kind of backup strategy do you need? Well, what is your tolerance for data loss?
To help you answer this question, there are two components you need to consider.
RPO – Recovery Point Objective
TechTarget defines RPO as “the age of files that must be recovered from backup storage for normal operations to resume if a computer, system, or network goes down as a result of a hardware, program, or communications failure.” My definition would be something like–the moment in time you want to be able to restore to. If you experience corruption or disk failure, how close do you need to get to that point in time? Defining this metric–which will vary from system to system, will give you your RPO.
RTO – Recovery Time Objective
TechTarget defines RTO as “the maximum tolerable length of time that a computer, system, network, or application can be down after a failure or disaster occurs.” My definition would be–The time needed to restore a system to usable functionality. I should note this time would include the alerting and response of your team if user intervention is required.
It would be easy to say, I want less than 1 second of data loss (RPO) and less than 5 minutes of downtime (RTO); however, don’t expect to pay TGIF prices for Ruth Chris service. Microsoft has made great strides in giving SQL Server many options for High Availability and Disaster Recovery and the ability to keep the system up ; however, none of these solutions remove the requirement to take backups. The amount of history you keep will depend on your business requirements and the costs associated with keeping that storage.
If your organization does not have the RPO and RTO points defined, it is definitely time to make it happen.