Ask anyone in IT, “What kind of recovery time objectives (RTOs) and recovery point objectives (RPOs) are you looking for?” and odds are they’ll answer, “As small as possible!” But show them the price tag for continuous data protection, and they’ll quickly change their tune: “Forget the near-instantaneous goal, how about 24 hours?” In the real world, where budgets matter, you have to find the right balance of price and protection for RPOs and RTOs.

The first step to finding this balance is evaluating your tolerance for downtime for each workload. What applications and data absolutely must be available at all times for your business to function? Which are less vital but still require protection? Depending on priorities, you can choose from a wide range of options, and typically, the optimal strategy involves a mix of different RPOs, RTOs and backup / disaster recover (DR) platforms.

Backup and DR are both points on the same plane. Here’s a simplified snapshot of the spectrum.

As you can see, costs increase as RTOs and RPOs decline. The faster the recovery, the pricier it is. So you have to be judicious in figuring out what’s worth paying for.

The National Institute of Standards and Technology (NIST) has a good framework for helping you determine your RPO/RTO needs, charting the point at which the cost to recover and the cost of disruption meet.

(Source: NIST Special Publication 800-34 Rev. 1 Contingency Planning Guide for Federal Information Systems)

In most cases, the best solution is a mix of RPOs and RTOs chosen for the varying needs of your workload. Say you have 100 virtual machines (VMs), of which only two are super-critical. It’s worth paying for very low RPOs and RTOs for those two VMs, but there’s no need to spring for Cadillac protection for the other 98.

For example, let’s say you’re in a business where, if your ERP is down, people can’t enter or fulfill orders, and the business comes to a standstill. Downtime of even 20 minutes can have a significant impact, and anything longer creates real problems — idled call center employees, angry customers and a hit to your brand reputation.

By contrast, if email is down for a few minutes, for most organizations, it’s no big deal. If it’s down for an hour or two, it’s not good, but it’s also not catastrophic. Your company can live with it. However, if it’s down for a whole day or more, you’re probably hosed.

That’s why an inventory is essential. Every business is different, so you have to figure out which systems you can’t function without, and how much risk you face if they’re unavailable. So if you conclude that, so long as you can get these five systems back online within a few minutes, you’ll can wait several hours to restore the rest. In that situation, you protect those five systems with CDP, and opt for one of the more typical backup tiers for the rest.

Creating and executing an availability strategy are essential, but it can be a complex undertaking. Handling it in-house requires backup and DR experts who are familiar with multiple systems so they can recommend the proper level of protection for each workload at the right price. If you need Veeam, you’ll have to have those skills in-house as well.

That’s a lot of expertise to expect from an IT staff who might deal with these issues only occasionally. It’s also a lot of work — you’ve got to manage it all, and, if you’re doing offsite DR,  another data center site. When you factor in the staff time that goes into recovery and the cost of any downtime, the DIY approach can be pricier than using a managed service provider (MSP).

For cloud pricing, click here!