5 Top Recovery Time Objective (RTO) Trends 

Time! Most people don’t have enough of it. They wish they had more. There is never enough time. 

They wish they had lived in an earlier era or could turn back time and fix the errors of the past. People are obsessed with time and all its manifestations. 

And so it is with time for recovery. People want their data back now. They won’t stand for any delays. They often specify a recovery time objective (RTO) of zero. Easy enough to specify but expensive to achieve. 

See below for some of the top trends in recovery time objectives: 

1. Immutability and isolation 

Ransomware has turned the entire world or IT on its head. Backup and recovery are no exception. 

As backups are easy to infect, those wishing to recover data quickly need to take malware into account. 

“To meet RTO demands, customers need to consider isolated recovery environments or immutable solutions that can protect backup copies from ransomware attacks,” said George Crump, chief product strategist, StorONE

“The ever-present ransomware threat forces IT to rethink how they meet recovery point and recovery time objectives.”  

2. Near-zero RTOs 

The overwhelming trend is for people to demand ever smaller RTOs. 

If they can recover in days, they want it in a few hours. If they can make it in an hour, they want to take it down to a few minutes. 

“Organizations are increasingly willing to spend more to shorten their recovery times,” said Vasilii Zorin, senior project manager, Acronis

“Companies need speedy recovery in case of disasters, as they heavily rely on IT systems to facilitate effective work of distributed teams in a hybrid environment. Organizations cannot tolerate hours or days of downtime. They should be able to restore operations in a matter of minutes.” 

3. Zero RTOs

Recovery technology has matured enough, costs have come down enough, and business needs require a zero RTO without compromise, according to Jason Lohrey, CEO, Arcitecta

Easier said than done. Lohrey laid out an all-too-common scenario for what typically happens when an end user needs to recover data in an enterprise environment. 

First, they need to submit a request to the IT department to recover lost data. The IT department will ask what the name and path of the file was and when it existed. 

Humans are not precise, so they will say, “I think I had it sometime last week, although it could have been the week before.” That kicks off a process whereby the IT department searches through each backup set and then restores them to look for the lost file. The end user then remembers they renamed it sometime last week. 

“The typical process of recovery from backup is not self-service, nor is it simple, and it certainly does not achieve an RTO of zero,” Lohrey said.  

In file systems where there are snapshots, an end user can locate lost files themselves. But they still need to know which snapshots to look in and where to look. Better than backup, recovery via snapshots does not achieve an RTO of zero.

“New approaches to file systems and data systems will provide self-service access to end users, the ability to instantly seek to any point in time and find files whenever and wherever they existed without requiring help from IT and that is exactly how it should be,” Lohrey said.

4. Testing of RTO 

It is one thing to specify an ambitiously low RTO, another thing to buy and deploy technology that is designed to provide it, and another thing entirely to actually achieve it in the real world. 

Testing is how you find out if you are anywhere close to meeting your stated objectives. 

Organizations should test far more often, validate their recovery periods, and verify if they can recover all their data in a timely manner, said Laura Shafer, senior director of product marketing, 11:11 Systems.

“For some organizations, that may mean providing application testing and end-user testing,” Shafer said.

“For others, it may involve scenario- or event-based testing where the IT team simulates a common situation and then validates recovery. For example, recovering from your latest point in time to simulate a power outage or hardware failure or from a previous point in time to simulate a ransomware or other security event.” 

5. RTOs and geography

RTOs set without an understanding of the location of data will have trouble. 

The maximum tolerable length of time of an outage as set by the RTO may be achievable on home turf. But what if data is geographically distributed? What if that data is spread across the face of the earth? 

Latency factors can make RTOs hard to meet. And there is the factor of being able to find where the data is located and where it was backed up to before you can recover it.  

IT teams should take advantage of clustering solutions that can fail over across geographically separated nodes or cloud regions and availability zones, said Ian Allton, solutions architect, SIOS Technology.

This is a good way to ensure low recovery time objectives can be met in a dispersed data environment. 

Drew Robb
Drew Robb
Drew Robb has been a full-time professional writer and editor for more than twenty years. He currently works freelance for a number of IT publications, including eSecurity Planet and CIO Insight. He is also the editor-in-chief of an international engineering magazine.

Latest Articles

5 Top Security Assessment Trends in 2022

Think about the amount of information that is available today. It amounts to hundreds of zettabytes.  Yet, the bulk of security attention is aimed at...

5 Top Network Segmentation Trends in 2022

Storage has always used architectures that split large amounts of something into smaller segments.  There are disks, drives, partitions, physical and logical volumes, and logical...

Top Penetration Testing Trends in 2022

Penetration testing is growing in prominence.  Instead of defend, defend, defend against unseen attacks that could come from anywhere, a different view is needed: Look...