Regarding Backups

Links

Windows Server Backup automatic disk usage management

What files, file types, and folders to exclude from user folder backup?

https://github.com/ndemou/scripts/blob/master/cleanup-windows-backups.sh

RTO, RPO, MTO

RPO = how much data loss/re-entry is tolerable (expressed as a time: "At worst, the business accepts losing/re-entering 1 hour of data")

MAO = how long the business process can survive without working IT systems

RTO = how fast the IT system should be back in working order (must be shorter than MAO)

Example business process: Customer order fulfilment

The business receives customer orders, checks stock, reserves inventory, creates delivery notes, issues invoices, and updates customer/accounting records. This process needs the ERP because the ERP holds stock, customer, pricing, order, warehouse, and invoicing data.

10:00 Outage starts & ERP becomes unavailable

RPO = 30 minutes : At worst, the business accepts losing/re-entering transactions from 09:30–10:00

RTO = 1 hour : ERP should be restored by 11:00

MAO = 2 hours : After 12:00, the outage becomes unacceptable for order fulfilment

The time element of backups

(from https://consulting4sec.medium.com/business-continuity-criteria-in-data-backups-rto-rpo-and-mtpd-f7103440ff)

Returning from data backups or replication after a possible disaster is everyone’s primary plan. However, here the “Time” factor comes to the fore. It is of great importance how long the backup takes the replication and how long it can return. Therefore, RTO, RPO, and MTPD processes are critical processes.

What is Recovery Time Objective (RTO)?

The Recovery Time Objective (RTO) defines the period of time following disruption that the organisation aims to recover or resume its activities, production or service provision. In other words, it is the return time from the Backup. RTO with ISO 22301 Definition; The time to restart the Product or service, to restart the Activity, and to recover Resources, following an incident of the breach.

The backup method, backup environment and hardware play an effective role in this process, the Recovery Time should be shorter than the defined period of disruption. The RTO may be different for each threat or risk you envision.

What is Recovery Point Objective (RPO)?

The Recovery Point Objective (RPO) defines the point to which information used by an activity must be restored to enable the activity to operate on resumption. RPO is the time period between the time of the Disaster and the time when the last backup or replication is provided. Since the data within this period cannot be reached, it carries a very high risk.

For example, let’s assume that you take backup at 02:00 every night, if your system fails at 11:00 during the day, you will have a loss of 9 hours.

If you only take 1 backup per day, your maximum RPO is 24 hours. This is very risky in critical systems.

What is the Maximum Tolerable Period of Disruption (MTPD)?

Maximum Tolerable Period of Disruption or MTPD is the maximum allowable time that the organization’s key products or services is made unavailable or cannot be delivered before its impact is deemed as unacceptable. The time-period that could be endured as a result of disruption before being deemed unacceptable. From the point that disruption occurs, it may be possible to continue operating, but the service levels may not be as high as you normally operate.

If the possible downtime exceeds the defined MTPOD value, the institution suffers serious damage. The damage can be financial or corporate reputation.