In 2011, Acronis, a backup and recovery solutions provider, launched a Global Disaster Recovery Index for small and medium-sized businesses to measure IT managers’ confidence in their backup and recovery operations. Notably, businesses in the United States scored poorly in their confidence in their ability to execute disaster recovery and backup operations in the event of a serious incident, either in their own environment or a third-party cloud environment.
As companies move various functions to a cloud environment, they can increase their confidence by contractually agreeing to data backup and recovery requirements with their cloud providers. Indeed, customers can specify, as a service level or other contractual requirement, the (a) recovery point objective (“RPO”), which is the point in time to which the provider must recover data, and (b) recovery time objective (‘RTO”), which defines how quickly the provider must restore the data to the RPO.
Too often, however, companies sign cloud agreements without clearly specifying these metrics. Indeed, when a disaster or disruption occurs, many companies are surprised to find their contracts silent on these metrics, and the cloud provider operating under a much less stringent RPO and RTO than the company expected.