Unlock Exclusive Cybersecurity Insights
Complete the form below to be redirected to CDW's exclusive proprietary research report on Cybersecurity. Once the form is submitted, you’ll be opted into our Security email stream.
See how IT leaders are tackling AI opportunities and challenges.
Agencies need to improve their recovery time objectives for applications, data sets and systems to ensure they continue to operate in the face of increased threats to their IT environments.
Recovery time objective (RTO) refers to the maximum amount of time acceptable for an enterprise to restore service to a mission-critical IT asset after an outage, disaster or cyberattack by a bad actor or insider threat.
Traditionally, RTOs went hand-in-hand with backup and recovery plans, and while they are still a factor, agencies should work with an industry partner to assess how their missions and objectives impact desired uptimes for apps, data and systems.
CDW Government assists agencies with developing RTO strategies and providing solutions to support them. The costs of long downtimes can extend beyond dollars, even leading to lives lost in instances where troops are deployed in war zones.
Complete the form below to be redirected to CDW's exclusive proprietary research report on Cybersecurity. Once the form is submitted, you’ll be opted into our Security email stream.
An initial RTO conversation covers the agency’s IT environment and which apps, data and systems are mission-critical. That information is helpful in determining which assets need their service restored first in the event of an incident.
Missions and priorities vary across. Consider an agency that manages a nationwide healthcare database essential to a subset of the population: How long can that database stay down before lives are put at risk?
RTOs vary in timespan from days to hours to mere minutes in the most critical of cases. Some backups reside in cold storage with a cloud provider or on tape, which increases the RTO.
Sometimes improving an agency’s RTO is simply a matter of drawing up a data or cyber resilience strategy, but in other cases an agency wants to ensure high availability in case of a cyber incident.
There are different strategies for ensuring files can be recovered quickly, such as improving the time it takes an agency to understand that a ransomware attack has occurred, which assets were impacted and how old a backup needs to be for a clean restore.
This information is not always readily apparent during a cyberattack, which can result in agencies needing to conduct three or four recoveries because they failed to go back far enough on the first attempt. Dwell time — the time an attacker remains undetected within a network after gaining access — can range from weeks to years, so speedy digital forensics are essential.
Sometimes an agency is only 75% confident that going back to a certain state will return things to normal, and while that may be good enough for many organizations, it’s not good enough for all. To put things in perspective, CDW Government assists with estimating the cost of downtime, so agencies understand whether the solution they’re choosing is significantly cheaper than the alternative: lack of service.
DISCOVER: HardSec protects data in the quantum era.
While an analyst’s trained eye is still needed in forensics, artificial intelligence is changing the RTO equation because it should soon be able to make accurate correlations faster than humans. False positives persist, but security vendors are currently in an arms race to deliver AI-enabled forensics backed up with the highest level of assurance. RTOs will likely drop dramatically when that happens.
Even traditional data center players are introducing AI functionality, because backups they store are primary targets for bad actors looking to hold agencies’ data captive. Today, backup strategies are more focused on ensuring data is protected, available, unalterable and immutable.
An agency may opt to add one of CDW Government’s visibility offerings, such as security information and event management or security orchestration, automation and response, in order to help determine recovery points.
Adopting a zero-trust security posture is key to understanding what endpoints and workloads in the IT environment are doing.
Remember, an agency’s RTO is zero if it is aware a cyber incident is occurring and can quickly shut it down.
This article is part of FedTech’s CapITal blog series.
Copyright © 2025 CDW LLC 200 N. Milwaukee Avenue, Vernon Hills, IL 60061
Do Not Sell My Personal Information