How to Lower Your Agency’s Recovery Time Objective

Unlock Exclusive Cybersecurity Insights

Complete the form below to be redirected to CDW's exclusive proprietary research report on Cybersecurity. Once the form is submitted, you’ll be opted into our Security email stream.

Establishing an Agency’s RTO Needs

An initial RTO conversation covers the agency’s IT environment and which apps, data and systems are mission-critical. That information is helpful in determining which assets need their service restored first in the event of an incident.

Missions and priorities vary across. Consider an agency that manages a nationwide healthcare database essential to a subset of the population: How long can that database stay down before lives are put at risk?

RTOs vary in timespan from days to hours to mere minutes in the most critical of cases. Some backups reside in cold storage with a cloud provider or on tape, which increases the RTO.

Knowledge Is Power When Boosting RTOs

Sometimes improving an agency’s RTO is simply a matter of drawing up a data or cyber resilience strategy, but in other cases an agency wants to ensure high availability in case of a cyber incident.

There are different strategies for ensuring files can be recovered quickly, such as improving the time it takes an agency to understand that a ransomware attack has occurred, which assets were impacted and how old a backup needs to be for a clean restore.

This information is not always readily apparent during a cyberattack, which can result in agencies needing to conduct three or four recoveries because they failed to go back far enough on the first attempt. Dwell time — the time an attacker remains undetected within a network after gaining access — can range from weeks to years, so speedy digital forensics are essential.

Sometimes an agency is only 75% confident that going back to a certain state will return things to normal, and while that may be good enough for many organizations, it’s not good enough for all. To put things in perspective, CDW Government assists with estimating the cost of downtime, so agencies understand whether the solution they’re choosing is significantly cheaper than the alternative: lack of service.

DISCOVER: HardSec protects data in the quantum era.

How to Improve Recovery Time Objectives

While an analyst’s trained eye is still needed in forensics, artificial intelligence is changing the RTO equation because it should soon be able to make accurate correlations faster than humans. False positives persist, but security vendors are currently in an arms race to deliver AI-enabled forensics backed up with the highest level of assurance. RTOs will likely drop dramatically when that happens.

Even traditional data center players are introducing AI functionality, because backups they store are primary targets for bad actors looking to hold agencies’ data captive. Today, backup strategies are more focused on ensuring data is protected, available, unalterable and immutable.

An agency may opt to add one of CDW Government’s visibility offerings, such as security information and event management or security orchestration, automation and response, in order to help determine recovery points.

Adopting a zero-trust security posture is key to understanding what endpoints and workloads in the IT environment are doing.

Remember, an agency’s RTO is zero if it is aware a cyber incident is occurring and can quickly shut it down.

This article is part of FedTech’s CapITal blog series.