Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

ID: EAA-001 

Title: Delete means delete (90 days)

Type

Guideline

Status

Proposal

Description

When a file (or other data object) is deleted by a system or user action,  no copy of the deleted data SHOULD be kept longer than 90 days.

Rationale

Many systems implement "safety net" copies of data that is deleted (aka snapshots).   This copy of deleted data can provide fast, simple, and self-service data recovery from accidental deletions, malicious actions ( malware / ransomware / hacker ), as well as business resumption & disaster recovery scenarios.   However,  there is no standard default and systems implement this to different default timelimits.   Examples:

...

Keeping deleted data for long periods of time also can be a significant cost for the storage platform.  Systems where the data remains until 12 months after the delete was requested are operating with up to 20% additional storage hardware costs.

Implications

What will this affect:  systems for general purpose storage: Nebula GPFS filesystem,  Udrive,  all new general purpose storage systems ( an EA exception can be requested )

...

  • Investigations of malware, ransom-ware, and accidental deletes need to be comprehensive in the files they review for being affected.  
  • System users and system designers need to consider data backup and data archive functions for their long term data storage requirements.
  • Nebula has been operating with only 2 weeks of snapshots visible to customers for about a year.  There have been ~ 10 requests for data > 90 days old.
  • Update all service catalog entries to clarify the retention policy for deleted files, and recommend other solutions for longer term data backup and archive needs.

Domains:

Risk, Information Security

References

See Also

Submitted by

DateSubmitterRole
 

Brad Greer

UW-IT CTO

Reviewed by

DateReviewerRole
 

Brad Greer

System owner for Nebula, UDrive, Bronica GPFS
 Brian ArkillsSystem manager for Nebula
 

David Cox 

System manager for UDrive, Bronica GPFS
 Eric HorstInfrastructure Architect
 

Rupert Berk

Enterprise Architect

...