When a file (or other data object) is deleted by a system or user action, no copy of the deleted data SHOULD be kept longer than 90 days.
Many systems implement "safety net" copies of data that is deleted (aka snapshots). This copy of deleted data can provide fast, simple, and self-service data recovery from accidental deletions, malicious actions ( malware / ransomware / hacker ), as well as business resumption & disaster recovery scenarios. However, there is no standard default and systems implement this to different default timelimits. Examples:
Keeping deleted data available for discovery incurs a risk for the institution. Likewise, not keeping a 'safety net' copy also incurs a risk.
Keeping deleted data for long periods of time also can be a significant cost for the storage platform. Systems where the data remains until 12 months after the delete was requested are operating with up to 20% additional storage hardware costs.
What will this affect: systems for general purpose storage: Nebula GPFS filesystem, Udrive, all new general purpose storage systems ( an EA exception can be requested )
Risks: Some data will be un-recoverable when asked if a copy exists after deletion.
Risk, Information Security
|System owner for Nebula, UDrive, Bronica GPFS|
|Brian Arkills||System manager for Nebula|
|System manager for UDrive, Bronica GPFS|
|Eric Horst||Infrastructure Architect|