Increase backup efficiency with a data destruction policy

Goals of data destruction policies

Data destruction policies generally seek to achieve three goals:

• Ensure data security, especially regarding tape, drive and device disposal.
• Maintain regulatory and legal compliance for data security and retention.
• Maintain customer, employee and other stakeholder trust levels regarding stored information.

Data destruction policies address these concerns, but they also have a practical impact on backup and restore jobs. After all, the more data there is, the longer the jobs take.

Backup jobs consume valuable resources. Depending on the backup implementation, these resources include motherboard buses, intranet bandwidth and cloud connections. A well-thought-out data destruction policy helps keep resource consumption in check. The quicker the backup job completes, the sooner resources can be returned to the primary business functions.

As you consider how data destruction affects backups, don't forget to think about restore processes. Restores almost always mean something has gone wrong, so you probably want this task to complete as quickly as possible too. That means ensuring obsolete, duplicated and useless data isn't written back to a drive during a restore.

How to implement data destruction

To get started with or maintain a backup-efficient data destruction policy, there are specific steps backup admins can take.

First, investigate whether a data destruction policy currently exists. If not, determine whether industry regulations, security policies or other measures require one. If there is an existing data destruction policy, determine if it must meet any of those parameters. To ensure there is an active leader for the initiative, consider appointing a sponsor.

Next, evaluate what data exists and whether it falls under the scope of the data destruction policy. Data types might include the following:

• Obsolete virtual machine images.
• Office productivity files, including documents, spreadsheets and presentations.
• Expired website files.
• Old on-premises data that now resides in the cloud.
• Unused and migrated databases.

Data classification can help determine what files are OK to eliminate. There are several ways to implement data classification, but to start, consider evaluating files for deletion based on type and date. Utilities like Microsoft File Server Resource Manager can be helpful, and some can even automate the process.

Common criteria for defining data destruction include the following:

• The age of the file or resource.
• The file source.
• Regulatory requirements for retention or deletion.
• Legal requirements for retention or deletion.
• Whether the data is an end-user file or organizational resource.

Consider who is responsible for data destruction. It seems logical to put end users in charge of cleaning up their own obsolete files, but they might not be aware of the importance of removing outdated resources. Automated processes help here, too, but run the risk of computers deleting files that users might need.

Damon Garn owns Cogspinner Coaction and provides freelance IT writing and editing services. He has written multiple CompTIA study guides, including the Linux+, Cloud Essentials+ and Server+ guides, and contributes extensively to TechTarget Editorial and CompTIA Blogs.