
Getty Images
The importance of a data destruction policy
Data destruction policies increase backup efficiency, ease data management and help organizations meet compliance requirements for data storage.
Today's backup administrators work with larger quantities of data than ever. A data destruction policy is one way to prevent extraneous copies of data from becoming unmanageable.
High-capacity data storage is more affordable than in the past, with numerous cloud and hardware options to choose from. An unfortunate side effect of this can be that users no longer feel compelled to carefully manage disk space. Luckily there are many ways to streamline and improve storage processes -- especially with an eye toward efficiency.
On the surface, data destruction policies might not seem like part of a backup strategy. However, they can significantly affect the day-to-day administrative task of data backups. In this article, find out what a data destruction policy does, why it's important for backup and how to implement one at your organization.
What a data destruction policy does
In practice, a data destruction policy should outline what types of data to permanently delete and how to do it. Parameters for what data to delete will vary by organization, but data destruction policies generally seek to achieve three goals:
- Ensure data security, especially regarding tape, drive and device disposal.
- Maintain regulatory and legal compliance for data security and retention.
- Maintain customer, employee and other stakeholder trust levels regarding stored information.
In addition to designating what data to destroy, policies typically also indicate the method of destruction. Common methods include logical destruction, which involves overwriting the data, and physical destruction of the storage media.
Data destruction policies and backups
In addition to regulatory and security concerns, data destruction policies have a material effect on backup and restore jobs. After all, the more data there is, the longer the jobs take.
Backup jobs consume valuable resources. Depending on the backup implementation, resources can include motherboard buses, intranet bandwidth and cloud connections. A well-thought-out data destruction policy helps keep resource consumption in check. The quicker the backup job completes, the sooner resources can be returned to the primary business functions.
Data destruction can also benefit the restore process after a disruptive incident. A good data destruction policy can help make sure that obsolete, duplicated and useless data isn't written back to a drive during a restore.
How to implement a data destruction policy
Backup admins and other IT personnel can take specific steps to get started with -- or maintain -- a backup-efficient data destruction policy.
First, find out if the organization has a data destruction policy in place. If not, determine whether industry regulations, security policies or other measures require one. If there is an existing data destruction policy, determine if it must meet any of those parameters. Consider appointing a sponsor to act as an active leader for the initiative and express concerns to upper management.
Next, evaluate what data exists and determine if it falls under the scope of the data destruction policy. Even if the organization does not handle confidential customer data, there are several types of files that are suitable for destruction. These files might include the following:
- Obsolete virtual machine images.
- Office productivity files, including documents, spreadsheets and presentations.
- Expired website files.
- Old on-premises data that now resides in the cloud.
- Unused and migrated databases.
Data classification can help determine what files are OK to eliminate. There are several ways to implement data classification, but to start, consider evaluating files for deletion based on type and date. Utilities like Microsoft File Server Resource Manager can be helpful, and some can even automate the process.
Common criteria for data destruction include the following:
- The age of the file or resource.
- The file source.
- Regulatory requirements for retention or deletion.
- Legal requirements for retention or deletion.
- If the data is an end-user file or organizational resource.
Consider who is responsible for data destruction. It seems logical to put end users in charge of cleaning up their own obsolete files, but they might not be aware of the importance of removing outdated resources. Automated processes help here, too, but run the risk of deleting files that users might need.
Damon Garn owns Cogspinner Coaction and provides freelance IT writing and editing services. He has written multiple CompTIA study guides, including the Linux+, Cloud Essentials+ and Server+ guides, and contributes extensively to Informa TechTarget, The New Stack and CompTIA Blogs.