A data retention policy is a guideline on how to retain, retrieve, or discard data in an organisation. A good, properly scheduled retention plan helps to achieve compliance, control costs, and it can allow you to recover data safely when needed. This blog looks at how to develop a database backup retention policy.
The primary concern with database backups is disk space (unless there is unlimited space, in which case there is no need to delete any copies). Browsing through a large number of backups can be a challenging and time-consuming task. Since space is often costly and trying to find your way through a ton of files is time-consuming, knowing when to delete an unused backup is important.
The decision on what to archive and what to delete depends on the policies set within the organisation. This blog will take a look at well-known retention policies and provide some tips on the duration of backup retention.
Backup Archive - Grandfather - Father - Son (GFS) Rotation Scheme
GFS retention policy is a backup rotation scheme for long-time archiving and used by many leading solutions. All backups in a GFS rotation scheme are full backups of the entire system with a specific date. When you are running low on space, the GFS rotation scheme lets you select one of the daily full backup and rename a weekly backup. Now, this backup will be used for making the daily backups and at the end of the second week, pick another copy of the daily backup and rename it again as the weekly backup. You will notice you have two categories of backup sets, daily backup sets and weekly backup sets.
After four weeks you will pick a copy of the weekly backup and rename it to the monthly backup and then reuse the weekly backups for the upcoming months. The weekly backups are referred to as “sons”, the monthly backups are “fathers” and the yearly backups are “grandfathers.”
This rotation continues allowing you to have sets of daily, weekly, and monthly backups. You will notice, however, that down the line you have too many backups archived and might run out of space. What to do with these backups is called an archiving policy.
Backup Retention Duration
Backups cannot just be disposed of based on its dates, as it may contain important information for that time period. The retention duration of a backup solely depends on the rules and regulations of the organisation. Some organisations may choose to move the selected data to another media or cloud environment for further retention.
Before you dispose of a backup the retention period must be decided. Retention periods are defined by the number of days the backups should be maintained. When duration exceeds retention days then data can be tagged as “aged” and moved to another location or be disposed of.
You must also check on the compliance requirements of your industry or type of data when making these determinations. Once the retention schedule has been decided, then it can be tagged to metadata on the backup file. IT administrators can then delete the backup based on the metadata manually or it this information can be picked up by tools to perform the deletion.
Data Backups & Compliance
Backup retention policies should also consider the regulations of the region on data protection like the General Data Protection Regulation in the European Union. The organisation's retention policy should clearly state which database backups have to be retained and never deleted. Similarly, it should also define the type of sensitive user data that can be maintained as part of the backup and how long it can be kept.
Another option would be to consider having the backups deleted automatically using scripts or external tools like ClusterControl.
Backup Retention Recommendations
- Backup retention should always consider the backup datasets, backup type, and backup frequency. These items should be included in the backup retention policy. Your backup can have the full dataset, but maybe only certain types of data is critical to operations. In this case, try to have another backup just for retention.
- If your organisation has incremental backup data, then always keep a full copy of the database because you won’t be keeping all the incremental sets for long periods of time.
- Try to keep a copy of the last backup easily accessible for immediate access during a recovery.
- It is good to maintain at least three copies of backup and have the older backups deleted by a tool or scripts.
- Retention duration and the backup frequency might not be the same for all, it depends on what type of data is crucial for the organisation’s operation. Therefore it is wise to decide what data needs to be backed up and what needs to be retained.
- This policy, once complete, should be well communicated to all the employees who engage with data and any authorities / admins who have access to the database.
A backup data retention policy should be drafted way before any backup procedures are put in place. It should spell out the archiving policy, retention plans, backup disposal, and archival methods. It must also meet any compliance regulations per your region or industry guidelines.
Having a backup retention policy does not only save storage space (which saves costs) but it directly ensures a high level of data protection.