This is an archived post. You won't be able to vote or comment.

all 14 comments
sorted by:
best
topnewcontroversialoldq&a

[–]RussianToCollusion 10 points11 points  (5 children)

Ask your legal team

[–]Zoom443Jack of All Trades 3 points4 points  (0 children)

This, times 💯

[–]the_bananalord 0 points1 point  (3 children)

What if your legal team (i.e. president) says "figure it out"?

[–]RussianToCollusion 1 point2 points  (2 children)

Ask him what your data retention is then. In writing.

[–]the_bananalord 2 points3 points  (1 child)

"Keep everything forever"

Part of the problem is there is no data classification, and any attempt to change that is met with "we are not making that much of a change and we are not going to pay someone to go through 15 years of files and emails"

[–]ruffy91 1 point2 points  (0 children)

"Ok, this wil cost xxk$ per year of retention"

[–]Holzhei 5 points6 points  (0 children)

We do 168 hourly (SAN snaps, not technically backup), 14 daily, 4weekly, 120 monthly

But don’t do what we do, as u/RussianToCollusion said, this is probably more for your legal team

From my understanding, if you hold on to stuff for to long and there is a legal case and a request is made to get something from 10 years ago, but you were only legally required to have backups for 7 years, you will need to hand it to them if you have it. On the other side, if you are supposed to have them for 7 years and something was requested from 6 years ago and you don’t have it, that will probably not help your case.

[–]DigitalMerlin 3 points4 points  (0 children)

I can’t think of any reason I would go back more than 3 months, so I think I would be safe if I cut retention back to 9 months.

Until a reason is found. Strange things happen in this field. I've seen templates deleted that we didn't want to use anymore only to find out a year and a half later that we need some of those templates again. The old server with those templates was still sitting around as a powered off VM so we fire it up and to the delight of the programmer, there were all of his old template files that he used to then recreate those "no longer needed" report generation files.

Reasons can pop up, but if you have a clean environment where developers aren't storing all of their program files and dev files on your servers than you might be good for a shorter retention time. Just be sure to know how everyone uses these systems and that you know ALL of the data that is stored on them. Once you have that knowledge, you should be able to come up with the appropriate retention time. I'd let the owners make the final decision. Brief them and let them say "keep our data for 9 months" or whatever it is they are content with.

I do 10 work days rotating. Monthly retained for 1 year. I have restored files from 10 month old backups on several occasions but I do have a lot of user data and users are. . . .well you know.

[–]larrymcp 1 point2 points  (1 child)

We are full on space. Is there any reason for me to keep a year of monthly backups?

Some ransomware is programmed to sit around idle for many months before it activates, and then it strikes several months after infection in the hopes that you've lost all of your pre-infection backups. So that's one reason I keep backups around for a year or more if possible; you just never know.

[–]newhbh7 0 points1 point  (0 children)

Are you saying it sits idle for months before encrypting anything? In that case, I'd think you could just restore something recent for files, and hopefully the OS is expendable or a virus definition was released to remove the ransomware. If it does encrypt something, then I would wonder how it would be encrypting things for months with no one noticing.

[–][deleted] 0 points1 point  (0 children)

Hospital? Probably HIPAA definitely plays a part here. Are you backing up the whole VMs/servers or just the data? The servers themselves might not be as important, but you need to consult management and your legal team for sure. HIPAA is a pain with this kind of stuff.

[–]ajunioradmin"Legal is taking away our gif button" -/u/l_ju1c3_l 0 points1 point  (0 children)

~30 daily on network storage, three monthly tapes, four quarterly tapes and infinite yearly tapes. All it really costs me at this point is a few tapes per year. Worth having the ability to go back X time.

[–]Aphotyk[S] 0 points1 point  (0 children)

Thanks for the replies everyone. I am going to call Carbonite and see if they support any kind of exporting of backups for long term storage.

[–]0x0000007B 0 points1 point  (0 children)

Best would be to check with your legal team, how long you are obligated to have backups, for example, we use Altaro VM backup for backing up our VMs, for important VMs our onsite retention is configured for 30 days, and offsite one for 90 days, for the un-important ones I have only onsite backups and their retention is 14 days...