A terribly confusing survey was recently published in eWeek, but the survey at least touches upon an important topic. The main idea is that companies are not deleting data as securely or often as they should. The survey tries to emphasize that “data retirement” is not the same as data deletion, data erasure, or data destroying. To me, it sounds like words all describing the same thing.
What typically gets talked about in industry circles is how to securely store data for long periods of time. Where do we put it, how can we keep it safe. But companies are also struggling to get rid of data. If data is never going to be accessed again, it should be deleted. There’s no reason to hold onto it. Some industry regulations mandate that data be “retired” or deleted after a set period of time, to protect sensitive information. Companies need to figure out how to dispose of this data securely and effectively. Manually going through TB’s of data to determine what should go is a poor option.
StorFirst EAS has built-in, automated measures that help companies retire data from an archive when companies determine that data is no longer needed. Within our software, there’s two options related to data retirement that we’d like to clarify: lifespan policies and retention policies.
*Keep in mind: As data passes through the StorFirst file system, the software will send a copy of each file to EACH tier in the archive infrastructure (like disk, tape, and cloud).*
Lifespan policies are assigned for each individual tier. This means that when the StorFirst EAS Auto-Purge job moves throughout the tiers of storage, looking for data to purge, data that has exceeded the assigned lifespan policy for that volume will be purged. When we say “purge,” we mean that the data still exists on other storage tiers and within our file system. Data has only been removed from a specific tier. Lifespan has more to do with data reduction, in that it allows companies to remove data from more expensive, high-speed storage once the value of this data decreases over time.
Retention policies, on the other hand, cover the entire file system and are designed to protect against manual deletion. By setting the retention policy to Permanent, users will never be able to manually delete data; data can only be deleted through the Auto-Purge job. “Deletion” means that the data has been removed from all available tiers and the file system.
This feature is great for compliance-driven environments (healthcare, government, legal, etc.) that require data to be held, as it prohibits manual deletion of information until the set retention period has expired. The retention settings span from 0 days (meaning data can always be manually deleted) to Permanent (meaning that data can never be manually deleted).
