Backup versus Archive – What’s the difference? - WST

You’re doing periodic backups of all your critical data and systems. Those backup data sets have a defined retention period, which means data will not be available after the expiration date of the backup set. There are many situations that mandate a data archive in addition to regular backups. That begs the question, “What’s the difference between a backup and an archive?”

Backup data exists for one purpose: data recovery. Backup files are used upon a disaster recovery (DR) event, a DR test, or possibly to recover individual files that have been accidentally deleted. The periodicity of your backups should be defined in your policy and reflected in settings in your backup tools. Backup data sets exist in a rolling window of time, directly related to DR policies. You may keep some data for ninety days, or possibly for a longer period of time, in order to be able to meet your Recovery Time Objective (RTO) and Recovery Point Objective (RPO) as determined by organizational DR policy.

Data archives exist for other purposes, but not for DR. There are many reasons to archive data, including for long-term historical retention of data for legal or regulatory purposes.

Email is a great example of data that you may wish to retain for a long period of time, whether defined by local, state, or federal regulators or by your internal retention policy. Even if a user deletes an email out of their mailbox, that information will be retained in your email archive per your retention rules.

Financial data is another good example of a data archive. If you archive your financial system data, you can re-establish a point-in-time financial position for your organization upon any legal or other requirement. HIPAA and SEC requirements for email retention are six years, which are typically much longer than you’re likely keeping email backups.

Think of your data archive as you would regard cold storage of paper copies of important documents. You won’t likely need immediate access to the data on a regular basis, but you have the important data in a secure location, with limited accessibility.

Review your archive requirements with your legal counsel and regulatory entities for each type of data in your organization.

Authored by: Bill Wallen, Security+, CBISO