One of the many lessons that I have learned during my 20+ years of working in IT is that sometimes it is best to avoid disclosing IT’s true capabilities to the end users. This is especially true when it comes to backup and recovery capabilities. While many users do handle data responsibly, there will inevitably be some users who fall into bad habits if they discover that deleted data can be easily recovered.
Data backups are intended to be a disaster recovery feature. When a user deletes data on a whim with the assumption that they can get the data back at any time, the user is essentially using the backup system as an archival mechanism. From the user’s prospective, aging data is archived (deleted), but can be retrieved at any time if the data is needed.
This type of behavior pattern is problematic for a variety of reasons. First, it wastes IT resources. The IT staff must spend time performing frivolous restoration operations rather than dealing with more important tasks.
Another reason why this sort of behavior is undesirable is because it increases the potential for data loss. If a user regularly deletes data and then requests that the data be recovered then it may only be a matter of time before a recovery failure occurs. Perhaps the user deleted the data before it could be backed up, or maybe the user needed an earlier version of the data that no longer exists within the backups. Whatever the reason, establishing user dependency on the recovery process is ultimately setting the organization up for a data loss event.
Of course this raises the question of how you can discourage users from taking advantage of the organization’s data recovery capabilities. This is why it can be a good idea to avoid telling users what the backups are actually capable of recovering. By doing so, users are more likely to believe that when they delete data, it is gone for good.
One idea is to make the user think that the recovery process is more difficult than it really is. I have heard of administrators telling users that they will try to get their data back, but that there are no guarantees. The administrator will then wait for a few days to restore the data and then tell the user that it was a difficult recovery and that they got really lucky. I have even heard stories of administrators telling the users that IT budget cuts have left them with an unreliable backup system.
Another thing that you might consider doing is establishing a penalty for user requested recovery operations. If the organization has a chargeback system in place then you can make data restorations a billable service. If the organization does not use chargebacks then you can make the recovery process undesirable for the user in other ways. For instance, you might establish a bureaucratic process in which users must fill out paperwork and get multiple approvals prior to submitting a file restoration request. This method has the added benefit of allowing the user’s boss (who is presumably signing the approval) to see first-hand just how often the user is requesting data restoration.
There is a fine line between preventing the organization’s data recovery capabilities from being abused and holding up a legitimate restoration request. A good compromise might be to provide users with self-service recovery capabilities. Most users are familiar with the Windows Recycle Bin, but some backup applications include a self-service portal that can be made available to users so that they may perform their own restorations. Regardless of the method that you decide to use, your goal as an IT professional must be to service legitimate recovery requests while also preventing time wasting frivolous requests.