How long should I keep backups?
I’m often asked how long people should keep the backups they make of their computer or its data.
After getting all excited that someone’s actually backing up, I come back to what boils down to my most common, and perhaps least helpful, answer: it depends.
It depends on a number of factors that range from your comfort level to your risk tolerance, as well as your personal back-up scheme.
To understand how long you might want to keep backups, we need to look at those risks.
When in doubt
If you don’t want to put a lot of thought into it, I would simply fall back to my two-month recommendation. In slightly more detail, that means:
- Perform monthly full image backups of your entire machine.
- Perform daily incremental images building on those full image backups.
- Keep backups for two months.
Without knowing more about your requirements, this represents a balance between recoverability — anything in the last two months can be recovered — and disk space — only two months’ worth need be kept.
It’s also what I do.
Implications of how long you keep backups
The key to understanding how long you want to keep backups is to understand exactly what happens after whatever time period you choose passes.
Let’s say you propose keeping for only three days. Exactly what happens then? What’s lost?
Think of each backup as a representation of your computer “as it was” when the backup was taken. As a result:
- Yesterday’s backup: everything on your machine as it was yesterday.
- The day before yesterday’s backup: your machine as it was two days ago.
- The day before that: your machine as it was three days ago.
Your machine as it was four days ago? Well, if you only keep backups for three days, then that backup was deleted to make space. Older versions of anything that changed in the three day window will be lost.
Let’s look at some examples of what that implies.
Let’s say your machine becomes infected with malware. As I’ve stated many times, restoring to a recent backup taken prior to the malware’s arrival is probably the fastest and most reliable way to completely remove it.
Ideally, you would notice quickly, and restore the previous day’s backup.
But… what happens if you fail to notice for, say, a week? Perhaps you don’t use your computer for a while. Maybe it takes a week to figure out that the odd behaviour you’re experiencing is, indeed, malware.
With only three days of backups, all you have is a backup of your machine as it was three days ago — after the malware arrived. That backup — in fact, all three backups you have — are infected. You no longer have a clean backup you can restore to.
Accidents happen, and sometimes we change our minds.
Let’s say on Monday you delete a file you believe you no longer need. You’re done with it, or so you think.
Then, later that week — perhaps Friday — you suddenly realize that not only were you not done with it, but it turns out to be critical.
With three backups, you have backups of your machine “as it was” on Thursday, on Wednesday, and on Tuesday. But not on Monday. As a result, you no longer have a back-up copy of the file you deleted: it’s gone.
Either software or hardware can fail in such a way that a perfectly good file can be damaged so it can no longer be opened or used. The file may be present, but it contents are so much garbage.
As above, let’s say on Monday your computer experiences an unexpected power loss, and shuts down without warning.
Come Friday, you suddenly realize that a file you rely on to perform some end-of-week processing every Friday can no longer be opened — the application that tries to open it reports it as being broken, or of the wrong format. It looks like that power problem earlier in the week caused your hard disk to damage the file beyond repair.
Once again, with only three days of backups you have your machine “as it was” on Thursday, on Wednesday, and on Tuesday.; all afterthe damage had happened. You no longer have a backup copy of the undamaged file.
So, how long should you keep backups?
As I said, there’s no general rule I can apply that would make sense for everyone.
Clearly, the first few days are important. Things like lost files, malware and the like are often discovered very quickly, and typically you’ll need go back only a day or two when that’s the case. Of course, a sudden and total hard disk failure makes itself known quite quickly.
In situations like that, a three-day proposal is quite sufficient.
The questions I’d have you ask are:
- How confident are you that you’ll discover whatever it is you might want from your backup within those three days?
- What would be the cost — be it monetary, emotional, or just the time to re-create it — should you be unable to recover something because you didn’t discover you needed it before your three-day backup period passed?
- Is there any reason you can’t just throw more disk space at it and increase the number?
I’m using the three-day proposal as my example here, but the questions apply for any time period you might choose to keep backups, be it three days, three months, or three years. For various reasons and in various situations, the proper retention period could be any of those, or even longer.
Ultimately, I can’t answer this question for everyone, but hopefully I’ve given you a few things to think about.