Preventing undesired deletes on protection storage using delete restriction with alerts for excessive deletes

What is claimed is: 1 . A computer-implemented method of preventing unwanted deletion of data with alerts of excessive deletes in a system, comprising: deleting data that no longer needs to be retained by an application program of the system; recording, for each deletion, a count as recorded count data; computing one or more metrics within a time period from the recorded count data; comparing the computed metrics to a defined corresponding threshold value; and generating, if any of the computed metrics exceeds the corresponding threshold value, an alert to be received by a user to indicate that an excessive number of deletions has been requested. 2 . The method of claim 1 further comprising: providing the user with a plurality of options to select to address the excessive number of deletions; and applying the selected option to all deleted data within the time period. 3 . The method of claim 2 wherein the options comprises at least one of: cancel each deletion to preserve the data, acknowledging the alert to allow deletion of the data, and investigating conditions of the alert for later disposition of each deletion, and further wherein the investigating further comprises viewing underlying data segments and metadata of the data to select an option of the plurality of options, wherein the metadata comprises at least one of backup jobs associated with the data or data assets associated with the data. 4 . The method of claim 3 further comprising: generating hashes for each deleted unit of data; marking the hashes for deletion in the deleting step; delaying the deleting step until confirmation of deletion is received from the user, wherein the confirmation comprises acknowledging the alert to allow deletion of the data to generate confirmed deletions. 5 . The method of claim 4 wherein deleting step comprises a Write Only Restricted Delete (WORD) operation that allows ultimate removal of data after the confirmation. 6 . The method of claim 4 wherein the hashes are stored in Merkle leaves of a Merkle tree used in a filesystem by the application, and wherein the hashes in the Merkle leaves each point to a respective data node storing each deleted unit of data. 7 . The method of claim 6 further comprising storing a number of Merkle leaves corresponding to the confirmed deletions in a circular queue, wherein the length of the queue corresponds to a number of deletion confirmations required before the data is deleted. 8 . The method of claim 7 further comprising: compiling a number of hashes and a data size of deleted data for each time period; computing the computed metrics from the compiled number of hashes and data size; and computing an average data size over a defined number of time periods using the data size for each time period. 9 . The method of claim 8 wherein the computed metrics comprise a percentage change in data size within a time period relative to the average data size, and a percentage variance in deleted data between two successive time periods. 10 . The method of claim 9 further comprising defining a respective threshold value for each of the computed metrics for the comparing step. 11 . The method of claim 1 wherein the deleting step deletes at least one data element that is no longer used by a data asset of the system, and that has expired based on a controlling policy, wherein data expiration comprises at least one of: data subject to a deletion operation, data older than a defined age threshold, data marked as corrupted, and data overwritten by newer data. 12 . A computer-implemented method of limiting a number of deletes in a system executing an application, comprising: defining threshold values for metrics related to data deletes based on size of deleted data and variation of deletions within a set of time periods; receiving deletion instructions for the data deletes; compiling deletion counts for the data deletes within each time period of the set of time periods; comparing one or more computed metrics related to the deletion counts to one or more corresponding defined threshold values; allowing the user to confirm the data deletes using the comparing step; delaying the data deletes specified by the deletion instructions until user confirmation is received; and generating an alert to a user if any of the threshold values is exceeding in the comparing step. 13 . The method of claim 12 wherein the data deletes comprise Write Only Restricted Delete (WORD) operations that allow ultimate removal of data after the confirmation. 14 . The method of claim 12 further comprising computing an average data size over a defined number of time periods of the set of time periods using the size of data deletes for each time period. 15 . The method of claim 14 wherein the computed metrics comprise a percentage change in data size within a time period relative to the average data size, and a percentage variance in deleted data between two successive time periods. 16 . The method of claim 12 further comprising: providing the user with a plurality of options to select to address the excessive number of deletions; and applying the selected option to all deleted data within the time period. 17 . The method of claim 16 wherein the options comprises at least one of: cancel each deletion to preserve the data, acknowledging the alert to allow deletion of the data, and investigating conditions of the alert for later disposition of each deletion, and further wherein the investigating step further comprises viewing underlying data segments and metadata of the data to select an option of the plurality of options, wherein the metadata comprises at least one of backup jobs associated with the data or data assets associated with the data. 18 . The method of claim 13 further comprising: generating hashes for each deleted unit of data of the data deletions; marking the hashes for deletion in the receiving step; and storing the hashes in Merkle leaves of a Merkle tree used in a filesystem by the application, and wherein the hashes in the Merkle leaves each point to a respective data node storing each deleted unit of data. 19 . The method of claim 17 further comprising storing a number of Merkle leaves corresponding to the confirmed deletions in a circular queue, wherein the length of the queue corresponds to a number of deletion confirmations required before the data is deleted. 20 . A method of preventing unwanted deletion of data with alerts of excessive deletes in a system, comprising: implementing a Write Only Restricted Delete (WORD) operation that allows ultimate removal of data after confirmation of a deletion request; computing one or more metrics of data deletions for each time period within a set of time periods; comparing the computed metrics with corresponding defined thresholds for the data deletions for each time period; generating an alert to a user if any of the corresponding defined thresholds is exceeded; receiving a user selection in response to the alert; and confirming the deletion request if the user acknowledges the deletion request, otherwise stopping the deletion request if the deletion request is denied or marked for investigation by the user.