Menu

Describe Cloud Data Concepts

Cloud Data Life Cycle Phases

In order to keep data secure in the cloud, a data lifecycle should be followed. This ensures that data can be correctly protected from creation to destruction. The secure data lifecycle follows a roughly linear lifecycle, and some data may not go through all phases.

  1. Create

    2. Data is created when it is entered into the system, or when it is modified.

    Controls: When data is created it should be classified either by the creator or the owner.

  2. Store

    3. The act of saving data after creation, which can happen at the same time.

    Controls: Data at rest should be encrypted with proper key management and appropriate access controls. When data is in transit it should be protected using TLS, VPNs, SSH, etc. Having appropriate backups is another control to help preserve integrity and availability.

  3. Use

    4. Data is used when it is viewed or processed. This can happen when viewing a web applications, viewing and editing files, or fetching data over an API.

    Controls: Managing data flow via data loss prevention (DLP), information rights management (IRM), system access controls, network monitoring tools. It is also important to have adequate accountability controls which require logging and monitoring access to the data.

  4. Share

    5. Access to the data is granted to other users or entities that are authorized.

    Controls: Access controls including role-based access control, DLP, IRM, and access reviews.

  5. Archive

    6. Archived data is data that has reached it's end of life but may still need to be retained. Archived data can also a cost benefit becasue it can be moved to cheaper slower storage.

    Controls: Similar to the controls for the storage phase. One consideration is encryption keys may be cycled out and the data is effectively lost.

  6. Destroy

    7. Data is no longer needed and no longer needs to be retained. Data needs to be destroyed securely.

    Controls: Low-sensitivity data does not need advanced destruction methods such as deleting filesystems and setting disk space to be reused. High-sensitive data may need more advanced methods of deletion such as, cryptoshredding (deleting encryption keys).

Data Dispersion

Data dispersion is breaking data into smaller chunks and storing the chunks on different devices, it is similar to the concept of striping in a RAID array.

Cloud Data Security

  1. Describe Cloud Data Concepts
  2. Design and Implement Cloud Data Storage Architectures
  3. Design and Apply Data Security Technologies and Strategies
  4. Implement Data Discovery
  5. Implement Data Classification
  6. Design and Implement Information Rights Management (IRM)
  7. Plan and Implement Data Retention, Deletion and Archiving Policies
  8. Design and Implement Auditability, Traceability and Accountability of Data Events

CCSP

  1. Cloud Concepts, Architecture, and Design
  2. Cloud Data Security
  3. Cloud Platform and Infrastructure Security
  4. Cloud Application Security
  5. Cloud Security Operations
  6. Legal, Risk, and Compliance