Master the lifecycle of your data to improve data security

A data lifecycle is difficult to pin down. Depending on your industry or profession, what constitutes a data lifecycle can vary widely. For example, Harvard Business School claims that there is eight stages of the data lifecycle. But some only matter seven stepsand some just five. When it comes to cybersecurity, a more concrete, even secure, and comprehensive approach is needed to ensure data security.

One of the many ways to improve data security

Before we go any further, it’s worth noting that having 100% security across the board happens about as often as a blue moon, finding the Holy Grail, or a politician who keeps his campaign promises. Cybersecurity professionals know this. So you focus on reducing risk as much as possible with the tools you have.

So how can knowing your data lifecycle help improve your data security in 2022?

Focus on threat management

In 2017, The Economist claimed that data is more valuable than oil. Yet despite its intrinsic value, companies large and small mismanage it or struggle to find ways to protect it. There is no need to dwell on the many transgressions of Big Tech in this area. Not that they are the only offenders. A common thread through the numerous data breaches and hacks last year: lack of attention to threat management. But to effectively manage threats, it’s essential to identify and prepare for the risks unique to your data lifecycle.

Let’s start with a generally accepted life cycle.

Identify and secure your data lifecycle stages

Broadly speaking, most cybersecurity experts define five stages in a usable data lifecycle. These are: creation, storage, use, archiving and finally destruction. Each stage has its own considerations, but ensuring data integrity is a common goal for all stages. If you can’t track, access, or audit (yes, I know that’s a dirty word) data every step of the way, then you’ve failed. If you can, then congratulations, you have a robust data management strategy that even Big Tech can’t match.

Now, what if you add permission management (defining who can access specific data to prevent malicious insider attacks)? Is your data lifecycle still robust at all stages? How about bringing your own device (BYOD)? Does this have an impact? How do you protect company data outside of company-owned machines?

Let’s break down each stage of the lifecycle a bit more to help with future brainstorming on your process:

Data Creation

Data is created in many ways, whether by manual input, acquired from third parties, or captured from devices such as sensors or other connected devices. It goes far beyond traditional file creation. In a production environment, data is created in a database during functional testing, for example. Website forms collect data. And VoIP solutions also create data.

Consider where all your data comes from, whether it’s audio, video, or documents. Is it structured or unstructured? Is it on multiple devices? In an eDiscovery situation, for example, even social media or vehicle data are possible targets for disclosure. All data, including data generated by a connected device or cloud service, needs protection (with permission management/access control if possible) as soon as it is created, just to be safe.

Data storage

It sounds obvious, but no matter what storage method you use (tape drives, SSDs, or NAS), securing that storage is a must. Backups prevent data loss and you should make sure your data restoration process is working before relying on them. It is also useful to regularly check the integrity of the backup.

Most jurisdictions hold companies responsible for protecting their data from accidental loss. Blaming hardware failures, or even natural disasters like flooding, is no excuse – an offsite solution is a requirement. Most security professionals recommend at least three backups, with one or more offsite.

Data usage

The use of data includes the processes of viewing, processing, modifying and saving. This includes big data (making sure to anonymize data where necessary for data privacy compliance). Now, creating anonymous data doesn’t stop with removing a person’s name, address, and phone number. It includes any combination of data inputs that can specifically identify a person. The fact that Citizen X is a Nashville music teacher, drives a Camaro, and enjoys panpipe renditions of “A Boy Named Sue” may be enough to identify a true identity.

Another consideration is data collaboration, or data sharing, for all methods used. Given the myriad ways we share data (email, VoIP, cloud storage and many more), this is a problem for many businesses, especially when trying to preventing insider threats.

Data Archiving

Most organizations use archives to store older, rarely used data. They are secure but available for on-demand use. Again, regardless of the storage method, backups are essential and access control procedures apply.

Data destruction

A key part of the data life cycle. The moment when the data will be destroyed will depend on the jurisdiction and the legislation in force. For example, some jurisdictions require companies to retain accounting data for five years. Due to software licensing restrictions (software licenses are not transferred to new owners in most cases) and a wide variety of data recovery software solutions available, companies are no longer donating their computers. They can reuse older hardware by using it as a print server or NAS, or more generally arrange secure disposal of hard drives via degaussing or incineration. Professional data recovery can recover discs damaged by fire or watertherefore, it is a more secure approach that protects company data when decommissioning hardware.

Master the lifecycle of your data to improve data security

At least this general overview of the data lifecycle should help you appreciate the complexity and proliferation of data caused by our reliance on technology. Everything we connect to creates data. To secure the future compliance with industry standardsregulating data privacy and/or litigation protection, it’s time for companies to get a handle on data lifecycle management.

No two companies have identical processes because your data lifecycle will complement the business processes for your unique situation. But understanding your data lifecycle and all of its complexities is key to maximizing your cybersecurity efforts. By identifying all potential risks and reducing them, you can increase the security of your data. Is the effort worth it? Most would say yes.

The post office Master the lifecycle of your data to improve data security appeared first on IS Decisions Enterprise Network Security Blog.

*** This is a syndicated blog from the Security Bloggers Network of IS Decisions Enterprise Network Security Blog written by Michael O’Dwyer. Read the original post at: https://www.isdecisions.com/blog/it-security/improve-data-security-with-data-lifecycle-management/


Source link