Data-protection policies should include guidelines for the different data lifecycle phases In the cloud,
The following three policies should receive proper adjustments and attention
- Data retention
- Data deletion
- Data archiving
A data-retention policy is an organization’s established protocol for keeping information for operational or regulatory compliance needs.
The objectives of a data-retention policy are to keep important information for future use or reference, to organize information so it can be searched and accessed at a later date, and to dispose of information that is no longer needed.
The policy balances the legal, regulation, and business data archival requirements against data storage costs, complexity, and other Data Protection considerations.
- A good data-retention policy should define each of the following:
- Retention periods
- Data formats
- Data security
- Data-retrieval procedures for the enterprise
- A data-retention policy for cloud services should contain the following components:
- Legislation, regulation, and standards requirements: Data-retention considerations depend heavily on the data type and the required compliance regimes associated with it.
- For example, according to the Basel II Accords for Financial Data, the retention period for financial transactions should be between three and seven years, whereas according to the PCI DSS version 3.1 Requirement 10.7,
- All access to network resources and cardholder data and credit card transaction data should be kept available for at least a year with at least three months available online.12
- Data mapping: This is the process of mapping all relevant data to understand data types (structured and unstructured), data formats, file types, and data locations (network drives, databases, object, or volume storage) data Protection.
- Data classification: This involves classifying the data based on locations, compliance requirements, ownership, or business usage in other words, its value. Classification is also used to decide on the proper retention procedures for the enterprise.
- Data-retention procedure: For each data category, the data-retention procedures should be followed based on the appropriate data retention policy that governs the data type.
- How long the data is to be kept, where (physical location, and jurisdiction), and how (which technology and format) should all be spelled out in the policy and implemented via the procedure.
- The procedure should also include backup options, retrieval requirements, and restore procedures, as required and necessary for the data types being managed.
- Monitoring and maintenance: These are procedures for making sure the entire process is working, including a review of the policy and requirements to make sure there are no changes.
Data-Deletion Procedures and Mechanisms
A key part of data-protection procedures is the safe disposal of data once it is no longer needed. Failure to do so may result in data breaches or compliance failures.
Safe-disposal procedures are designed to ensure that there are no files, pointers, or data remnants left behind in a system that could be used to restore the original data.
- A data-deletion policy is sometimes required for the following reasons:
- Regulation or legislation: Certain laws and regulations require specific degrees of safe disposal for certain records.
- Business and technical requirements: Business policy may require the safe disposal of data. Also, processes such as encryption might require safe disposal of the clear text data after creating the encrypted copy
- Restoring deleted data in a cloud environment is not an easy task for an attacker because cloud-based data is scattered, typically being stored in different physical locations with unique pointers.
- Achieving any level of physical access to the media is a challenge. Nevertheless, it is still an existing attack vector that you should consider when evaluating the business requirements for data disposal.
- To safely dispose of electronic records, the following options are available:
- Physical destruction: Physically destroying the media by incineration, shredding, or other means.
- Degaussing: Using strong magnets for scrambling data on magnetic media such as hard drives and tapes.
- Overwriting: Writing random data over the actual data. The more times the overwriting process occurs, the more thorough the destruction of the data is considered to be.
- Encryption: Using an encryption method to rewrite the data in an encrypted format to make it unreadable without the encryption key
Because the first three options are not fully applicable to cloud computing, the only reasonable method remaining is encrypting the data.
The process of encrypting the data to dispose of it is called digital shredding or crypto-shredding. Crypto-shredding is the process of deliberately destroying the encryption keys that were used to encrypt the data originally.
The data is encrypted with the keys, so the data is rendered unreadable (at least until the encryption protocol used can be broken or is capable of being brute-forced by an attacker).
- To perform proper crypto-shredding, consider the following:
- The data should be encrypted completely without leaving clear text remaining.
- The technique must make sure that the encryption keys are completely unrecoverable. This can be hard to accomplish if an external CSP or other third party manages the keys.
Data-Archiving Procedures and Mechanisms
- A data-archiving policy for the cloud should contain the following elements:
- Data-encryption procedures: Long-term data archiving with encryption can present a challenge for the organization about key management.
- The encryption policy should consider which media is used, what the restoral options are, and what threats should be mitigated by the encryption.
- Bad key management can lead to the destruction of the entire archive; therefore, it requires attention.
- Data-monitoring procedures: Data stored in the cloud tends to be replicated and moved.
- To maintain data governance, it is required that all data access and movements be tracked and logged to make sure that all security controls are being applied properly throughout the data lifecycle.
- Ability to perform e-discovery and granular retrieval: Archive data may be subject to retrieval according to certain parameters such as dates, subjects, and authors.
- The archiving platform should provide the ability to perform e-discovery on the data to determine which data should be retrieved.13
- Backup and DR options: All requirements for data backup and restore should be specified and documented. It is important to ensure that the business continuity and disaster recovery (BCDR) plans are updated and aligned with whatever procedures are implemented.
- Data format and media type: The format of the data is an important consideration because it may be kept for an extended period. Proprietary formats can change, thereby leaving data in a useless state, so choosing the right format is important.
- The same consideration must be made for media storage types.
- Data restoration procedures: Data restoral testing should be initiated periodically to make sure the process is working.
- The trial data restore should be made into an isolated environment to mitigate risks, such as restoring an old virus or accidentally overwriting existing data and data Protection.