Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
The CCSK v5 and Security Guidance v5 are now available!

The 6 Phases of Data Security

Home
Industry Insights
The 6 Phases of Data Security

Blog Article Published: 10/14/2021

Written by Nicole Krenz, Web Marketing Specialist, CSA.

The primary goal of information security is to protect the fundamental data that powers our systems and applications. As companies transition to cloud computing, the traditional methods of securing data are challenged by cloud-based architectures. You don’t have to lift and shift existing problems. Moving to the cloud creates a field of opportunity to reexamine how you manage information and find ways to improve things. In this blog, we’ll discuss information governance and the Data Security Lifecycle as they relate to cloud computing, and provide recommendations that you can take with you on your cloud migration journey.


What is Data/Information Governance?

Data/information governance means ensuring that the use of data and information complies with organizational policies, standards, and strategy. This includes regulatory, contractual, and business requirements and objectives. Note that data is different from information, but the terms can be used interchangeably. Information is data with value.


Data Security Lifecycle vs Information Lifecycle Management

Information Lifecycle Management is a tool to help understand the security boundaries and controls around data from its creation through retirement. Although Information Lifecycle Management is a fairly mature field, it doesn’t map well to the needs of security professionals.

The Data Security Lifecycle is different from Information Lifecycle Management in that it reflects the different needs of the security audience. It includes six phases from creation to destruction. Once created, data can bounce in between phases without restriction, and may not pass through all stages (not all data is eventually destroyed).

  1. Creation is the generation of new digital content, or the alteration of existing content.
  2. Storing is the act of committing the digital data to some sort of storage repository and typically occurs nearly simultaneously with creation.
  3. Data is viewed, processed, or used in some sort of activity, not including modification.
  4. Information is made accessible to others, such as in between users, to customers, and to partners.
  5. Data leaves active use and enters long-term storage.
  6. Data is permanently destroyed using physical or digital means.


Locating Data in the Lifecycle

Due to regulatory, contractual, and jurisdictional issues, it’s important to understand the logical and physical locations of data.

The lifecycle represents the phases information passes through but doesn’t address its location or how it’s accessed. Data is accessed and stored in multiple locations, each with its own lifecycle. The data security lifecycle is not a single, linear operation, but a series of smaller lifecycles running in different operating environments. At nearly any phase, data can move into, out of, and between these environments.

Users know where data lives and how it moves, but how is it accessed? Data is accessed using a variety of different devices that have different security characteristics and may use different applications or clients.


The Functions Performed With Data

There are three functions that can be performed with data, by a given actor and a particular situation:

  • View/read the data, including creating, copying, file transfers, dissemination, and other exchanges of information.
  • Process a transaction on the data, update it, or use it in a business processing transaction.
  • Store and hold the data in a file, database, etc.


Recommendations

Here are some of our key recommendations for information governance:

  • Ensure information governance policies and practices extend to the cloud. This will be done through contractual and security controls.
  • Use the data security lifecycle to help model data handling and controls.
  • Instead of lifting and shifting existing information architectures, use your cloud migration as an opportunity to re-think and restructure what is often the fractured approach used in existing infrastructure.


To learn more about information governance, check out the Security Guidance for Critical Areas of Focus in Cloud Computing. This document also covers best practices in 11 other cloud security domains.

Security Guidance

Share this content on your favorite social network today!

Core Cloud
Related Resources
Top Threats to Cloud Computing
The eleven salient threats, risks, and vulnerabilities in the cloud.
Certificate of Cloud Security Knowledge (CCSK)
The industry's standard cloud security credential.
Corporate Membership
Gain knowledge and connections in the cloud industry.
Latest from CSA
Download the New Security Guidance v5!
CCSK v5: The Benchmark for Cybersecurity Expertise
AI Model Risk Management Framework
Trending This Week
#1 Discover CCSK v5: The New Standard in Cloud Security Expertise
#2 CSA STAR Certifications: What are they?
#3 AI Safety vs AI Security: Navigating the Commonality and Differences
#4 CCSK vs CCSP: An Unbiased Comparison
#5 Six Pillars of DevSecOps Series
Enhance your cloud security skills with CSA's online training options.
Related Articles:
Cybersecurity Training for Employees: Upskill the Easy Way with CSA Team Training Programs

Published: 07/23/2024

New Cloud Security Guidance from CSA

Published: 07/17/2024

CCSK v5: Updated Cloud Security Knowledge with a Unique Pedigree

Published: 07/16/2024

Cloud Security Alliance Sets New Standard in Cloud Security Expertise with the Certificate of Cloud Security Knowledge (CCSK) v5

Published: 07/16/2024