Cloud data security

SONAL RAJ CLOUD DATA SECURITY MARIUS ALEXANDRU CATALIN BANESCU

CLOUD DATA LIFECYCLE PHASES While the lifecycle is described as a linear process, data may skip certain stages or indeed switch back and forth between the different phases: • 1. Create: The generation or acquisition of new digital content, or the altering or updating of existing content. This phase can happen internally in the cloud or externally. The creation phase is the preferred time to classify content according to its sensitivity and value to the organization. Careful classification is important because poor security controls can be implemented if content is classified incorrectly. • 2. Store: The act of committing the digital data to some sort of storage repository. Typically occurs nearly simultaneously with creation. When storing the data, it should be protected in accordance with its classification level. Controls such as encryption, access policy, monitoring, logging, and backups should be implemented to avoid data threats. • 3. Use: Data being viewed, processed, or otherwise used in some sort of activity, not including modification. Data in use is most vulnerable because it might be transported into unsecure locations such as workstations, and to be processed, it must be unencrypted. Controls such as data loss prevention (DLP), information rights management (IRM), and database and file access monitors should be implemented to audit data access and prevent unauthorized access. • 4. Share: Information being made accessible to others, such as between users, to customers, and to partners. • 5. Archive: Data leaving active use and entering long-term storage. Archiving data for a long period of time can be challenging. • 6. Destroy: Data being removed from the CSP. The destroy phase can be interpreted into different technical meanings according to usage, data content, and applications used.

LOCATION AND ACCESS OF DATA • Location • Access Data is a portable resource, capable of moving The traditional data lifecycle model does not swiftly and easily between different locations, specify requirements for who can access relevant both inside and outside the enterprise. It can be data, nor how they are able to access it (device generated in the internal network, be moved and channels). Mobile computing; the manner in into the cloud for processing, and then be moved which data can be accessed; and the wide to a different provider for backup or archival variety of mechanisms and channels for storing, storage. processing, and transmitting data across the enterprise have all amplified the impact of this lack of requirements.