Data Lifecycle

This is a world of data. Nothing is more important than the ones and zeros that stand for all the value that your organization creates and manages. The enormity of impact that a potential breach of this data could have, has never been greater, and so have been the efforts and resources that businesses need to devote to counteract this threat.

To be effective in your efforts to safeguard your data, it is vital that you understand the Challenges, Associated Threats and fundamental principles of Data Lifecycle.

Challenges

GDPR Challenges

Data Lifecycle

The lifecycle of data involves its creation, storage, usage, sharing, archiving and destruction. Along this lengthy process, in which sensitive information can be exposed to risk, organizations need to be aware of five key questions; who, what, where, when and how.

Create

The moment data is created, it becomes a target of cybercriminals. A measure of knowing who was responsible in creating it in the first place adds a layer of security and privacy right at the beginning of the data lifecycle.

Solutions:

Store

Newly created data is stored on the organization’s network, giving it a variety of access points. Proper planning in implementing secure data storage policies safeguards sensitive information from unauthorized users.

Solutions:

Use

Usable data can be viewed, copied and altered. In this phase, data is exposed to malicious attacks, unintentional mistakes, unauthorised access and misuse. Both proactive and reactive measures need to be firmly in place to minimize the risk of data being used for purposes other than those intended (i.e. modification or fabrication, even erasure).

Solutions:

Share

Data and metadata circulate non-stop amongst employees and organizations, from one environment to another. This makes data hard to keep track of and control, while certain unsecure nodes by which it passes might prove dangerous.

Solutions:

Archive

Storing of inactive data for archive purposes still poses a risk of loss or theft, as it remains static and exposed to threats for long periods of time, usually for much longer than the previous phases of the lifecycle.

Solutions:

Destroy

Data destruction renders an organization legally accountable, especially in cases of personal and health data. Organizations need to make sure that their data destruction methods are truly safe and absolute, and that they meet regulatory compliance requirements.

Solutions:

Security Data lifecycle

Associated Threats

Benefits

Modification - Attacks on Data Integrity

• Data held in a computer system is accessed in an unauthorised manner and is changed without permission.
• Modification can also occur when data is changed during transmission (share).

Destruction - Attacks on Data Availability

• Occurs when data is destroyed because of malicious intent or unintentionally.
• Cannot only happen to stored data but also to data at the create stage (before use).

Disclosure - Attacks on Data Confidentiality

• Takes place when data or access is made available without the consent of the individual responsible for the data
• Although disclosure of data can occur because of malicious intent, it commonly stems from a lack of proper procedure within an organization

Interception - Attacks on Data Confidentiality

• Occurs when an unauthorised person or software gains access to data, which may result in the copying of the data.

Interruption - Attacks on Data Availability

• Occurs when data becomes unavailable for use.

Fabrication - Attacks on Data Authenticity

• Occurs when spurious records are added to an existing database.

What we can do for you

Odyssey’s Compliance, Information Security and Managed Security services are designed to address all of the above challenges by optimizing the return on your investment while offering highly customized services that are tailored to the individual needs of your business.