Establishing a secure data lifecycle enables your organisation to map each phase against the required controls. Not all situations will fully align, but it will provide a framework for policies that need to be put in place to manage and protect your data.

For example, the creation phase is the preferred time to classify content according to its sensitivity and value to the organization. Policies to address the activities allowed for different information types, where data can geographically be stored and what the legal or regulatory implications are if the data is mishandled, are all important considerations. Data governance should also identify who is responsible for managing the information on behalf of the owner.

Underpinning your policy should be consideration of the hosting platform and deployment model, including services for compute, network, and storage. With a seemingly endless desire for SaaS, organizations should pay special attention to how and where Content Delivery Network (CDN) providers (e.g., AWS CloudFront, Fastly, Akamai) store their data. The premise of CDN is to store content using object storage and distribute the workload across multiple geographic nodes to improve internet consumption speed. Inevitably, this regional approach leads to a trade-off between performance and security, so it is vital that any risk is fully understood and accepted before your architecture is deployed. 

The international nature of cloud computing has led to a proliferation of national laws and regulations regarding cross border transfer of data, which makes it vital you define and implement a secure data lifecycle.

To help you do this, start by considering the following points:

• Who are the actors that need access to the data?
• Where are the locations to protect?
• What are the controls in each of these locations?
• At what phase in the lifecycle can data move between locations?
• How does the data move between locations?
• What are the relevant data sovereignty laws?

If you would like help establishing a secure data lifecycle, MIC Solutions Ltd would be delighted to hear from you.