Summary
This chapter discussed the data lifecycle and data management functions within the data life cycle, including data retention, auditing, and disposal. The various roles, rights, and responsibilities associated with data ownership were described. Data discovery allows organizations to identify data as structured, semi- structured, or unstructured data. Once data is identified, it is typically classified based on the organization’s classification scheme. That classification is used to label the data, and it may be mapped through transformations and transfers to allow it to be used in other systems and services. This chapter also focused on data flows and the importance of understanding and documenting them, especially in complex and interconnected cloud systems. As data is moved through an organization and accessed by systems, services, and individuals, information rights management (IRM) tools are used to ensure that data rights are enforced. IRM relies on access models to determine which subjects can take which actions, and those models drive provisioning processes that provide users and systems with the rights they need in an automated fashion. Finally, we reviewed auditing as a security control for data, including log collection, correlation, and analysis in cloud and hybrid environments. Packet capture as an audit and security mechanism is also important, and it can be complex if not impossible in some cloud environments like software as a service and platform as a service provider.
Exam Essentials
Describe data flows and their use in a cloud environment. Data flows are used to describe where and how data moves throughout an environment. Details like ports, protocols, ser vices, and what data fields or types are sent and received are important components of data flows, and this information is typically captured in data flow diagrams. Understand the purpose and method of data categorization and classification. Know why and how data owners assign categories and classifications to specific datasets under their control. Explain the typical parts of data classification policies. Describe data mapping and data labeling. Know how and when data is labeled, and by whom. Understand content- based discovery and the use of metadata in discovery efforts.
Understand the various roles, rights, and responsibilities related to data ownership.Know who the data subject, owner, controller, processor, and custodian are. Understand the rights and responsibilities associated with each.
Be familiar with data discovery methods.Describe the differences between structured, semi- structured, and unstructured data and offer examples of each type of data. Understand why data location matters and what impact it may have on data discovery processes and capabilities.
Understand the objectives of and tools used to implement information rights management.IRM tools are designed to protect data rights and require provisioning that gives appropriate users permission based on their roles and responsibilities. Access models are used to determine who will receive rights, and a combination of certificates for identification and licenses that list the permissions or rights of the users or systems are used to make IRM work.
Know what should be included in policies for data retention, deletion, and archiving.Understand essential aspects like the terms retention and disposal. Know retention formats, how regulations dictate these things, and how every policy needs to include details for maintenance, monitoring, and enforcement.
Understand data and media sanitization.Most traditional sanitization methods will not work in cloud environments. Cryptographic erasure is one of the few ways to ensure secure data disposal in environments where you cannot ensure physical destruction of data and devices. Overwriting and other techniques cannot provide assurance of data destruction in cloud environments.