From the course: Cloud Data, Platform, and Applications Security by Pearson
Phase 1: Create
From the course: Cloud Data, Platform, and Applications Security by Pearson
Phase 1: Create
This third lesson is the CCSP Cloud Data Lifecycle. And we're going to have different sub-lessons for each one of the six phases of the lifecycle. As you can see here, we have the Create Phase, then the Store Phase, the Use Phase, the Share, then Archive, then Destroy Phase. You're going to get a good handful of questions on this exam on the cloud data lifecycle. Also realize you need to know this lifecycle. You might be a CISSP and you've learned a different data lifecycle. That's not the one for this exam. This is the lifecycle. And in this first sub-lesson, we're going to look at the first phase, the create phase. In the create phase, this is where data is either generated from scratch. It's constructed, it's acquired, maybe you purchased the data like sales leads, for example. It's inputted, maybe it goes through raw data through some translation or filtering, maybe either on-premise or up in the cloud. So, this is the first phase. Now, I want you to understand something. In the Create phase, ISC2 adheres very closely to the GDPR. The GDPR has a mandate called data minimization. And what that means is you should only be creating or generating in this early phase, data that is going to be useful, data that's going to be meaningful. We don't just produce tons of raw data just because we can or acquire a bunch of data. So data minimization means if you are going to take data and have it become information and then knowledge, and then wisdom. If it has meaning, if it has usefulness, then by all means, make sure that it is generated or created in phase one, okay? Otherwise, don't even bother as far as the GDPR is concerned. So here we see that four steps, raw data, which becomes information, which then leads to knowledge, and hopefully, it becomes wisdom. So in the create phase, if your access model, your access control methodology uses this, you may have an owner. For example, if it's a discretionary access control model like Active Directory, then you may have somebody who generates the template. They create the Excel template, the Word document, the PowerPoint document library. So they may be the owner of the actual data. In the early phase, you'll be doing categorization, prioritization. you'll be tagging, you'll be labeling, maybe for sensitivity levels or for classification like top secret or secret or public or private, okay? Data will be tagged or labeled or marked in this phase, okay? If it's data that's created remotely in the create phase, the data should be encrypted, okay? Also, any connections of data in transit should be secured, maybe using a VPN like IKE version 2 of IPSec, or SSL TLS 1.2 or higher, or maybe a newer software-defined perimeter solution. And of course, secure key management should be implemented. For data that's created or generated in the cloud, the data should be encrypted, data at rest, and we should rely on cloud hardware security modules, cloud HSM, or a key management security solution, KMS. The create phase is also the perfect time to utilize those security mechanisms, for example, AES-GCM-256, for data at rest, data that is inputted or imported. And it should be done in this phase, this create phase, so that it's initially protected before engaging in the subsequent phases.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.