From the course: Cloud Data, Platform, and Applications Security by Pearson

Phase 2: Store

From the course: Cloud Data, Platform, and Applications Security by Pearson

Start my 1-month free trial Buy for my team

Phase 2: Store

Phase 2 of the cloud data lifecycle is the store phase. After the create phase, the data is put into volume or block storage, or object storage on a file system, or in a database. And this phase relates to transactional, near-term usage, as opposed to long-term cold data storage. Remember that for the exam. We're going to see later there's an archive phase, and that is distinctly different than the store phase, which is for short-term storage. For example, at AWS, an S3 bucket or Google Cloud Storage. The store phase usually happens almost concurrently with the create phase, unless it's created in memory, which is possible. but often when you create a document or you create a document library, it's going to be stored somewhere simultaneously. For example, spreadsheets, CSV files, other types of documents, unstructured data like JSON or YAML files. In the store phase, it's vital to immediately use backup methods, For example, snapshots and security controls to prevent data loss early in the life cycle. You may want to have additional data encryption, where in the create phase it's unencrypted, but then once you move it to the store phase, for example the S3 bucket, by default is stored with AES GCM 256. Also in the store phase, it may introduce DRM or IRM, digital rights management, or information rights policies to assure that the security is enforced before you get into the phases where data is used or shared. Now, while security controls are introduced in the Create phase in the form of things like Transport Layer Security, remember that TLS only protects the data in transit and not the data at rest. So remember for the exam, the Store phase is the first phase where typically security controls are implemented to protect data at rest, officially.

Contents