Data Lifecycle Management is a method that enables businesses to control the flow of data at all stages of its lifecycle, from initial creation to final disposal. The process is broken down into five stages: data creation, storge, usage, archival and destruction.
The data lifecycle includes the distinct phases that data goes through when leveraged by the organization for business purposes. The data lifecycle typically includes five stages: data creation, storge, usage, archival and destruction.
Data lifecycle management is a comprehensive approach to managing the data lifecycle. It includes procedures and guidelines used to manage data at each phase of its lifecycle. Each of these phases introduces different business values, as well as different risks and security concerns that need to be addressed. Therefore, the procedures and guidelines for data lifecycle management are compromised not only of requirements to maximize the value of the data, but include data security policies as well.
The first stage of the data lifecycle is the creation of data. This includes both data captured using an unstructured format, such as a file uploaded by a user, or data captured into a structured database, such as a record added to a SQL database. Additionally, data creation does not necessarily refer to new data, but extends to copying existing data into a similar format or modifying the format for different purposes.
The main security concern in this particular phase is keeping up with data creation across the organization and ensuring that security policies are applied as early as possible in its life cycle.
After data has been created, it is then stored for different purposes.
A good data lifecycle management program will include policies to reduce the risk to the data stored – storing it only if needed, backing it up using a robust process, limiting access to relevant users and applications only and maintaining a good security posture around the controls available for the data.
Data is only helpful when it is used to support the business. It will need to be accessed and changed constantly, and may also be made available to share outside of the organization.
The data lifecycle management policies will need to balance the business use cases with security needs, and to differentiate between legitimate use of the data and one that would risk the business or the privacy of the data. Maintaining audit trails around data usage, monitoring for unnecessary usage and identifying any anomalies is key.
Data that is no longer in use but cannot yet be deleted will be archived. This is similar to data storage, but no maintenance is generally needed, and no usage is expected.
As such, the controls around usage or archived defined in data lifecycle management should be limited and almost any use of this data should be defined as unnecessary. This can also lead to the implementation of stronger access controls.
Lastly, when data is no longer needed, it can and should be removed in order to improve on costs and compliance, with an additional - and significant - security bonus, as data that does not exist can no longer be at risk.