Get startedGet started for free

Data retention policies

1. Data retention policies

Everything needs somewhere to go, whether it’s forks and spoons in a kitchen drawer, or data in the cloud. And to find a spoon, you know which drawer it’s stored in. Similarly, security professionals need access to well-organized data, and they need to know where to find it. That’s where storage becomes useful! In this video, you’ll learn about how data is stored, and how a data retention policy can help you manage your data and follow regulations. Let’s get started! Data retention is the process of storing data, including how long it needs to be stored. In cloud storage, the length of time that data is stored is determined by an organization’s needs. The time period for stored data is called a retention period. A data retention period is the length of time an organization keeps information. It’s also a key element of an organization’s data retention policy. A data retention policy helps determine: What data needs to be stored, and where the data should be stored. Because it includes an expiration period, a retention policy can also help decide how long the data can be stored. These considerations need to follow compliance regulations, which are often outlined in an organization's compliance policy. And, having a data retention policy will help ensure that data is compliant and safe. As a security professional, you may be responsible for working on data retention policies. As part of this process, you’ll need to conduct research before you start creating the policy. While conducting research, you’ll need to make compliance considerations, like: industry or regional compliance standards for data, and regulations for the location of the data. Take notes while you research. Then, consult the legal staff members on your team for insights on your research findings. While you’re preparing to build your data retention policy, consider the following questions: What are your organization’s needs for specific data? What are your organization’s policies for data retention periods? Do organizational needs change over time? Do different data types need different policies? A data retention policy should be flexible, and be based on an organization’s needs. Keep your organization’s compliance policy in mind as you build your data retention policy. Try to ensure that both policies work together, that they’re not contradictory, and that they’re clear to members of the organization. For example, if your organization has a compliance policy that states user data is only retained for a short time, make sure your retention policy reflects that. As you create policy, here’s a pro tip: Policy creation is also affected by what type of resource is used to store data, and the applications you allow to access the data. You’re responsible for keeping your applications and hardware secure. Vendors may not provide regular security updates, so it’s important to understand the limitations and capabilities of applications and hardware when creating your policies. Organizations also need to consider risk when creating data retention policies. When data is available, there’s a potential risk of a data breach. This means attackers can steal your data while it’s available, including sensitive data. To defend against this risk, it’s useful to delete or replace data over time. Let’s review how risk consideration works. Retention policy is defined by time. First, you add a retention policy to a bucket. In cloud storage, a bucket is a virtual container that holds objects. Then, you can define the age of the objects that can be deleted or replaced by specifying the retention period. It’s important to know that you can only delete or replace those objects once they reach the age you define. If you try to delete the objects before that time, you’ll get an error. You can set your retention policy in units of days. You can also permanently set a retention policy by locking it. This means the policy is locked in and stays for the life of the bucket. To delete the bucket, you’ll need to wait until every object has completed its retention period, since the objects’ age must be greater than the retention period duration. Understanding how a data retention policy keeps data compliant and safe allows you to create and implement a plan for your organization.

2. Let's practice!

Create Your Free Account

or

By continuing, you accept our Terms of Use, our Privacy Policy and that your data is stored in the USA.