Data Retention, Deletion & Archiving
Unlock the complete study guide + 1,040 practice questions across 16 full exams.
Bundled into the existing Certified Cloud Security Professional premium course — no separate purchase.
Included in this chapter:
- One lifecycle: retain, archive, delete, hold
- Retention policies: tie every period to a driver
- Deletion in the cloud: crypto-shredding is the answer
- Archiving: cheap, cold, and not a backup
- Legal hold: the override that beats every schedule
Retention lifecycle stages and the control that enforces each
| Stage | Purpose | Cloud mechanism | Key constraint |
|---|---|---|---|
| Retention | Keep data for a required period | Lifecycle/retention policy tied to a classification | Period must trace to a regulation, contract, or business driver |
| Archiving | Cheaply keep rarely-read data that must be retained | Cold/archive storage tier (WORM where immutability is required) | Retrieval is slow and may be billed; not a backup substitute |
| Deletion | Defensibly destroy data at end-of-life | Crypto-shredding (destroy the key); overwrite/destroy only on media you control | Must be logged; cannot reach multi-tenant physical media |
| Legal hold | Freeze data for litigation/investigation | Object-lock legal hold / immutable WORM that blocks delete and transition | Overrides retention expiry and any lifecycle deletion until released |
Decision tree
Cheat sheet
Unlock with Premium — includes all practice exams and the complete study guide.