>_AYSOLI SECURITY HUB
THREAT AREA

Archiving & Deletion Concepts

Data minimization is not only a legal obligation (GDPR) but also actively reduces your attack surface. Data that has been securely deleted can no longer be stolen or encrypted for ransomware during a breach.

Your Strategy

Use automated data discovery tools to find personal data across your entire infrastructure (file servers, cloud storage, databases). Define technical deletion periods that irretrievably destroy data after the legal retention obligation expires.

Best Practices

  • Classification: Use retention labels to manage data on a lifecycle basis.
  • Immutability: Archive tax-relevant data in immutable storage to prevent manipulation.
  • Proof: Ensure that the deletion process is logged in an audit-proof manner to meet compliance requirements.

STRIDE-LM Design Risks

SpoofingS-01

Identity Spoofing

Attacker impersonates a legitimate user or partner.

TamperingT-01

Data Tampering

Unauthorized modification of shared data or configurations.

RepudiationR-01

Audit Log Manipulation

Deleting or altering traces of an action.

Information DisclosureI-WEB-01

Sensitive PII Exposure

Disclosure of personally identifiable information (GDPR risk).

Denial of ServiceD-01

Resource Exhaustion

Overloading systems through massive requests or resource hogging.

Elevation of PrivilegeE-01

Privilege Escalation

Gaining privileges beyond what is intended.

Lateral MovementL-01

Lateral Movement

Accessing further internal systems after initial login.

Monitoring GapsM-GOV-01

Data Retention Violation

Unintentional retention of data beyond legal periods.

MITRE ATT&CK® Techniques

Initial Access
T1078

Valid Accounts

ATT&CK

Exploiting existing credentials for access.

Mitigated by
Data Processing Agreement (DPA)GrundschutzNiedrig
CIS: 17.3NIST: GV.SC-7
Least Privilege PrincipleBaseline ProtectionMedium
CIS: 6.2NIST: PR.AC-6OWASP: A01:2021
Credential Access
T1552

Credentials from Password Stores

ATT&CK

Extracting passwords from web browsers or password managers.

Mitigated by
Output Content FilteringBaseline ProtectionLow
NIST: AI-1.2OWASP: LLM02
Collection
T1213

Data from Information Repositories

ATT&CK

Accessing data from knowledge bases (SharePoint, Confluence).

Mitigated by
Regulatory Data DiscoveryExtended ProtectionMedium
NIST: ID.AM-5
Data Loss Prevention (DLP)Baseline ProtectionMedium
CIS: 13.3NIST: PR.DS-1
Collaboration GovernanceBaseline ProtectionLow
CIS: 13.3NIST: PR.DS-1
Sensitivity Labels (Purview)Extended ProtectionHigh
CIS: 13.2NIST: PR.DS-1
Least Privilege PrincipleBaseline ProtectionMedium
CIS: 6.2NIST: PR.AC-6OWASP: A01:2021
T1530

Data from Cloud Storage Object

ATT&CK

Accessing data from cloud storage (S3, Blobs).

Mitigated by
Regulatory Data DiscoveryExtended ProtectionMedium
NIST: ID.AM-5
Data Loss Prevention (DLP)Baseline ProtectionMedium
CIS: 13.3NIST: PR.DS-1
Collaboration GovernanceBaseline ProtectionLow
CIS: 13.3NIST: PR.DS-1
Sensitivity Labels (Purview)Extended ProtectionHigh
CIS: 13.2NIST: PR.DS-1
Least Privilege PrincipleBaseline ProtectionMedium
CIS: 6.2NIST: PR.AC-6OWASP: A01:2021
Exfiltration
T1020

Automated Exfiltration

ATT&CK

Automated exfiltration of data via interfaces.

Mitigated by
Data Processing Agreement (DPA)GrundschutzNiedrig
CIS: 17.3NIST: GV.SC-7
Sensitivity Labels (Purview)Extended ProtectionHigh
CIS: 13.2NIST: PR.DS-1
Immutable Audit LogsExtended ProtectionMedium
CIS: 8.2NIST: PR.PT-1
Output Content FilteringBaseline ProtectionLow
NIST: AI-1.2OWASP: LLM02
T1567

Exfiltration Over Web Service

ATT&CK

Data leakage via legitimate web interfaces.

Mitigated by
Data Loss Prevention (DLP)Baseline ProtectionMedium
CIS: 13.3NIST: PR.DS-1
Collaboration GovernanceBaseline ProtectionLow
CIS: 13.3NIST: PR.DS-1
SIEM IntegrationExtended ProtectionHigh
CIS: 8.5NIST: DE.AE-3NIST: DE.CM-1OWASP: A09:2021
Sensitivity Labels (Purview)Extended ProtectionHigh
CIS: 13.2NIST: PR.DS-1
Impact
T1485

Data Destruction

ATT&CK

Irretrievable deletion of company data.

Mitigated by
Data Erasure Process (Right to be Forgotten)GrundschutzMittel
CIS: 13.3NIST: PR.DS-1
SIEM IntegrationExtended ProtectionHigh
CIS: 8.5NIST: DE.AE-3NIST: DE.CM-1OWASP: A09:2021
Immutable Audit LogsExtended ProtectionMedium
CIS: 8.2NIST: PR.PT-1
MFA for Deletion OperationsExtended ProtectionLow
CIS: 6.5NIST: PR.AC-7
T1490

Inhibit System Recovery

ATT&CK

Deleting backups and shadow copies to prevent system recovery.

Mitigated by
MFA for Deletion OperationsExtended ProtectionLow
CIS: 6.5NIST: PR.AC-7
T1565

Inplace Modification

ATT&CK

Manipulation of existing code or data at the storage location.

Mitigated by
Data Erasure Process (Right to be Forgotten)GrundschutzMittel
CIS: 13.3NIST: PR.DS-1
Immutable Audit LogsExtended ProtectionMedium
CIS: 8.2NIST: PR.PT-1

Is your scenario more complex?

AYSOLI experts support you in implementing your specific security requirements.

Free consultation