When someone breaches a third party's systems via one of its external partners or services, it's known as a supply chain attack. Rather than going straight after the primary system, the attacker enters through a reliable source, like an open-source tool, cloud provider, or software vendor. The attack may remain undetected for a considerable amount of time because these tools are already trusted. As more businesses rely on external technology and cloud services, supply chain attacks have grown more damaging and difficult to identify. Before code written in widely used languages, such as JavaScript, reaches end users, it is frequently altered in contemporary attacks. What is a supply chain attack highlights the attacks that take place and states, “In a supply chain attack, an attacker might target a cybersecurity vendor and add malicious code (or ‘malware’) to their software, which is then sent out in a system update to that vendor’s clients. ...When the clients download the update, believing it to be from a trusted source, the malware grants attackers access to those clients’ systems and information”(Cloudflare, 2020).^[1] This emphasizes the dangers of depending on outside software or vendors. It demonstrates how hackers can covertly enter a company's systems through legitimate channels, such as system updates.

Software dependencies

Software dependencies are the external tools or components a program relies on, like third-party libraries, frameworks, or pre-built modules. While these can speed up development, they can also pose risks. Security issues in the libraries, attacks targeting the supply chain, or outdated and poorly maintained code can all create vulnerabilities. Keeping dependencies up to date and carefully managing them is key to maintaining software secure and reliable.^[2]

The specific software dependencies include:

Cover third-party libraries

The third-party libraries and tools that a program depends on are known as software dependencies. These external packages may lead to supply chain assaults, coding defects, or difficulties resulting from the use of out-of-date or poorly maintained software. Maintaining the security and functionality of systems requires managing these dependencies.^[3]

What are the benefits and risks?

Software dependencies have a number of benefits. By offering reusable code, which eliminates the need for developers to create each feature from scratch, they expedite development. Additionally, they facilitate the addition of sophisticated or complicated features, such as analytics or interface elements, which would require a lot more time to develop independently. Utilizing reputable and well-maintained libraries can also raise the general caliber and dependability of your code.^[4] Using third-party tools and libraries increases the risks associated with software dependencies. These pieces can be challenging to maintain and update because they are derived from external sources. Additionally, they could lead to dependency chains, where a single update impacts numerous system components, security flaws, and attack opportunities.^[5]

CI/CD

Continuous delivery (CD) and continuous integration (CI) are terms used in software development. While CD ensures that those updates can be released swiftly and smoothly, CI focuses on routinely merging and testing code changes.^[6]

Now let's get specific:

The practice of developers routinely merging their code into a shared repository is known as Continuous Integration (CI). An automated build and several tests, including unit and integration tests, are triggered by every merge. CI's primary goal is to identify bugs early on and correct mistakes that could result in security flaws.^[7] The process of automatically preparing code changes so they can be released to production at any time is known as continuous delivery, or CD. By ensuring that every test runs properly and that the code passes every check, it expands on continuous integration. The update can be delivered without the need for manual steps once everything has been confirmed.^[8]

CI/CD pipelines

The processes used to build, test, and deliver software through continuous integration and continuous delivery platforms. The structure of a pipeline can change depending on what the project needs. According to articleWhat Is CI/CD? Continuous Integration & Continuous Delivery Explained states, “Properly setting up a CI/CD pipeline is the key to benefiting from all the advantages offered by CI/CD. One pipeline might have a multi-stage deployment strategy that delivers software as containers to a multi-cloud Kubernetes cluster, and another may be a simple pipeline that builds, tests, and deploys the application as a serverless function”(Raza & Wickramasinghe, 2021). This shows how pipelines can look very different depending on the development goals. ^[9]

This is the sandbox page where you will draft your initial Wikipedia contribution. If you're starting a new article, you can develop it here until it's ready to go live. If you're working on improvements to an existing article, copy only one section at a time of the article to this sandbox to work on, and be sure to use an edit summary linking to the article you copied from. Do not copy over the entire article. You can find additional instructions here. Remember to save your work regularly using the "Publish page" button. (It just means 'save'; it will still be in the sandbox.) You can add bold formatting to your additions to differentiate them from existing content. Bibliography sandbox Outline sandbox

Similar to a computer's motherboard or heart, Data is the foundation of life and operation. Basic memory holds extremely important data to enable the user and computer to pick up where they left off.

When delving into the details of the data lifecycle and security, it's critical to strengthen security protocols and make sure that security strategies are strong enough to reduce the likelihood of access or decryption. The Harvard University data lifecycle essay made it apparent that "the best time to secure information in your project is before you even collect it." This statement reinforces the notion that data should be stored and safeguarded before a user or computer even acts.^[10]

Numerous factors influence data security and data life-cycle security, beginning with:

Data creation

It is the initial output that the user provides in these forms, such as software or hardware, and it creates a space where information is found and finally kept. From there, it can be altered and safeguarded once both the user and the software have validated it. The creation of new data is beneficial because it enhances performance over time on various security alternatives and allows for innovation to You can continue to add to it once it has been stored and secured, etc. We have a better framework for how it is carried out, thanks to Why Accurate Data is Important for Business Operations. Let's utilize the safe data business lens of security as an example, which lowers risk and facilitates consistent outcomes. The knowledge is currently available and preserved; you can simply return to it and continue working on it, which increases engagement and boosts productivity. In any format where an audience may review it, the quality of the data simply improves over time. This is true not just when data is imported but also when new sources of information are created to enhance certain regions. It reduces risk, increases worker productivity, and promotes more consistent results. Accurate and well-managed data improves business operations. Properly saved and updated data makes it easier to review, expand upon, and enhance, improving performance and creating more space for fresh concepts and superior solutions.^[11]

Data Storage

Data storage is the output that the computer produces from the input that the user provides. Depending on the model of the computer, this will determine how the information is presented. If the RAM is full, it means that the data is being disseminated because the computer is overheated or overloaded with data, which requires a lot of power from the computer, particularly from its hardware. The requirements for data storage are broken down in the IBM article What is Data Storage? Examining the benefits and drawbacks of data storage and its significance.

Data Storage's Importance

keeps information accessible and well-organized when needed. enables consumers or businesses to monitor progress and make more informed decisions. prevents the loss or damage of crucial data. facilitates long-term initiatives by centralizing records The Pros of Data Storage Facilitate the access and reuse of information Since everything is kept in one system, productivity can be increased. Enables data backup for security. Supports updates, expansion, and new ideas over time. ^[12]

Cons of Data Storage:

Requires extra storage as data quantities grow, can take up space, and requires security measures to prevent unauthorized access. Maintaining accuracy and organization requires regular updating. Misunderstandings or outdated information could be the outcome of poor management. ^[13]

The users' directory contains files and folders that store data. Alternatively, if you're using a personal computer, you can locate storage or extra storage on the hard drive as a stand-in if your computer isn't big enough. ^[14]Another type of object storage that divides data into metadata and particular identifiers. It's fantastic because it can be this type of storage and used in public cloud servers, which gives some of these providers, like AWS (Amazon Web Services), emails, social media content, etc., scalability and flexibility. It also works well with APIs (application programming interfaces).^[15]

Data transmission

Due to its connection to the communication component of syncing devices, this has a significant impact on data lifecycle security. Cables, wireless, wifi, and channels can all be used to transfer these types of communication. Some excellent illustrations of how digital data transmissions operate are message commands. Both synchronous and asynchronous use are possible. Additionally, bandwidth and latency are important aspects of these data transmission methods, which offer effective accuracy in terms of speed and overall accuracy.^[16]

HTTPS (Hypertext Transfer Protocol Secure) is a security protocol that is used during data transmission. This works by encrypting the data being transferred between websites, which makes it an excellent example. As a sign that it is being watched over or managed by a human, it will transmit the TLS version and a cipher of random values behind the scenes to guarantee authenticity from the recipient's end. Because the data is actively shielded from vulnerable attacks, this is beneficial. ^[17]

Data processing

It serves as the fundamental basis for data collection and is essentially a substantial amount of analysis that, if the device has enough storage, may be processed all at once; otherwise, it must be divided, which is where hard drives come into play. Additionally, it offers a range of sources that offer feedback, which is the analytical component. ^[18]

However, how is the cycle's operation protected? According to the article How to Ensure Secure Data Processing, utilizing a data virtualization platform reduces risk and data breaches even with multiple collaborators by providing a data architecture, basically a template that doesn't change the user's data storage option, and then creating a layout or an analytics report in custom datasets.^[19]

Archival & deletion (secure deletion is often overlooked)

In essence, archival data is information that is not regularly used but is kept in file storage so that it can be found and used at a later time if necessary.^[20] Deletion is when the data is no longer needed, so it's permanently deleted from the server/ storage. This is critical because it not only creates space due to the removal of data. However, it's important to know that when deleting, it's good to make sure that it's securely deleted because it can still be traceable and recoverable. How to properly ensure that your deletion is properly secured by using cryptographic measures or physically destroying the storage media, the best one is erasing, which basically wipes out which make the data completely unrecoverable/no longer traceable.^[21]

Cloud environments are extremely vulnerable, particularly when it comes to hackers and attackers, due to cloud misconfigurations, which are one of the most prevalent and dangerous security flaws. Cloud platforms are complicated; even a minor configuration error, like excessively permissive access or inappropriate storage, can provide attackers with entry points. Cloud breaches are frequently caused by misconfigurations because attackers can obtain unauthorized access by taking advantage of incorrectly configured settings. ^[22]

Security misconfigurations occur when security settings are not fully implemented or are set up incorrectly. Weak passwords, misconfigured databases, unprotected cloud storage, incorrectly configured firewalls or network settings, and out-of-date software or firmware are just a few of the many possible causes. These errors frequently result from system design flaws, human error, or gaps in knowledge regarding security procedures. As the article Security Misconfiguration Vulnerabilities: Risks, Impacts, and Prevention explains, “Security misconfigurations are errors that occur when security settings are not configured or implemented properly. Misconfigurations can arise from a range of sources, including weak passwords, improperly configured databases, unsecured cloud storage, misconfigured firewalls or network settings, and outdated software or firmware. They can happen due to various reasons, including poor design, lack of understanding of security concepts, and human error”(Kiteworks, 2025).^[23] This quote highlights the variety of ways misconfigurations can occur and emphasizes why organizations must identify and correct them to protect against potential security breaches.

The article The Common Cloud Misconfigurations That Lead to Cloud Data Breaches explains: “Cloud misconfigurations — the gaps, errors and vulnerabilities that occur when security settings are poorly chosen or neglected entirely — provide adversaries with an easy path to infiltrate the cloud. Multi-cloud environments are complex, and it can be difficult to tell when excessive account permissions are granted, improper public access is configured or other mistakes are made”(Ashwood, 2024). ^[24] The article also emphasizes that “cloud security posture management should be a key component of your security strategy if you want to avoid becoming the next victim of a cloud data breach”(Ashwood, 2024). ^[25], showing why strong security measures and backups are essential.

Additionally, another article, 8 Common Cloud Misconfiguration Types (and How to Avoid Them), offers practical solutions: “Access to storage buckets should be granted only within the organization… Security teams should enable strong encryption by default for crucial data in storage buckets, monitor all storage nodes labeled as public, and eliminate unnecessary permissions or exposed access”(Lee, 2025c). ^[26] This highlights how businesses can lower the risk of misconfiguration by implementing simple, doable measures like restricting access, encrypting private information, keeping an eye on public resources, and eliminating superfluous permissions. To safeguard data and stop breaches, cloud settings must be actively managed.^[27]