Google+ Data Exposure: How Long Do You Retain Logs?

With the recent coverage of the exposure of personal information within Google+ and the announcement of its closure, one might be tempted to discuss how the existence of vulnerabilities and subsequent failure to disclose them can lead to the closure of your service… except that many  suspected, and Google has even said, that the real reason was poor user adoption of the social network

…so instead, we focus on what is interesting about the story: the reason that Google is unable to determine how many users were impacted is that they only retain API logs for two weeks. This begs the questions of what the best practices are for log management, and whether they change in various contexts. To address the implications of answers to those questions, we’ll also discuss what the business case is for attributing storage to retain those logs, and for what duration they should be stored.

It’s common knowledge that certain records (of banks, other tax/income related documents) are required to be retained for seven years. Is this how long you should retain logs from your servers? Security solutions? The answer is that it depends on what you need the records for. What are those use cases? You can use log data to…



*** This is a Security Bloggers Network syndicated blog from IntelliGO MDR Blog authored by IntelliGO Networks. Read the original post at: https://www.intelligonetworks.com/blog/google-plus-and-log-retention