In cyber security, a lifecycle is the full period a system, device, account, or dataset exists in an environment: purchase or creation, deployment, active use, maintenance, and retirement or disposal. Security teams use the lifecycle to track what controls should be in place at each stage, such as secure configuration at rollout, patching and monitoring during operation, and data wiping or key revocation at decommissioning.
Lifecycle thinking matters because many attacks exploit weak points between stages. A device may be safe when bought but become risky if updates stop, credentials are reused, or retired hardware is not wiped before reuse or resale. Defenders use lifecycle management to reduce those gaps with asset inventories, patch schedules, certificate and secret rotation, access reviews, and secure disposal procedures. In practice, good lifecycle control helps turn security from a one-time setup into continuous risk reduction.