Compliance in the Cloud: Data Locality / Residency
Data residency is the conversation about where a company’s data specifically resides, and the rules / regulations surrounding what can be done with that data. Data locality is generally the conversation about how data should be stored near to where it is being processed, and often has connotations about performance in the cloud space. It also sometimes has a different meaning that refers to where data is stored as it relates to compliance.
For clarity’s sake, I will use the term data residency for most of this blog.
Many countries around the world are establishing or revising regulations about how data should be dealt with. I have previously written about the EU’s GDPR regulations, as well as the Safe Harbor / Privacy Shield agreements between the United States and the EU. There are many others, and the rules are constantly evolving to deal with new technologies and threats.
I also shared an idea once when I sat on a data sovereignty panel regarding data residency. It is worth a read and has generated a great deal of debate in security circles. In summary, a possible solution to the data residency concerns is proper data encryption:
- You can use encryption to protect your data, regardless of the location.
- The data would be protected, regardless of the location, so long as you had (and properly protected) the encryption key.
- The data without the encryption key — regardless of the location — is useless.
Read the entire article here, Compliance in the Cloud: Data Locality / Residency
via the fine folks at HP Enterprise.