For the privacy-conscious enterprise, data location issues can complicate cloud security assessments and initiatives. Many countries have enacted privacy laws to protect the privacy and restrict the use of personal data. Those laws can vary by region or industry within countries, as they do in the US, and they certainly vary—and sometimes conflict—between countries. Finding a cloud solution that satisfies a variety of privacy regulations while maintaining accessibility of data for authorized employees can seem a daunting task. But a solution does exist, and it’s one that can be implemented right at home.
“Oh,” you’re thinking. “Keep your cloud solution local.”
While true that local data residency can solve some issues—latency being the biggest one—it typically won’t solve the bigger cloud security problems caused by data location, especially if you want to adopt cloud services provided by the major global players, such as Microsoft, Amazon Web Services, or Salesforce. Unless you only work with locally based CSPs whose data centers are all in your region, you’ll most likely have to face the cloud security issues caused by multiple data locations.
“That’s okay,” you might think. “I’ll just work out a deal with the cloud provider to make sure that my data only stays in certain locations.”
Unfortunately, that most likely won’t work, either. Cloud provider security concerns often make them hesitant to disclose exactly how many data centers they have, or where they are located; in fact, many cloud providers’ standard SLAs are noticeably noncommittal about data location. And in some cases, limiting data locations within a particular cloud service provider’s network may be impossible because they’ve spread critical components across multiple regions worldwide. Finally, even if you do go local, allowing data to be accessed or controlled from outside that region may bring up outside data location issues anyway.
So if the solution isn’t keeping data local or keeping strict control over the locations in which your data can be stored, what is it?
The solution is moving your focus away from data location and onto the data itself. If properly protected, such that access control and the ability to view data in the clear are exclusively in the enterprise’s hands, data can move anywhere it needs to go without triggering cloud security issues.
There are two key components to such a solution: encryption and tokenization. Strong encryption, such as that provided by AES 256-bit encryption, and exclusive enterprise control of the encryption keys, make it impossible for cloud providers or other external parties to access data without your permission. Tokenization, meanwhile, keeps all the original sensitive data local and stored on a secure database, so that it is never accessible in the cloud to begin with.
Are you ready to learn more about how encryption and tokenization can help your organization overcome data location and cloud security issues and enable you to maximize your cloud use and benefits with minimal risk? Download our white paper, “Managing Data Residency and Compliance in the Cloud Age,” to find out more, including what to look for in a cloud encryption and tokenization solution.