Top 5 Best Practices to Eliminate Cloud Data Sovereignty Concerns

If your organization provides financial services, then you know that moving to the cloud isn’t easy. Concerns over cloud data sovereignty can make adoption a challenge.

There is, after all a lot to think about, especially on the regulatory compliance  front. Many cloud application providers have data centers scattered across the world. This creates “difficult jurisdictional issues,” as former Secretary of Homeland Security Michael Chertoff wrote for Whose laws apply?

  • The laws of the country in which the data originated?
  • The laws of the country in which the cloud customer is based?
  • The laws of the country, or countries, in which the cloud provider houses its data centers?
  • The laws of the country in which the cloud provider is based?
  • Or all of the above?

Where’s Your Data? Check out the cool infographic
Click on the image to zoom

Cloud Data Sovereignty: A Tangled Web



Share this Infographic On Your Site
Click Image to Zoom



There are no international standards governing data sovereignty or residency, just a tangled web of regional and national laws and international alliances. Cloud application providers may hand the information over more easily than your organization would. And on top of that, you’ve got to wonder whether letting a cloud application provider store your data offshore introduces new security concerns. Chertoff argues that it will, stating that offshore data storage significantly increases the risk of intrusion and insider threats. A lot to think about, indeed.

The problems aren’t insurmountable, though. In fact, taking just a few steps can greatly reduce or even eliminate your data sovereignty concerns.

The Gartner Research note,  “Five Cloud Data Residency Issues That Must Not be Ignored” report recommends enterprises take steps to assure the privacy of sensitive information, achieve regulatory compliance and understand the implications of data disclosure laws.

According to the authoring analysts,

“…even if the data is encrypted and the keys are managed in a separate jurisdiction, enterprises should be aware that requests for legal assistance, based on bilateral agreements, may be executed between those countries. However, in a well-architected system, the cloud application provider does not have direct access to the keys. In this way, if a legal request is made for access to the data, the enterprise must be involved.”

Top 5 Best Practices to Eliminate Cloud Data Sovereignty Concerns

Many countries have passed national laws granting authorities access to enterprise cloud data that may conflict with the legal protection rights of data in the originating jurisdiction, leaving companies wondering how secure their data is and how compliant they are with regulations. Gartner’s research helps enterprises understand these risks and recommends the following best practices for eliminating data sovereignty concerns:

  1. Consider deploying encryption solutions if there are data residency concerns for data crossing borders
  2. Ensure that privileged users in cloud services providers are not granted access
  3. Manage the keys locally to comply with local privacy requirements
  4. Ensure that the selected vendor encryption products can provide the  level of security, and operate in the different storage environments and locations as required
  5. Use a documented key revocation and destruction process

A Powerful, Seamless Solution

But if your data’s always encrypted, what happens to its usefulness? Depending on your encryption solution, it could be rendered useless, just a string of gibberish. Or it could retain its functionality and usefulness. CipherCloud, for example, has partnered with the world’s leading cloud providers to integrate our persistent encryption with their services for seamless functionality of encrypted data.

CipherCloud’s cloud information protection platform enables you to do just that by giving you full control of your enterprise’s encryption keys.

And to keep on top of what’s happening with your data, no matter where in the world it lives, make sure you have full visibility. “Control, management, and visibility” are among the top concerns when it comes to cloud data residency, according to GigaOM. That’s why CipherCloud offers powerful monitoring and visibility solutions to keep customers abreast of the status of their confidential data.

What are your organization’s cloud data residency concerns, and how do you plan to address them? Let us know in the comments.

Next Steps

Check out these related resources:

Join over 5,000 subscribers - best practices and tips delivered weekly to your inbox.
We respect your privacy. Your email address will never be sold or shared with anyone else.
0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *