Data Residency and Sovereignty Compliance

Thales eSecurity helps enterprises and cloud providers meet data residency and data sovereignty regulations

Global Map

Regulation

Active Now

Data Residency

There are more than 100 national data privacy laws on the books. Global enterprise, SaaS vendors and cloud-solution providers need to be aware how to meet data residency requirements in their environment.

Thales eSecurity can help prepare organizations to meet key global residency regulations, such as GDPR, through:

  • Preventing access to customer and employee data outside of their home legal jurisdiction;
  • Encryption key management;
  • Safeguarding sensitive data in cloud environments.
Data Residency
One General Rule

Though there is a wide variation between requirements, meeting this single rule ensures that your organization remains in compliance:

  • All customer and employee data must not be accessible to those outside of their home legal jurisdiction
  • Exception: When explicit consent is given on a per usage basis
  • Encrypt Data at Rest and Restrict Data Access

    The solution to the problem is to encrypt all data-at-rest and only allow access to data-at-rest from the jurisdiction where it originates.

    With Thales eSecurity, solving the problem is simple. Using Thales eSecurity data-at-rest encryption with access control to limit data access to only those within a specific jurisdiction will satisfy all but a few national requirements (Germany and Spain are specific exceptions).

    For Enterprises

    At the file system and volume level, encrypt data sets from each jurisdiction with Vormetric Transparent Encryption. Set access controls (linked to your directory services infrastructure) so that the data-at-rest can only be decrypted by those within each country. Others will have no access to information, seeing only encrypted data blocks. For best practice, have each country keep their own encryption keys locally, so that even security management personnel from outside their jurisdiction cannot change encryption keys or access policies.

    For access to information stored within databases and applications – link access to directory services infrastructure or other access management tools. You can also encrypt data on a column, field or database file level with Vormetric Application Encryption, and manage encryption keys using the Vormetric Data Security Management appliance interfaces to match jurisdictions. Enterprises can use Vormetric’s centralized, uniformly managed Data Security Manager to coordinate these operations.

    Vormetric’s Data Security Platform from Thales eSecurity also features the Vormetric Cloud Encryption Gateway, which extends the Platform to safeguard sensitive data in cloud storage environments, including Amazon S3, Box and Caringo. The cloud security gateway encrypts sensitive data before it is saved to the cloud. This enables security teams to establish the visibility and control they need around sensitive assets without having to add another point tool that increases system complexity.

    For Cloud Providers

    Offer customers the option to encrypt data-at-rest, managing their own encryption keys from within their local jurisdiction, and locking out access by others. With Vormetric Transparent Encryption from Thales eSecurity, data-at-rest encryption is done by giving each customer its own local, physical or virtual Vormetric Data Security Manager, combined with agents on each customer system linked to that management instance. Consider becoming a Vormetric Partner.

    Research and Whitepapers : Securing Sensitive Data within Amazon Web Services EC2 and EBS Challenges and Solutions to Protecting Data within the AWS Cloud

    In this white paper, learn about the specific problems around data protection when using servers within Amazon Web Services (AWS) environments....

    Download

    Research and Whitepapers : Vormetric Data Security Platform Architecture White Paper

    As security teams struggle to contend with more frequent, costly, and sophisticated attacks, data-at-rest encryption becomes an increasingly critical safeguard....

    Download

    Data Sheets : Vormetric Data Security Platform

    The Vormetric Data Security Platform makes it efficient to manage data-at-rest security across your entire organization. Built on an extensible infrastructure, Vormetric Data Security Platform products can be deployed individually, while sharing efficient, centralized key management....

    Download

    Other key data protection and security regulations

    GDPR

    GDPR Thumbnail

    Regulation

    Active Now

    Perhaps the most comprehensive data privacy standard to date, GDPR affects any organisation that processes the personal data of EU citizens - regardless of where the organisation is headquartered.

    Learn More

    PCI DSS

    GDPR Thumbnail

    Mandate

    Active Now

    Any organisation that plays a role in processing credit and debit card payments must comply with the strict PCI DSS compliance requirements for the processing, storage and transmission of account data.

    Learn More

    Data Breach Notification Laws

    eIDAS

    Regulation

    Active now

    Data breach notification requirements following loss of personal information have been enacted by nations around the globe. They vary by jurisdiction but almost universally include a “safe harbour” clause.

    Learn More
    Contact a Compliance Specialist Contact Us
    Are you fit for GDPR Take our readiness assessment now
    Read the Compliance and Regulations Solutions Handbook Read the eBook
    Посмотрите интерактивное демо Подробнее
    Записаться на демо Записаться
    Свяжитесь со специалистом Свяжитесь с нами