• headerslider_verschluesselung_02

Data Residency & Jurisdictional Control for Cloud SaaS applications

Various Data Residency legal and regulatory compliance requirements have come about following the success of cloud IaaS and SaaS applications that are now based in disbursed and virtual cloud infrastructures and remote data centers across the world. Well documented cyber security breaches and government interception, snooping and even lawful subpoenas of corporate and government sensitive data via the courts and legal systems of some countries have led to some basic questions:

  • Where is my corporate data?

  • Who has access to it?

  • Does ‘encryption at rest’ from SaaS vendors address my compliance?

  • Who has access to the encryption keys?

  • Can sensitive data be intercepted across HTTPS secure networks?

In addition to the legal GDPR (General Data Protection Regulations) requirements many industries such as Finance and Healthcare have their own regulatory data compliance requirements of Personal Identifiable Information (PII), or sometimes known as Customer Identifiable Data (CID), as well as PII and CID sensitive data where such sensitive data needs to be retained within a specified country, sovereignty or jurisdictional boundary. This practice is often referred to as Data Residency.

More and more corporate internal information protection requires corporate sensitive data to be retained within the enterprises own networks or within a specified jurisdiction.

The eperi Gateway is an effective modern day component in an enterprises’ architecture to address these various and often complex Data Residency legal, regulatory and internal info security data compliance needs. Acting as a proxy for internal users accessing external IaaS and SaaS applications, data policies can be set to encrypt sensitive data so that the sensitive data can be demonstrated as being retained within the specified jurisdiction and where only meaningless encrypted data leaves the specified sovereignty and jurisdiction.