Category Archives: data sovereignty

The Myth of “Staying One Step Ahead of the Hackers”


The assumption that software security can stay ahead of the hackers is not true because the software security industry is always reacting to threats that hackers expose. Once hackers start exploiting a flaw in an application, security companies try to block the resulting threat by providing security updates for existing software or by developing new programs. Either way, hackers will be one step ahead because the software security industry can’t predict what new threats the hackers will unleash.

Court Rulings Limit Privacy Protections From Data Residency

Jurisdictions around the world, including the European Union and Canada, are enacting laws and creating regulations forcing companies that collect personally identifiable information (PII) to store the data of their residents within their national boundaries. This concept is known as data residency and the idea is that local privacy laws will apply to data stored locally. Since privacy laws differ depending on the jurisdiction, it makes sense that Europeans, for example, want to be protected by their own laws. The problem is that data residency has never provided this kind of protection and recent court rulings in San Francisco and Canada highlight this fact.

Should You Encrypt Data Before it Goes to the Cloud?


American cloud service providers such as Microsoft are opening local data centers in foreign countries at the request of the respective foreign governments and customers located in those countries. The thinking behind this strategy is that data located in a particular country is subject to the country’s data privacy laws, which may be different from those in effect in the United States. When your data is stored in the country where your customers are resident, it seems logical to believe cloud service providers when they say their local data centers operate according to that country’s laws. In reality, the situation is more complicated, and the location of the data in a particular country is not enough to guarantee privacy.

Does Data Residency Reduce Cloud Risks?

Countries are establishing data residency regulation to protect private and classified data generated from their citizen by mandating storing this information within that country (the country of origin). The theory is that the laws of the country in which the data is stored apply to that data. Large cloud providers such as Amazon, Microsoft, Salesforce are opening cloud data centers outside their home countries (Cloud Data Center Expansion Race) to satisfy these laws. The question is “Does Data Residency Reduce Cloud risks?