The World Economic Forum estimates that over 92% of all data in the western world is stored on servers owned by very few US-based companies, which raises concerns about data ownership and control . Many countries and regions have implemented strict data protection laws, such as the European Union's General Data Protection Regulation (GDPR), requiring organizations to adhere to specific data protection standards. Organizations need to ensure the security and compliance of their data, which can be challenging when data is spread across multiple jurisdictions with different legal and security requirements.
Digital sovereignty enables enterprises to have better localized enforcement of privacy laws to maintain safe data stewardship of sensitive and publicly identifiable information (PII) to adhere to different privacy, data security and resilience regulations worldwide. Read on to learn how a leading technology provider based in Europe implemented the Thales CipherTrust Data Security Platform as-a-Service (CDSPaaS) to address digital sovereignty requirements, meet compliance regulations, and secure their data.
Background and Business Challenge
Monsido powered by CivicPlus® is a leading technology solution that helps organizations create better website experiences and navigate compliance within the digital communications landscape. More than 3,300+ organizations across the globe use Monsido’s web governance platform to optimize their websites and improve the experience for users accessing essential information, services, and resources. The company headquarters is in Ballerup, Denmark, with IT operations spread across Belgium, the United States, and Australia to support customers globally.
Since Monsido handles some personally identifiable information (PII), they want their customers to know that this data is protected in compliance with European privacy regulations. The Monsido tool operates entirely on the Google Cloud Platform. Although Google Cloud provides a default encryption tool, Monsido wanted a solution that would ensure their encryption keys were held outside of their cloud environment in accordance with guidelines from the Danish Data Protection Agency (DDPA). In addition, they wanted a solution that would allow them to be in control, and to revoke the keys from Google if necessary, providing peace of mind for their customers.
Solution: CipherTrust Data Security Platform as-a-Service
To keep EU data close to their European office, Monsido selected the Thales CipherTrust Data Security Platform as-a-Service (CDSPaaS), available through the Thales Data Protection on Demand (DPoD) online marketplace. The Thales CipherTrust Cloud Key Management (CCKM) service, part of CDSPaaS, provides the Monsido platform with centralized management of cloud encryption keys and seamless integration with the Google Cloud External Key Manager “Hold Your Own Key” (HYOK) solution. Offering support for the HYOK APIs provided by Cloud Service Providers (CSPs), CCKM automates key lifecycle management, enables key generation, usage logging and reporting, and facilitates ‘key decoupling’ by securely storing the keys separately from the encrypted data. These features provide stronger controls over encryption key lifecycles for the data encrypted by CSPs than native encryption.
1World Economic Forum: What is digital sovereignty and why is Europe so interested in it?
“The key thing for us is GDPR compliance and peace of mind for our customers,” says Tim Warberg, Senior Software Architect and Platform Engineer at Monsido powered by CivicPlus. “Thales’s CipherTrust Cloud Key Management (CCKM) service on the DPoD marketplace allows us to hold and control encryption keys on behalf of our customers outside of the cloud platform where the data resides, including revoking the keys to remove access from cloud administrators as needed. Government customers tend to be on the safe side, we were hearing from prospects that this is something they would like to see.”
Read the full case study Monsido Provides Digital Sovereignty With the CipherTrust Data Security Platform as-a-Service