THALES BLOG

Keeping it Local and Secure: Data Sovereignty in a Cloud-Driven World

August 6, 2024

Sharon Ginga Sharon Ginga | Director of Product Marketing More About This Author >

Today's world is data driven. As data is generated, shared, and stored, a significant portion of these activities occur on servers owned by US companies. This concentration of data raises concerns about control, privacy, and compliance, particularly considering regulations like the EU's General Data Protection Regulation (GDPR) and the staggering €1.2 billion (around $1.3 billion) fine issued to Meta last year by the Irish Data Protection Commission for transferring user data to the United States without proper safeguards in place.

Data Sovereignty: Your Data, Your Regulations

Data sovereignty refers to the principle that data is subject to the laws and regulations of the geographical region where it's stored. As countries and organizations strive to ensure their data is secure and complies with the legal landscape of the region, they are compelled to apply key/crypto management and encryption solutions to meet these mandates.

The more recent Data Privacy Framework, on the heels of the Schrems II ruling by the Court of Justice of the European Union in 2020, that had invalidated the EU-US Privacy Shield, all highlight the importance of data sovereignty for businesses operating in the EU. This has led to a growing emphasis on digital sovereignty, not just between the EU and US, but even among EU member states. And this need for data sovereignty is reflected by growing regulations across the globe, not only for those doing business in the EU.

Sovereign Data Centers: Keeping Compliance Simple(r)

Cloud providers often store data across various locations. This can make it difficult to pinpoint where your data resides and ensure compliance with specific regulations. Sovereign data centers offer a secure environment for storing data within a specific jurisdiction. Although ensuring compliance is never simple, this provides several key advantages for compliance with data privacy regulations:

  • Reduced Legal Risk: By keeping your data within a specific jurisdiction, you can ensure it adheres to the local legal requirements and avoid hefty fines or legal repercussions.
  • Enhanced Trust: Customers are increasingly privacy-conscious and want to know where their data is located. Sovereign data centers in region demonstrate a commitment to responsible data practices, fostering trust.
  • Streamlined Compliance: Sovereign data centers can simplify the compliance process by ensuring your data adheres to the specific regulations of the region.

Security Beyond Borders: Encryption and the Cloud

The challenge of data sovereignty goes beyond just location. It's also crucial to consider who has access to sensitive data within your organization, regardless of its physical location.

This is where robust encryption and key/crypto management solutions come in, especially for organizations undergoing digital transformations. Even when data is shared, transferred to the cloud or even multiple clouds, it's still possible to maintain control and security. By keeping the encryption keys under your control, within the proper geographic legal jurisdiction, you can ensure your data remains protected even in the cloud(s).

Thales and Sovereign Security in the EU

Understanding the importance of data sovereignty, Thales provides customers tools and expertise to secure their data and protect the encryption keys to help ensure compliance with all the relevant regulations and to enable secure digital transformation. To that end, Thales recently established an additional new data center in the EU region for its cloud-based data security offerings. With a simplified and efficient architecture, leveraging IaC (infrastructure as code), this modern facility empowers organizations to maintain constant EU sovereignty for their cryptographic keys. This helps to ensure the highest level of control and compliance for businesses operating within the EU.

Thales Data Protection on Demand: Sovereign Security for the Cloud

Thales Data Protection on Demand (DPoD) cloud-based marketplace empowers customers to benefit from sovereign data security services. DPoD provides a range of features that address data security and sovereignty concerns:

  • Sovereign Deployment: With the recent launch of an additional data center in the Netherlands, DPoD can be set up in the EU, including for back up and high availability, ensuring your customers' data adheres to regional data privacy regulations.
  • Simplified Security: DPoD eliminates the need for customers to purchase, deploy, and maintain hardware for key management and encryption.
  • Multi-Tier Management: DPoD enables complete separation of duties, even when managing multiple customer accounts.

Managed service providers (MSPs) can leverage a white-labeled version of DPoD to integrate seamlessly with their existing services and offer enhanced security to their customers, including in-region sovereignty.

The Thales Data Protection on Demand (DPoD) cloud marketplace is dedicated to demonstrating a measurable and significant decrease in our carbon footprint, reducing power consumption and operating cost through eco-design, in alignment with Thales’ ESG (environmental, social, and governance) commitment to a greener, safer world.

The Future of Data: Secure, Sovereign, and in the Cloud

Consider your data needs:

  • Compliance Requirements: Identify the regulations that apply to your data and where your customers are located.
  • Data Sensitivity: The more sensitive the data, the stronger the case for data sovereignty.
  • International Business: If you operate globally, data sovereignty can help ensure compliance across borders.

By leveraging data sovereignty, robust encryption solutions, and solutions such as Luna Cloud HSM and CipherTrust Key Management Services on the DPoD marketplace, organizations can ensure their data is secure, compliant, and remains within their control, where it is stored or shared, in the cloud, across hybrid environments and on-premises too. Data sovereignty is a complex issue, but it doesn't have to be a barrier to digital transformation, and it is well within reach when done right.

Learn more about Thales Data Protection on Demand (DPoD), and visit our DPoD marketplace HERE.