Data residency
There are more than 100 national data privacy laws on the books. Global enterprise, SaaS vendors and cloud-solution providers need to be aware how to meet data residency requirements in their environment.
Thales can help prepare organisations to meet key global residency regulations, such as GDPR, through:
- Preventing access to customer and employee data outside of their home legal jurisdiction;
- Encryption key management;
- Safeguarding sensitive data in cloud environments.
- Regulation
- Compliance
One general rule
Though there is a wide variation between requirements, meeting this single rule ensures that your organization remains in compliance:
- Preventing access to customer and employee data outside of their home legal jurisdiction;
- Exception: When explicit consent is given on a per usage basis
Encrypt data at rest and restrict data access
The solution is to encrypt all data-at-rest and only allow access to data-at-rest from the jurisdiction where it originates.
With Thales, solving the problem for data at rest is simple. Use Thales’ CipherTrust transparent encryption with access control to limit data access to only those within a specific jurisdiction. This will satisfy all but a few national requirements (Germany and Spain are specific exceptions).
For enterprises
At the file, system and volume level, encrypt data sets from each jurisdiction with CipherTrust transparent encryption. Set access controls (linked to your directory services infrastructure) so that the data-at-rest can only be decrypted by those within each country. Others will have no access to information, seeing only encrypted data blocks. For best practice, have each country keep their own encryption keys locally, so that even security management personnel from outside their jurisdiction cannot change encryption keys or access policies.
For access to information stored within databases and applications, link access to directory services infrastructure or other access management tools. You can also encrypt data on a column, field or database file level with CipherTrust application data protection and manage encryption keys using the CipherTrust Manager appliance interfaces to match jurisdictions. Enterprises can also use Thales’ centralised, uniformly managed CipherTrust Manager to coordinate these operations.
For cloud providers
Offer customers the option to encrypt data-at-rest, managing their own encryption keys from within their local jurisdiction and locking out access by others. With CipherTrust transparent encryption from Thales, data-at-rest encryption is done by giving each customer its own local, physical or virtual CipherTrust manager, combined with agents on each customer system linked to that management instance. Consider becoming a Thales Partner.
CipherTrust Data Security Platform – White Paper
To meet the scale of current and future data security threats, evolving global and regional privacy regulations, and cloud adoption brought on by remote working, organizations need an easier and unified approach to discover, protect and control their sensitive data. Thales...
Download
CipherTrust Data Security Platform - Product Brief
Data breaches are at the all time high. Since the number of remote employees has increased, securing the cloud during this accelerated adoption is a new challenge for IT sector. For a secure cloud migration, CipherTrust Data Security Platform discovery, access controls and...
Download
The Key Pillars for Protecting Sensitive Data in Any Organization - White Paper
Traditionally organizations have focused IT security primarily on perimeter defense, building walls to block external threats from entering the network. However, with today’s proliferation of data, evolving global and regional privacy regulations, growth of cloud adoption, and...
Download
The Enterprise Encryption Blueprint - White Paper
You’ve been tasked with setting and implementing an enterprise wide encryption strategy, one that will be used to guide and align each Line of Business, Application Owner, Database Administrator and Developer toward achieving the goals and security requirements that you define...
Download
Unshare and Secure Sensitive Data - Encrypt Everything - eBook
Business critical data is flowing everywhere. The boundaries are long gone. As an enterprise-wide data security expert, you are being asked to protect your organization’s valuable assets by setting and implementing an enterprise-wide encryption strategy. IT security teams are...
DownloadOther key data protection and security regulations
GDPR
Regulation
Active Now
Perhaps the most comprehensive data privacy standard to date, GDPR affects any organisation that processes the personal data of EU citizens - regardless of where the organisation is headquartered.
PCI DSS
Mandate
Active Now
Any organisation that plays a role in processing credit and debit card payments must comply with the strict PCI DSS compliance requirements for the processing, storage and transmission of account data.
Data Breach Notification Laws
Regulation
Active Now
Data breach notification requirements following loss of personal information have been enacted by nations around the globe. They vary by jurisdiction but almost universally include a “safe harbour” clause.
Contact a Compliance Specialist
Are you fit for GDPR
