Get startedGet started for free

Data sovereignty and data governance

1. Data sovereignty and data governance

Cloud data can be stored in different physical locations around the world. As a cloud security professional, you’ll need to know where data is stored to ensure that it complies with required regulations and policies. In this video, you’ll learn about data sovereignty, data residency, and data localization. You’ll also explore some ways that data governance can help to ensure data sovereignty. Physical servers that store cloud data are kept in buildings called data centers. Data centers are located in many different countries. These countries have their own laws and regulations for data storage. This is where data sovereignty applies. Data sovereignty means data stored in a physical location has to follow the regulations of that geographic location. A country enforces its laws on the data systems, controllers, and processors by exercising data sovereignty. Data sovereignty also extends across borders and even has international implications. A country may refuse another country to exert control over its sovereign data. To comply with data sovereignty, data professionals need to know what data they have and where their data resides. Data residency refers to the physical or geographic location of an organization's data or information. Once data is moved, stored, or processed within a particular geographic location, it is subject to the laws, customs, and expectations of that specific location. Sometimes there’s a need to keep sensitive data within the borders of a particular country to enhance data security. This is called data localization. Data localization is the requirement that all data generated within a country's borders remain within those borders. Consider how this impacts the way an organization conducts business. An organization must research —and comply with— the data sovereignty laws of all geographic locations where they intend to operate. This ensures that the organization is in compliance. This is so important, because data localization helps countries safeguard the data of their citizens and organizations in their territory. Data governance helps organizations comply with and reinforces data sovereignty. These work in tandem. Remember, data governance is a set of processes that ensures that data assets are managed throughout an organization. Having data governance processes and procedures that address sovereignty risks, such as data that’s subject to the regulations of multiple governments, will help organizations remain compliant with relevant laws and regulations. An organization can take several actions to facilitate data governance. For example, an organization might conduct a data audit as part of their data governance. In the audit, they could identify where the data is stored, processed, and transmitted, and also the relevant data protection laws and regulations for those locations. This will help identify any potential data sovereignty risks and ensure that the organization is in compliance. The organization could also research and select cloud providers with data residency options that align with the organization’s data sovereignty requirements. They might also map out the regulations from each country that stores or might store data to find similarities and differences between the sovereignty requirements for each country. The organization could even create an organizational policy to use as a preventative guardrail. As a reminder, guardrails are the policies, procedures, and processes to manage and monitor an organization’s regulatory, legal, risk, environmental, and operational requirements. It’s often helpful for organizations to check with their cloud provider to figure out if there’s a policy the organization can use. For example, the cloud service can help the organization identify a resource’s location property, and also where it’s maintained and deployed. When an organization uses location constraints in their policy, they can limit where their resources are deployed and maintained to make sure that they meet sovereignty requirements. As a cloud security professional, you’ll need to work with data sovereignty, data localization, and data residency to keep your organization compliant with data regulations. Having strong data governance will help you to meet your sovereignty requirements.

2. Let's practice!

Create Your Free Account

or

By continuing, you accept our Terms of Use, our Privacy Policy and that your data is stored in the USA.