The Challenges of Data Sovereignty in the Cloud
The concept of data sovereignty continues to evolve as do the laws, regulations and best practices for security and compliance.
10 June 2015
Ahead of its annual Security & Risk Management Summit, Gartner has published a series of informative blogs related solely to the summit’s theme — security and risk management.
In A New View on Security, Gartner advises that a new stream of data is being merged with traditional security information to provide comprehensive situational awareness of security and risk management status across organizations. In a second blog , Gartner analysts argue for a “Risk First, Security Second” approach under which risk and security management professionals first fully understand all risks and potential threats before treating them.
Today, an emerging and increasingly important risk topic for organizations relates to data sovereignty. Arguably, some of the most critical risks that global enterprises embracing the cloud must deal with, are the risk and compliance challenges that arise when information is distributed across multiple physical, logical, and legal locations.
First advantage goes to the organizations in this highly competitive, global economy, that are quickest to understand the global regulatory environments and specific governmental requirements related to data privacy and ownership and which use trusted information management solutions to mitigate risk.
The concept of data sovereignty continues to evolve as do the laws, regulations and best practices for security and compliance. However, in the near-term, enterprises may consider the following approaches to help manage risk and compliance challenges:
- Match what is known about information governance rules and process to technical capabilities that fit the specific requirements of the industries you are in and the countries where you do business
- Separate data control from the physical location
- Enable data location control
- Make content the new security perimeter to ensure all information is protected and controlled no matter where it travels
- Execute process discipline and transparency
At Intralinks, our customers are able to take a multi-layered approach that includes one or more of the following: information rights management (IRM), customer managed encryption keys (CMK), and distributed content nodes (DCN). Working first to define their risk tolerance and compliance requirements they are then able to apply the right technology tool(s) for any given situation.
Constellation Research’s Vice President and Principal Analyst, Holger Mueller, recently referred to data sovereignty as a ‘time bomb’ in a recent webinar with Intralinks. In the webinar, Mr. Mueller discussed the importance of data sovereignty and jurisdiction, how governments are responding to the questions of data privacy and ownership, and what organizations can do to address varying requirements and regulatory environments. Are you interested in learning more and being part of the discussion? Check out the webinar now on-demand.
Todd Partridge is Vice President, Product Marketing at Intralinks. He has broad industry experience in the enterprise information management (EIM) space, with deep expertise in all trends and technologies related to information governance, enterprise content management, document management, web content management, business intelligence, team collaboration, e-mail management, and enterprise records management practices. In his previous role at OpenText, Todd held several global positions ranging from sales, marketing, product management, positioning and strategy.