Data Protection Without Borders
By James LaPalme, VP of Business Development, WinMagic
Data sovereignty has garnered a lot of press and discussion over the last few months. But ask data owners, data creators, and those who process data what data sovereignty truly means and you will probably get many unique answers.
As defined by TechTarget, “Data sovereignty is the concept that information which has been converted and stored in binary digital form is subject to the laws of the country in which it is located.” After some informal surveying on my part, that definition is a basic understanding most people have. And therein lies the concern: if I am on a business trip, going from country to country using my VISA, the transactional data must be kept separate by location of transaction.
How does that affect their ability to operate? Does it require a data center in every country? How do you consolidate data?
Some data sovereignty issues are straight forward, such as the U.S. Department of Justice requesting Microsoft to hand over email servers (data) which resides in Ireland. Here you have another set of issues: is Microsoft obliged because it is a U.S. based company? Are the servers Microsoft’s to hand over and not the end customers? Should the Department of Justice not ask the Irish government?
In today’s economy business is global. Data is generated and flows across borders, oceans, and continents. Although all data protection initiatives are welcome and often necessary, is it logical on a global scale with inter-country and continental transitions to think of data sovereignty just with one’s physical borders.
Working for a global encryption vendor, I get to think on a global scale without limitations of borders. Although I am not advocated against data sovereignty, I am advocating for some advanced thinking and logic to be applied to practically protect the integrality and security of sensitive data at an individual and corporate level. Policies, awareness, analytics, and persistent encryption are all functional areas that can ensure and protect against data leaving the controlled environment of a data center or geography.
Imagine being made aware that sensitive data has been transferred out of its regulated geography/environment (either maliciously or by human error). Imagine the ability to provide automated, controlled policies against encryption that would render that data unusable if it violated a policy stating it cannot leave certain geography, data center or cloud platform. These solutions are available with security event management solutions, cybersecurity analytics and of course policy driven intelligent key management of encryption.
Regulators need to expand the view of data protection by not only thinking in terms physical bounders, but embracing technology that can provide logical and simple solutions to practically protect one’s sensitive data.
James is the VP of Business Development at WinMagic, bringing over twenty years of business development, alliance and sales management experience in Cyber Security (Cloud & Mobile). James writes with a view towards market and technology trends and is always interested in discussing, with the ambition to resolve, evolving security threats.