DATA RESIDENCY – DATA SOVEREIGNTY

Vormetric Data Security Solutions

Using Vormetric Solutions to Meet Data Residency Compliance Requirements for Data-at-rest

With more than 100 national data privacy laws on the books as of the end of 2016 (including the landmark GDPR in Europe), any global enterprise, SaaS vendor or cloud solution provider needs to pay attention to how data residency requirements for data-at-rest can be met within their environment. Though there is a wide variation between requirements, meeting this single rule ensures that your organization remains in compliance:

  • All customer and employee data must not be accessible to those outside of their home legal jurisdiction
  • Exception: When explicit consent is given on a per usage basis

For globally focused organizations, the combination of exploding volumes of customer and employee information (PII, financial data, shopping patterns, geo location information, selected preferences) with the centralized data center and cloud resources required for efficient operation can seem an insuperable problem.

For cloud providers with data centers located in jurisdictions different from those of their customers, this can represent a fundamental barrier to doing business.

The solution to the problem is to encrypt all data-at-rest, and only allow access to data-at-rest from the jurisdiction that it originates from.

With Vormetric, solving the problem is simple. Using data-at-rest encryption with access control to limit data access to only those within a specific jurisdiction will satisfy all but a few national requirements (Germany and Spain are specific exceptions).

For Enterprises: At the file system and volume level, encrypt data sets from each jurisdiction with Vormetric Transparent Encryption. Set access controls (linked to your directory services infrastructure) so that the data-at-rest can only be decrypted by those from within each country. Others will have no access to information, seeing only encrypted data blocks. For best practice, have each country keep their own encryption keys locally, so that even security management personnel from outside their jurisdiction cannot change encryption keys or access policies.

For access to information stored within databases and applications – link access to directory services infrastructure or other access management tools. You can also encrypt data on a column, field or database file level with Vormetric Application Encryption, and manage encryption keys using the Vormetric Data Security Management appliance interfaces to match jurisdictions. Enterprises can use Vormetric’s centralized, uniformly managed Data Security Manager to coordinate these operations.

Vormetric’s Data Security Platform also features the Vormetric Cloud Encryption Gateway, which extends the Platform to safeguard sensitive data in cloud storage environments, including Amazon S3, Box and Caringo. The cloud security gateway encrypts sensitive data before it is saved to the cloud. This enables security teams to establish the visibility and control they need around sensitive assets without having to add another point tool that increases system complexity.

For Cloud Providers: Offer customers the option to encrypt data-at-rest, managing their own encryption keys from within their local jurisdiction, and locking out access by others. With Vormetric Transparent Encryption, data-at-rest encryption is done by giving each customer their own local physical or virtual Vormetric Data Security Manager, combined with agents on each customer system linked to that management instance. Consider becoming a Vormetric Partner.

WHITE PAPERS

Securing Sensitive Data within AWS

Securing Sensitive Data within AWS

In this white paper, learn about the specific problems around data protection when using servers within Amazon Web Services (AWS) environments. This includes...  

Download >>

ARCHITECTURE WHITEPAPER

Vormetric Data Security Architecture

A comprehensive architecture for data-centric security leveraging encryption, access controls and security intelligence across physical, virtual...  

Download >>

CUSTOMER QUOTE

 The need for robust encryption was being driven by our clients and also regulatory standards like HIPAA-HITECH, PCI DSS, ISO 27001 as well as European Union and country specific data protection requirements. 

Christian Muss
Director of Security
Teleperformance EMEA

CUSTOMER QUOTE

 Vormetric has put us in the fantastic position of being able to support any encryption deployment model and any data, application and platform combinations that our clients want to use. 

Pete Nicoletti
CISO
Virtustream Inc.

The Vormetric Digital Digest on Data Security

Customer and Partner Success

  • Rackspace Cloud Partners
  • McKesson
  • AWS
  • Google Compute Engine
  • Microsoft
  • IBM
  • CenturyLink
  • QTS
  • Teleperformance Secures
  • Delta Dental