Click here to close now.


Linux Containers Authors: Victoria Livschitz, Elizabeth White, Liz McMillan, AppDynamics Blog, Jim Scott

Related Topics: @CloudExpo, Java IoT, Microservices Expo, Linux Containers, Cloud Security, @BigDataExpo

@CloudExpo: Article

Key Data Residency Requirements Global Organizations Need to Understand

…And some advice on how to satisfy them as you move to the cloud

One challenge more and more enterprises are grappling with as they plan to adopt the cloud is data residency & sovereignty. They are finding that if they want to use a cloud service hosted outside of their borders, life can become quite complex. Perhaps it is a result of the often discussed "Snowden Effect," but no one can deny that countries and regions are putting some strict guidelines in place to ensure privacy of sensitive data that is moving outside of their borders. These three examples are indicative of what I foresee we will be seeing much more of:

Australia: The Privacy Amendment Act
The Privacy Amendment Act introduced many changes to the original Privacy Act and just recently went into effect. The Act includes a set of new privacy principles that cover the processing of personal information by government agencies and businesses. The new principles are called jointly called the Australian Privacy Principles (APPs).

In the context of cloud adoption, agencies and businesses that deal with personal information are subject to APP8 (cross-border disclosure of personal information) which regulates the disclosure/transfer of personal information by an agency or business to a different entity (including a parent company) offshore. Before moving this type of data offshore, the Australian agency/business (Australian sender) must take reasonable steps to ensure the overseas recipient will comply with / not breach the APPs. The Australian Sender will remain liable for the overseas recipient's acts associated with any transferred personal information and, where relevant, be in breach of the APPs due to the overseas recipient's acts or omissions. In addition, APP11.1 (security of personal information) requires that an organization must "take reasonable steps to protect the personal information it holds from misuse".

Germany: The Federal Data Protection Act
Germany's Federal Data Protection Act is known as Bundesdatenschutzgesetz or BDSG, and these laws were reformed to cover a range of data protection-related issues. The key principles of the law state that organizations cannot collect any personally identifiable information without express permission from an individual (this includes obvious things like name and date of birth, as well as less obvious things like phone number, address and computer IP address). The permission that an individual grants must specify how, where, how long and for what purposes the data may be used and the individual can revoke the permission at any time.

Organizations must have policies, procedures and controls in place to protect all data types and categories that fall under the BDSG umbrella. Further, Germany does not recognize Safe Harbor regulations in the same way as other EU states (note - other EU states are re-examining this issue). It requires all parties involved in data transfer to assure that Safe Harbor requirements are met in a more formalized and structured manner.

In addition to the Federal Data Protection Act, components of the German criminal code regulate personal data protection, particularly for telecommunications, healthcare, and insurance companies. And all of the 16 German states have their own specific data protection laws pertaining to these areas.

United Kingdom: The UK Data Protection Act
The UK Data Protection Act is the UK's legislation covering the processing of data on people and is the main piece of legislation that governs the protection of personal data in the UK. The Act places clear demands upon those holding personal data in terms of the security that must be applied to protect it and it is necessary to apply a wide range of security measures to meet these standards:

  • Data must be processed fairly and lawfully
  • Data must be processed in accordance with the rights and freedoms of data subjects
  • Data must be protected against unauthorized or unlawful processing and against accidental loss, destruction or damage
  • Data must not be transferred to a country or territory outside the European Economic Area unless that country or territory protects the rights and freedoms of the data subjects.

The Information Commissioner's Office (ICO) is the UK's independent authority set up to uphold information rights in the public interest. They recently provided guidance around the use of cloud computing reiterating that the responsibility for data protection remains with the data controller (the enterprise). And particular consideration should be given to mitigating the security risks relating to personal data since foreign law enforcement agencies may have the power to demand access to personal data stored in a foreign data center. Failing to protect private data can result in ICO-levied fines.

What is an organization to do? Look exclusively at cloud solutions that are based wholly in the country where they operate? Avoid cloud services altogether? Both of these approaches are impractical. Enterprises need to adopt cloud-based solutions, the best ones available irrespective of location, in order to drive their businesses and remain competitive. So what to do? Technology in the form of Cloud Data Control Gateways (CDCGs) using a technique called tokenization can help.

CDCGs are increasingly being used by global organizations to meet data residency requirements. Using tokenization, where clear text data is replaced by a surrogate token (check out a cool infographic describing the technique here), sensitive data can remain physically onsite while only surrogate replacement tokens go to the cloud for processing and storage. This solution enables enterprises to use public cloud applications no matter where they are located because actual data never needs to leave their in-country data center where the tokenization process occurs. It is a simple and straightforward way to adhere to complex data residency/sovereignty requirements. For those concerned about the "Snowden Effect," the reality is that any requests for information through one of their US-based cloud providers cannot result in compromising customer or corporate data without the enterprise being part of the conversation.

Of course, not all tokenization technologies are created equal. This solution only works when it is designed and deployed properly so as to fulfill all data obfuscation goals and objectives. Most important, it needs to be part of a gateway approach that ensures that the functionality of the cloud application is not disrupted for cloud end users. For example, users need to be able to use the cloud as if the gateway was not in the middle of the equation at all (e.g., they need to be able to Search or Sort on data that has been tokenized).

Please check out our website, which offers more insights on data sovereignty and tokenization with specific pages addressing laws in a number of countries as well as sector-based requirements for verticals like Banking and Healthcare. We also provide various reference pieces, including a broader whitepaper, International Privacy Laws.

Read the original blog entry...

Perspecsys Inc. is a leading provider of cloud data tokenization and cloud encryption solutions that enable mission-critical cloud applications to be adopted throughout the enterprise. Cloud security companies like Perspecsys remove the technical, legal and financial risks of placing sensitive company data in the cloud. Perspecsys accomplishes this for many large, heavily regulated companies across the world by never allowing sensitive data to leave a customer's network, while maintaining the functionality of cloud applications. For more information please visit or follow on Twitter @perspecsys.

More Stories By Gerry Grealish

Gerry Grealish is Vice President, Marketing & Products, at PerspecSys. He is responsible for defining and executing PerspecSys’ marketing vision and driving revenue growth through strategic market expansion and new product development. Previously, he ran Product Marketing for the TNS Payments Division, helping create the marketing and product strategy for its cloud-based payment gateway and tokenization/encryption security solutions. He has held senior marketing and leadership roles for venture-backed startups as well as F500 companies, and his industry experience includes enterprise analytical software, payment processing and security services, and marketing and credit risk decisioning platforms.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.

@ThingsExpo Stories
Organizations already struggle with the simple collection of data resulting from the proliferation of IoT, lacking the right infrastructure to manage it. They can't only rely on the cloud to collect and utilize this data because many applications still require dedicated infrastructure for security, redundancy, performance, etc. In his session at 17th Cloud Expo, Emil Sayegh, CEO of Codero Hosting, will discuss how in order to resolve the inherent issues, companies need to combine dedicated and cloud solutions through hybrid hosting – a sustainable solution for the data required to manage I...
Clearly the way forward is to move to cloud be it bare metal, VMs or containers. One aspect of the current public clouds that is slowing this cloud migration is cloud lock-in. Every cloud vendor is trying to make it very difficult to move out once a customer has chosen their cloud. In his session at 17th Cloud Expo, Naveen Nimmu, CEO of Clouber, Inc., will advocate that making the inter-cloud migration as simple as changing airlines would help the entire industry to quickly adopt the cloud without worrying about any lock-in fears. In fact by having standard APIs for IaaS would help PaaS expl...
Apps and devices shouldn't stop working when there's limited or no network connectivity. Learn how to bring data stored in a cloud database to the edge of the network (and back again) whenever an Internet connection is available. In his session at 17th Cloud Expo, Bradley Holt, Developer Advocate at IBM Cloud Data Services, will demonstrate techniques for replicating cloud databases with devices in order to build offline-first mobile or Internet of Things (IoT) apps that can provide a better, faster user experience, both offline and online. The focus of this talk will be on IBM Cloudant, Apa...
SYS-CON Events announced today that Cloud Raxak has been named “Media & Session Sponsor” of SYS-CON's 17th Cloud Expo, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Raxak Protect automates security compliance across private and public clouds. Using the SaaS tool or managed service, developers can deploy cloud apps quickly, cost-effectively, and without error.
SYS-CON Events announced today that ProfitBricks, the provider of painless cloud infrastructure, will exhibit at SYS-CON's 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. ProfitBricks is the IaaS provider that offers a painless cloud experience for all IT users, with no learning curve. ProfitBricks boasts flexible cloud servers and networking, an integrated Data Center Designer tool for visual control over the cloud and the best price/performance value available. ProfitBricks was named one of the coolest Clo...
SYS-CON Events announced today that IBM Cloud Data Services has been named “Bronze Sponsor” of SYS-CON's 17th Cloud Expo, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. IBM Cloud Data Services offers a portfolio of integrated, best-of-breed cloud data services for developers focused on mobile computing and analytics use cases.
Mobile messaging has been a popular communication channel for more than 20 years. Finnish engineer Matti Makkonen invented the idea for SMS (Short Message Service) in 1984, making his vision a reality on December 3, 1992 by sending the first message ("Happy Christmas") from a PC to a cell phone. Since then, the technology has evolved immensely, from both a technology standpoint, and in our everyday uses for it. Originally used for person-to-person (P2P) communication, i.e., Sally sends a text message to Betty – mobile messaging now offers tremendous value to businesses for customer and empl...
Learn how IoT, cloud, social networks and last but not least, humans, can be integrated into a seamless integration of cooperative organisms both cybernetic and biological. This has been enabled by recent advances in IoT device capabilities, messaging frameworks, presence and collaboration services, where devices can share information and make independent and human assisted decisions based upon social status from other entities. In his session at @ThingsExpo, Michael Heydt, founder of Seamless Thingies, will discuss and demonstrate how devices and humans can be integrated from a simple clust...
Who are you? How do you introduce yourself? Do you use a name, or do you greet a friend by the last four digits of his social security number? Assuming you don’t, why are we content to associate our identity with 10 random digits assigned by our phone company? Identity is an issue that affects everyone, but as individuals we don’t spend a lot of time thinking about it. In his session at @ThingsExpo, Ben Klang, Founder & President of Mojo Lingo, will discuss the impact of technology on identity. Should we federate, or not? How should identity be secured? Who owns the identity? How is identity ...
You have your devices and your data, but what about the rest of your Internet of Things story? Two popular classes of technologies that nicely handle the Big Data analytics for Internet of Things are Apache Hadoop and NoSQL. Hadoop is designed for parallelizing analytical work across many servers and is ideal for the massive data volumes you create with IoT devices. NoSQL databases such as Apache HBase are ideal for storing and retrieving IoT data as “time series data.”
SYS-CON Events announced today that HPM Networks will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. For 20 years, HPM Networks has been integrating technology solutions that solve complex business challenges. HPM Networks has designed solutions for both SMB and enterprise customers throughout the San Francisco Bay Area.
The broad selection of hardware, the rapid evolution of operating systems and the time-to-market for mobile apps has been so rapid that new challenges for developers and engineers arise every day. Security, testing, hosting, and other metrics have to be considered through the process. In his session at Big Data Expo, Walter Maguire, Chief Field Technologist, HP Big Data Group, at Hewlett-Packard, will discuss the challenges faced by developers and a composite Big Data applications builder, focusing on how to help solve the problems that developers are continuously battling.
As enterprises capture more and more data of all types – structured, semi-structured, and unstructured – data discovery requirements for business intelligence (BI), Big Data, and predictive analytics initiatives grow more complex. A company’s ability to become data-driven and compete on analytics depends on the speed with which it can provision their analytics applications with all relevant information. The task of finding data has traditionally resided with IT, but now organizations increasingly turn towards data source discovery tools to find the right data, in context, for business users, d...
SYS-CON Events announced today that MobiDev, a software development company, will exhibit at the 17th International Cloud Expo®, which will take place November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. MobiDev is a software development company with representative offices in Atlanta (US), Sheffield (UK) and Würzburg (Germany); and development centers in Ukraine. Since 2009 it has grown from a small group of passionate engineers and business managers to a full-scale mobile software company with over 150 developers, designers, quality assurance engineers, project manage...
“The Internet of Things transforms the way organizations leverage machine data and gain insights from it,” noted Splunk’s CTO Snehal Antani, as Splunk announced accelerated momentum in Industrial Data and the IoT. The trend is driven by Splunk’s continued investment in its products and partner ecosystem as well as the creativity of customers and the flexibility to deploy Splunk IoT solutions as software, cloud services or in a hybrid environment. Customers are using Splunk® solutions to collect and correlate data from control systems, sensors, mobile devices and IT systems for a variety of Ind...
SYS-CON Events announced today that Solgeniakhela will exhibit at SYS-CON's 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Solgeniakhela is the global market leader in Cloud Collaboration and Cloud Infrastructure software solutions. Designed to “Bridge the Gap” between Personal and Professional Social, Mobile and Cloud user experiences, our solutions help large and medium-sized organizations dramatically improve productivity, reduce collaboration costs, and increase the overall enterprise value by bringing ...
Sensors and effectors of IoT are solving problems in new ways, but small businesses have been slow to join the quantified world. They’ll need information from IoT using applications as varied as the businesses themselves. In his session at @ThingsExpo, Roger Meike, Distinguished Engineer, Director of Technology Innovation at Intuit, will show how IoT manufacturers can use open standards, public APIs and custom apps to enable the Quantified Small Business. He will use a Raspberry Pi to connect sensors to web services, and cloud integration to connect accounting and data, providing a Bluetooth...
SYS-CON Events announced today that Micron Technology, Inc., a global leader in advanced semiconductor systems, will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Micron’s broad portfolio of high-performance memory technologies – including DRAM, NAND and NOR Flash – is the basis for solid state drives, modules, multichip packages and other system solutions. Backed by more than 35 years of technology leadership, Micron's memory solutions enable the world's most innovative computing, consumer,...
Nowadays, a large number of sensors and devices are connected to the network. Leading-edge IoT technologies integrate various types of sensor data to create a new value for several business decision scenarios. The transparent cloud is a model of a new IoT emergence service platform. Many service providers store and access various types of sensor data in order to create and find out new business values by integrating such data.
SYS-CON Media announced that Splunk, a provider of the leading software platform for real-time Operational Intelligence, has launched an ad campaign on Big Data Journal. Splunk software and cloud services enable organizations to search, monitor, analyze and visualize machine-generated big data coming from websites, applications, servers, networks, sensors and mobile devices. The ads focus on delivering ROI - how improved uptime delivered $6M in annual ROI, improving customer operations by mining large volumes of unstructured data, and how data tracking delivers uptime when it matters most.