March 12, 2024 By Jennifer Gregory 3 min read

Every piece of your organization’s data is stored in a physical location. Even data stored in a cloud environment lives in a physical location on the virtual server. However, the data may not be in the location you expect, especially if your company uses multiple cloud providers. The data you are trying to protect may be stored literally across the world from where you sit right now or even in multiple locations at the same time. And if you don’t know where your organization’s data is stored, it may not be as secure as you think.

Why data residency matters

The location of your data, referred to as data residency, can make a difference in best practices. Not knowing your data’s residency makes it challenging, if not impossible, to reduce your organization’s risk. You are unable to add additional protections both in terms of encryption and best practices.

Here are two reasons you need to know the data residency of your data:

  • Security: Data in specific locations, such as multi-cloud data, requires additional security precautions. The 2023 IBM Cost of a Data Breach Report found that 39% of breached data was stored across multiple types of environments. If you are not aware your data is in a high-risk location, you are unnecessarily putting your customers, employees and organization at risk.
  • Compliance: Some data requires specific compliance regulations. If you do not know the data’s physical location, you either must pay higher costs to meet the requirements for all data or risk not meeting compliance for some data.

The role of the cloud in data residency

With a physical on-premises data center, organizations can only store a certain amount of data before it becomes necessary to purchase additional equipment and acquire more space, often at a significant cost. Storing data in the cloud is typically less expensive, which allows organizations to afford to store a much higher volume of data.

IT organizations are increasingly using a wide range of options for storing the ever-greater volume of data their companies are collecting and storing. Many use multiple cloud providers, and the data and services used to manage and analyze data are now across private, public or hybrid clouds.

The relationship between data residency and data sovereignty

Many organizations confuse data residency and data sovereignty, which are two different things. Data sovereignty determines which country or region controls the data in terms of legal and regulatory mandates. In most cases, data residency determines data sovereignty, which then dictates the data privacy regulations that must be followed.

Organizations delivering hosted services online are at even greater risk. The organization is responsible for following all compliance regulations in all the regions where customers are located. To meet compliance regulations, you must know the location where all your customers’ specific data is stored. Otherwise, you are at risk of large fines and damage to your reputation if you don’t meet a location’s regulations.

The first step to understanding your data residency is to determine the type of storage for each data set, such as private cloud, CSP or on-premises. By creating a map for all data, you can begin to get a picture of your data residency. Next, determine the physical location of every cloud service provider’s data center and research where your data is located. Once you have determined the residency, you can research the sovereignty to understand the regulations that need to be followed.

Keep far-flung data secure

Understanding data residency is a critical but often overlooked step. Because the volume and location of data have quickly ballooned, initially, getting a handle on data residency may be time-consuming. However, once data residency and data sovereignty are integrated into your best practices, staying on top of the security and compliance regulations becomes much easier.

To learn more about tackling data residency concerns in your growing cloud environments, check out the on-demand webinar where IBM Security experts will discuss how to keep track of your data no matter where it’s stored.

More from Data Protection

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today