Gerry Grealish

Gerry Grealish, Chief Marketing Officer, PerspecSys, says:

Cloud Data Security

As organizations continue to adopt popular cloud applications for essential business needs such as data storage and CRM, they may face a significant set of data sovereignty challenges (also known as data residency). Besides internal and industry-specific regulations such as ITAR, HIPAA or PCI DSS in the U.S., enterprises often need to address privacy rules and requirements that affect how and where their data is stored in the countries and jurisdictions in which they operate. These sorts of regulations place restrictions on the movement of certain types of data across borders, making it seemingly more difficult for an enterprise to adopt cloud applications with datacenters located around the globe.

Even before recent headlines of government surveillance as well as cybercriminal activity hacking of popular cloud applications, countries were concerned about how data leaving geographical borders was being handled and who might gain access. Many countries have specific data residency requirements in place, including China, Canada, Germany, Switzerland and Australia, among others. In Europe, the EU Data Protection Directive already exists and many are now calling for stricter regulations.

While the different requirements may seem challenging to address, for most enterprises, not adopting the cloud means becoming competitively disadvantaged. In cloud environments, where data centers are often geographically dispersed, there are options for enterprises that need to maintain strict control over their information in order to meet data sovereignty requirements.

Using Tokenization to Address Data Sovereignty

Tokenization and encryption are obfuscation methods used to protect sensitive business data while addressing data sovereignty issues. Encryption uses a cipher algorithm to mathematically transform sensitive data’s original value to a surrogate value. The surrogate can be transformed back to the original value via the use of a “key”.

Tokenization is a process by which a sensitive data field is replaced with a surrogate value called a token. When implemented in its strongest fashion, these tokens are simply randomly generated values that have no mathematical relation to the original data field, making it nearly impossible to determine the original value. The benefit for data centers is that the data truly never leaves the enterprise’s location. Because tokens cannot be reversed back to their original values, tokenization is frequently the de facto approach to addressing data sovereignty.

If an enterprise has a mix of data residency and compliance requirements (e.g. HIPAA security mandates), they may choose to use a combination of both tokenization and encryption to secure its information and satisfy all applicable regulations.  Whichever method is chosen, this decision requires a thorough vetting and exploration process. There are consequences of an implementation that is not well thought through. By charting a careful path while selecting both cloud providers and data protection methods, a cloud implementation strategy can be established that will satisfy both the technological and legal requirements of an enterprise.

About PerspecSys

PerspecSys Inc. is a leading provider of cloud data protection solutions that enable mission-critical cloud applications to be adopted in enterprises and government agencies. PerspecSys removes the technical, legal and financial risks of placing sensitive company data in the cloud. PerspecSys accomplishes this for many large, heavily regulated organizations across the world by never allowing sensitive data to leave a customer’s network, while maintaining the functionality of cloud applications. Based in McLean, VA and Toronto, PerspecSys Inc. is a privately held company backed by investors that include Intel Capital, Paladin Capital Group, Ascent Venture Partners and GrowthWorks. For more information please visit or follow on Twitter @perspecsys