Aggregator

Fifteen Best Practices to Navigate the Data Sovereignty Waters
josh.pearson@t…
Tue, 01/14/2025 - 08:04

Data sovereignty—the idea that data is subject to the laws and regulations of the country it is collected or stored in—is a fundamental consideration for businesses attempting to balance harnessing the power of data analytics, ensuring compliance with increasingly stringent regulations, and protecting the privacy of their users. 

At Thales, we believe that data sovereignty doesn’t obstruct innovation; it enables it. With the right tools and expertise, businesses can navigate the murky waters of data sovereignty, taking advantage of data’s huge potential while securely processing and storing data wherever it is. So, to help you along the way, here are our 15 best practices for navigating the data sovereignty water.

Thales | Cloud Protection & Licensing Solutions
More About This Author >

Data sovereignty—the idea that data is subject to the laws and regulations of the country it is collected or stored in—is a fundamental consideration for businesses attempting to balance harnessing the power of data analytics, ensuring compliance with increasingly stringent regulations, and protecting the privacy of their users.

At Thales, we believe that data sovereignty doesn’t obstruct innovation; it enables it. With the right tools and expertise, businesses can navigate the murky waters of data sovereignty, taking advantage of data’s huge potential while securely processing and storing data wherever it is. So, to help you along the way, here are our 15 best practices for navigating the data sovereignty water.

Navigating data sovereignty requires comprehensive data security and resilience, which 360-degree data protection mechanisms provide. A 360-degree data protection mechanism is a holistic approach to data security encompassing all data management aspects. It ensures that data is protected throughout its lifecycle, from creation to deletion, across all environments—on-premises, cloud, hybrid, and multi-cloud.

Organizations often use multiple cloud environments to meet data sovereignty requirements. This approach provides geographic flexibility, helping to ensure compliance with local regulations in various regions. Similarly, some jurisdictions may require a different cloud environment from others.

However, achieving scalability and adequate security across multiple cloud services can take time and effort. The more cloud environments an organization has, the more work a security team must do to secure them. By automating security tasks and processes, organizations allow security teams to secure multiple cloud environments while minimizing manual effort.

Data classification and governance ensure compliance with data sovereignty by categorizing data based on sensitivity and applying appropriate security measures. They enforce localized data storage, automated compliance, and consistent security controls, facilitate auditing and regulatory reporting, and manage cross-border data transfers to adhere to local and international laws.

Transparency and control over data are crucial for data sovereignty as they ensure organizations can track, manage, and secure data in compliance with local laws. This visibility helps maintain regulatory compliance, enforce data localization policies, and swiftly address security issues, safeguarding sensitive information within jurisdictional boundaries.

As noted, to meet data sovereignty requirements, organizations will often have to set up cloud data centers in multiple jurisdictions and, as such, carry out cloud migration. Understanding the nature of data in cloud migration is crucial for successful cloud migration and handling of sensitive information. It ensures appropriate security measures, compliance with regulatory requirements, and effective data management strategies, preventing data breaches and maintaining data integrity during the transition to the cloud environment.

Robust data management and governance are critical parts of any data protection legislation. To implement robust data management and governance, organizations should establish clear policies and procedures for data classification, access control, and lifecycle management, use automated tools for monitoring, auditing, and enforcing compliance, and regularly update policies to reflect regulatory changes and ensure consistent data protection across all systems and environments.

Robust encryption strategies and pseudonymization are crucial for protecting sensitive data and meeting data sovereignty requirements. Encryption ensures data is securely stored and transmitted, safeguarding it from unauthorized access or breaches. Pseudonymization further anonymizes data, reducing the risk of identification if data is compromised. These measures protect sensitive information and help organizations comply with data residency laws by ensuring data is stored and processed within required geographic boundaries.

However, poor key management can render even the most robust encryption algorithms ineffective. Effective key management is foundational to data sovereignty: while cryptographic algorithms are public, the associated keys must remain secret. Critical management practices such as classification, key assignment, access controls, rotation and revocation, and auditing and monitoring ensure that sensitive data is protected according to its level of sensitivity.

Crypto agility and awareness of quantum-resistant algorithms are crucial for preparing organizations for future technological shifts and ensuring long-term data security.

Crypto agility enables organizations to adopt and integrate new cryptographic standards and algorithms as they evolve. This flexibility ensures that data remains protected against emerging threats and vulnerabilities.

With quantum computing advancements threatening current encryption methods, awareness and adoption of quantum-resistant algorithms are essential. These algorithms are designed to withstand attacks from quantum computers, safeguarding data integrity and confidentiality in the future.

All data protection regulations will require organizations to have backup and disaster recovery strategies to be resilient against security incidents such as ransomware attacks.

ZTNA ensures that only necessary and authenticated individuals and machines can access a network, thus preventing unauthorized access and potential data breaches. Most jurisdictions require ZTNA in their data protection regulations.

Similarly, digital identity and access management (IAM) is crucial for data sovereignty and security, as it ensures that only authorized users access sensitive data. IAM, particularly in zero-trust models, verifies identities and enforces least privilege access, preventing unauthorized access across cloud environments, safeguarding data integrity, and compliance with regulatory requirements.

Regular audits and compliance checks ensure the effectiveness of data protection and control strategies over time while confirming compliance with different jurisdictions’ data protection regulations.

Technologies for cybersecurity defenders and attackers are evolving at an unprecedented speed. To keep up with data sovereignty, it’s crucial to be aware of developments on either side of the battle. By doing so, organizations can adapt to new challenges and ensure up-to-date security measures.

Most importantly, it’s crucial to understand data protection laws in different jurisdictions. By practicing data residency awareness, organizations ensure they store and process data according to local laws, respect privacy rights, and prevent legal violations. This awareness helps organizations navigate complex regulatory landscapes and avoid penalties related to data sovereignty and privacy breaches.

Implementing the above best practices using this checklist will help organizations navigate data sovereignty’s murky waters. New data protection regulations are coming thick and fast, particularly in the US, so there’s no better time to get on top of your data sovereignty requirements.

For more information on data sovereignty, how it will affect businesses, and how to thrive in the digital economy while upholding the highest standards of data security and privacy, check out the 2024 Thales Data Security Directions Council Report, Data Sovereignty: Who Owns Your Data and Can You Control It?

January 14, 2025

The post Fifteen Best Practices to Navigate the Data Sovereignty Waters appeared first on Security Boulevard.

在当今时代，大语言模型（LLM）和生成式人工智能（AIGC）已成为科技界的热点，其影响力遍及各行各业，邮件安全领域也不例外。AI技术极大地提升了邮件系统的智能化水平，但同时也被恶意攻击者所利用，使得钓鱼邮件和恶意软件的攻击变得更加隐蔽和难以防范，呈现出明显的双刃剑特性。

攻击者通过AI算法深入分析目标企业的邮件模式，精心设计出极具欺骗性的钓鱼邮件。这些邮件在内容和语言风格上与正常邮件难以区分，能够巧妙地绕过传统邮件安全网关的检测，对邮件安全构成严重威胁。

面对AI+钓鱼邮件的挑战，安全厂商正不断提升防御能力。在此背景下，CACTER凭借其在邮件安全网关技术领域的深厚积累，结合清华智谱大模型的深度学习算法，推出CACTER大模型邮件安全网关，旨在以“AI之盾”防御“AI之矛”，为邮件安全提供强有力的保障。

CACTER大模型邮件安全网关融合了自然语言处理（NLP）技术、现有的机器学习和计算机视觉技术，通过AI驱动的行为分析技术，监控用户行为模式和收发信语义，能够有效识别潜在的钓鱼攻击和异常行为，相比传统邮件安全网关，面对新型恶意威胁检出率极大提升。

此次直播，除了为您深度揭秘大模型URL沙箱和AI赋能的运维管理功能外，还将重点介绍专为企业重要角色量身打造的“高管邮箱增强保护”功能模块。我们将详细讲解如何借助先进的大模型检测技术，迅速、精准地应对针对企业高管等重要角色发起的新型恶意邮件攻击，全方位守护企业核心人物的邮件安全。

想要了解更多关于CACTER大模型邮件安全网关的功能亮点和应用场景，以及未来的产品规划？一切尽在1月16日（周四）15点CACTER直播间。届时，您将第一时间了解到新品预告，回顾2024年邮件安全网关的迭代历程，以及CACTER品牌的年度大事记。此外，还有蛇年专属积分兑换礼盒等您领取。

1月16日（周四）15：00-16：00

大模型网关新品抢先知 惊喜积分礼盒等您兑

在这里，您将看到：

1、新品预告：大模型邮件安全网关新品重磅预告

2、技术回顾：2024年网关版本迭代历程

3、品牌回顾：CACTER品牌年度回顾大事记

4、福利来袭：蛇年专属积分兑换礼盒等你领

除了新品预告和年度回顾，CACTER还为您准备了丰富的礼品。还在等什么，精彩“邮”你，“码”上报名！