Man standing at computer & typing

How PKIaaS Simplifies Compliance With European Union (EU) Regulations

In this digital age, data is considered the new currency and it’s collected at each step of every online interaction. The effort to provide a personalized experience for everything we do on or offline is a race to collect and analyze data. Companies now have access to more data about customers than ever before. It is considered the essential part of the modern global economy and many countries are developing barriers by enacting new data residency regulations that make data transfer and protection more time consuming, complicated and costly.

What Is Data Residency?

In layman’s terms, data is treated as residence of the country where it originated and can’t leave the country without following specific regulations. Data residency is when an organization specifies that their data must be stored in a geographical location of their choice, usually for regulatory, tax or policy reasons. According to TechTarget, data residency refers to the physical or geographic location of an organization's data or information. Similar to data sovereignty, data residency also refers to the legal or regulatory requirements imposed on data based on the country or region in which it resides. Data localization comes in many forms — while some countries enact blanket bans on data transfers, many are sector specific, covering personal, health, accounting, tax, financial, mapping, government, telecommunications, e-commerce and online publishing data. 

In 2016, the European Union adopted the General Data Protection Regulations (GDPR) which replaced the 1995 Data Protection Directive. According to GDPR, companies must keep the data secure inside the EU and if the data is to be transferred outside of the EU, it can only be transferred to countries or organizations that have agreed to adhere to equivalent privacy protection.

How Data Residency Requirements Affect Your PKI-as-a-Service Implementation

Public key infrastructure (PKI) is a key component of Zero Trust architecture. It is the gold standard for authenticating the users, devices, servers and systems that connect to enterprise networks. It also allows for the encryption of machine-to-machine (M2M) communication in your network, regardless of location. PKI-as-a-Service (PKIaaS) solutions — hosted in the cloud, managed by external vendors and delivered through a SaaS portal — enable organizations to outsource the complexities of PKI while retaining visibility and control.

To comply with data residency requirements, organizations must protect their PKI cryptographic keys and data within the EU. HID Global provides local data residency and service redundancy through a combination of Amazon Web Services (AWS) and hosted data centers at multiple locations throughout the EU. Customers can choose for all data and cryptographic key material associated with HID PKIaaS to reside exclusively within the EU. By using multiple EU-based data centers and cloud regions, HID assures local residency without compromising high availability and redundancy.

To learn more about the business benefits of PKIaaS, read our eBook, Outsourcing PKI to the Cloud.

Mrugesh Chandarana is Product Management Director for Identity and Access Management Solutions at HID Global, where he focuses on IoT and PKI solutions. He has more than ten years of cybersecurity industry experience in areas such as risk management, threat and vulnerability management, application security and PKI. He has held product management positions at RiskSense, WhiteHat Security (acquired by NTT Security), and RiskVision (acquired by Resolver, Inc.).

RECENT POSTS

HID Origo™ 개발자 포털 소개

HID Origo™ 개발자 포털의 가용성에 대한 소식을 전해 드릴 수 있게 되어 기쁘게 생각합니다. 이 포털에서는 기술 파트너들에게 직원들의 물리적 및 디지털 경험과 기술이 혼재하는 앱과 API 통합을 구축하는 데 필요한 도구와 지원을 제공합니다.

10월은 국가 사이버 보안의 달입니다

매년 10월은 정부와 사이버 보안 업계가 협력을 도모하기 위해 지정한 국가 사이버 보안 인식의 달(NCSAM)입니다. 이 교육 기간 동안 유익한 정보를 통해 기업과 개인이 온라인에서 스스로를 보호할 수 있는 방법에 대한 인식을 고취시킬 수 있습니다.