Man standing at computer & typing

How PKIaaS Simplifies Compliance With European Union (EU) Regulations

In this digital age, data is considered the new currency and it’s collected at each step of every online interaction. The effort to provide a personalized experience for everything we do on or offline is a race to collect and analyze data. Companies now have access to more data about customers than ever before. It is considered the essential part of the modern global economy and many countries are developing barriers by enacting new data residency regulations that make data transfer and protection more time consuming, complicated and costly.

What Is Data Residency?

In layman’s terms, data is treated as residence of the country where it originated and can’t leave the country without following specific regulations. Data residency is when an organization specifies that their data must be stored in a geographical location of their choice, usually for regulatory, tax or policy reasons. According to TechTarget, data residency refers to the physical or geographic location of an organization's data or information. Similar to data sovereignty, data residency also refers to the legal or regulatory requirements imposed on data based on the country or region in which it resides. Data localization comes in many forms — while some countries enact blanket bans on data transfers, many are sector specific, covering personal, health, accounting, tax, financial, mapping, government, telecommunications, e-commerce and online publishing data. 

In 2016, the European Union adopted the General Data Protection Regulations (GDPR) which replaced the 1995 Data Protection Directive. According to GDPR, companies must keep the data secure inside the EU and if the data is to be transferred outside of the EU, it can only be transferred to countries or organizations that have agreed to adhere to equivalent privacy protection.

How Data Residency Requirements Affect Your PKI-as-a-Service Implementation

Public key infrastructure (PKI) is a key component of Zero Trust architecture. It is the gold standard for authenticating the users, devices, servers and systems that connect to enterprise networks. It also allows for the encryption of machine-to-machine (M2M) communication in your network, regardless of location. PKI-as-a-Service (PKIaaS) solutions — hosted in the cloud, managed by external vendors and delivered through a SaaS portal — enable organizations to outsource the complexities of PKI while retaining visibility and control.

To comply with data residency requirements, organizations must protect their PKI cryptographic keys and data within the EU. HID Global provides local data residency and service redundancy through a combination of Amazon Web Services (AWS) and hosted data centers at multiple locations throughout the EU. Customers can choose for all data and cryptographic key material associated with HID PKIaaS to reside exclusively within the EU. By using multiple EU-based data centers and cloud regions, HID assures local residency without compromising high availability and redundancy.

To learn more about the business benefits of PKIaaS, read our eBook, Outsourcing PKI to the Cloud.

Mrugesh Chandarana is Product Management Director for Identity and Access Management Solutions at HID Global, where he focuses on IoT and PKI solutions. He has more than ten years of cybersecurity industry experience in areas such as risk management, threat and vulnerability management, application security and PKI. He has held product management positions at RiskSense, WhiteHat Security (acquired by NTT Security), and RiskVision (acquired by Resolver, Inc.).