Cybersecurity Awareness Month, observed every October, is vital for understanding the importance of cybersecurity in our increasingly digital world. It serves as a crucial reminder for individuals and organizations to stay both vigilant against and proactive about, potential threats and how to respond appropriately.

According to the IBM Cost of a Data Breach 2024 report in 2024, the global average cost of a data breach reached $4.88 million. This represents a significant financial impact on organizations, driven by factors such as business disruption, post-breach customer support and remediation efforts. In the United States, the average cost is even higher, at $9.36 million. These figures highlight the critical importance of maintaining robust cybersecurity measures to prevent breaches and mitigate the financial consequences.

Data Sovereignty and Data Residency

For organizations operating across multiple regions or in multiple countries and having significant security and compliance restrictions, data sovereignty and data residency have emerged as critical challenges.  Both are concepts for managing data across borders.

Data sovereignty refers to the legal authority and control a country has over data stored within its borders. Data is subject to the laws and regulations of the country where it is physically located and those laws can affect how data is accessed, used and shared. Data residency concerns the physical location of where data is stored and determines which country’s or region’s laws apply to the data. It often involves choosing a specific location for data storage to meet regulatory or business requirements.

In addition to compliance and security, several other factors have driven the concern around data sovereignty and residency:

• Privacy regulations – Laws such as the General Data Protection Regulation (GDPR) in Europe and the CLOUD Act in the United States have brought attention to how data can be accessed and by whom, even across national borders.
• Geopolitical concerns – Governments have become more apprehensive about the control and security of data within their borders, especially as foreign companies handle large volumes of sensitive data.
• Technological advances – The proliferation of cloud services, IoT and AI has led to an explosion of data, making the control and governance of that data more complex.

The widespread adoption of cloud services and distributed computing architectures has made it more challenging to determine exactly where data resides. Compliance with data residency and sovereignty regulations ensures that organizations take measures to maintain visibility and control over data locations, which is crucial for maintaining strong cybersecurity.

To remain proactive and compliant, organizations need to begin preparing for new regulations anticipated in 2025, such as:

• The AI Act, which is expected to regulate AI deployment, particularly where high-risk use cases are involved, requires organizations to meet strict compliance and transparency standards.
• The Cyber Resilience Act focuses on enhancing the cybersecurity of connected devices and services. Companies will need to ensure robust security measures are in place across each of its products.
• Digital privacy and advertising laws are likely to impose tighter restrictions on data collection and use in digital marketing.

With these increasing concerns, organizations should expect data platform technologies to have robust capabilities for ensuring compliance across borders, including:

• Data residency and sovereignty compliance: Data platform vendors should guarantee data residency in specific regions and offer features such as region-specific options. Platforms should allow organizations to easily manage and enforce data localization policies. For example, a system that runs local analytics in all regions and adheres to local data regulations is critical and accelerates business competitiveness.
• Security and encryption: Enterprises with strict data concerns should have a platform that provides strong encryption, both in transit and at-rest, as well as support for region-specific security standards such as FIPS 140-2 in the U.S. and GDPR compliance in Europe.
• Auditability and transparency: Detailed auditing and transparency features are critical in a platform to ensure compliance with complex regulations such as GDPR or the CLOUD Act. Organizations need a platform that offers audit logs, automated compliance reporting and data lineage tracking.
• Cloud flexibility: Organizations increasingly prefer data platform vendors that support hybrid and multi-cloud deployments, as it allows enterprises to move data seamlessly between on-premises, private clouds and public clouds, while adhering to regional regulations. This flexibility helps enterprises mitigate risks associated with cloud vendor lock-in and meet the needs of sovereign jurisdictions.

In general, data platforms hosting sensitive data should be secure and inaccessible by default, and the principle of least privilege access should always apply. Data should stay within a company’s control, whether it’s in a cloud account or data center, to meet security, residency and sovereignty needs while ensuring that data has the freedom to move as dictated by an individual organization’s requirements.