What Enterprise Execs Need to Know About Data Sovereignty & Data Custody

It has been almost a year since former NSA contractor Edward Snowden released a trove of documents revealing the large-scale collection, analysis, and storage of personal data on U.S. citizens and foreigners – much of it out of the data centers of telecommunications, Internet, and cloud service providers. In the year since, you most likely have heard about the concepts of “data sovereignty” and “data custody.” You may have heard them in your boardroom.

Issues such as data sovereignty (the question of which country’s laws govern your data) and data custody (who controls your data) come into play as enterprises look to an ever-broader range of IT deployment options. From on-premises to colocation to cloud – and every kind of deployment in between – the proliferation of IT infrastructure options is key to our ability to manage the ever-increasing amount of data we generate and consume. But all these options, and the global nature of them, make IT management much more complicated than it was in the not-too-distant past.

When your IT infrastructure is located on your premises or colocated with a data center provider, there’s no question where your data is. You have the key to the cabinet; the answer to the question, “Who has custody?” is easy – it’s you. But when your data applications or infrastructure – even some of them – are in the cloud, it can be difficult or impossible to say where in the world your data resides, much less where it has been. The amount of control you have over your data depends on the laws of the country where it is, and the policies of the cloud service provider.

IO has just released a whitepaper, C-Suite Primer on Data Sovereignty & Data Custody: What You Need to Know, to help enterprise leaders understand the issues at play, and the range of available IT infrastructure options for dealing with those issues. Download the whitepaper here.

Whether your focus as an enterprise executive is on growing the business, or keeping it secure, or managing IT, it is imperative to understand data sovereignty and data custody. Here’s why: If you don’t know where your data lives, and if you don’t know who controls it, you’re putting the security of your enterprise data, and your customers’ data, at risk.

If you don’t know where the servers that hold your data are, you don’t know whose rules you might be beholden to. And if you don’t know (or can’t control) whose rules you might be beholden to, you can’t know whether the jurisdictional laws in that location are in sync with your corporate policies (and your own sovereign’s data laws). You’re risking non-compliance, or worse.

Yet if your data is in the typical public cloud, the likelihood is very small that you even know where your data is, much less have control of it.

The solution: see and control your data – where it is and who has access to it.Where your data is matters. Who controls your data matters. Given those facts, addressing critical data sovereignty and data custody issues is about making fully informed business decisions. Decisions about which locations you want IT infrastructure in, and which you don’t. About which infrastructure model best suits both your needs and the data sovereignty and data custody particulars of the location. About which security processes and due diligence procedures need to be put in place.


When you can check all those boxes, you can be confident in the security of your enterprise data, and your customers’ data. You’ll know – and be able to control – whose rules you are beholden to. With full visibility and control into where your data is and who has access to it, you can confidently make the best IT infrastructure decisions for the business.

To gain the insight you need to answer the questions listed above for your specific circumstances – and then to take those solutions to the boardroom – download your copy of the just-released C-Suite Primer on Data Sovereignty & Data Custody: What You Need to Know now.

DISCLAIMER: This document is for reference purposes only. The information contained herein should not be relied on and neither IO Data Centers, LLC nor any of its affiliates makes any warranties or representations as to its accuracy.