carbonite logo

Commonly searched topics:

backupcloud backupaccount sign in

Article · Sep 22, 2022

Why Data Sovereignty Matters for Backup

Did you know that storing your data in the wrong cloud server could expose you and your business to fines and penalties? That’s because of something called data sovereignty, a collection of laws managing where you keep and process your data.

Did you know that storing your data in the wrong cloud server could expose you and your business to fines and penalties? That’s because of something called data sovereignty, a collection of laws managing where you keep and process your data.

What is Data Sovereignty?

Data sovereignty basically says that data falls under the jurisdiction of the country where it was collected. These basics are enshrined in most regulatory laws and are also a critical audit requirement.

When applied to cloud-to-cloud backup, data sovereignty refers to the physical location of the data center. For example, GDPR requires that all data collected on citizens must be either stored in the EU and subject to European privacy laws, or within a country that has similar levels of protection.

In this blog post, I’ll discuss why data sovereignty matters and how you can ensure that you’re  secure and compliant.

Why Does Data Sovereignty Matter?

If you’re storing backups outside your own country, you could be subject to that country's laws. That means:

  1. Your data could be seized or accessed by a foreign government without your knowledge or consent
  2. Your data could be at risk of being hacked or stolen if you’re storing it in a country with lax privacy laws
  3. If you store backups in multiple countries, you’ll need to ensure that each location is compliant with the applicable data sovereignty laws – this can be a complex and costly process

Additionally, Microsoft 365, Salesforce, Google Workspace and other SaaS platforms are based on a model of shared responsibility where sovereignty plays an important role in data protection. While SaaS platforms like M365 offer application availability and tolerance for faults and redundancy, it’s ultimately your responsibility to protect users and their data from breaches and data loss.

3 Reasons Why Regional Backup Helps

Storing your backups in a regional data center ensures that you’re compliant with data sovereignty laws. Here are the 3 key benefits:

1.    Ensures Compliance

Regional data centers let you preserve data sovereignty and compliance with regional regulatory laws like France’s national cybersecurity agency (ANSSI). They recently revised SecNumCloud, their cybersecurity certification and labeling program mandating that companies store data locally.

2.    Mitigates Data Privacy Concerns

Between surveillance scandals and customer privacy concerns, data sovereignty has countries increasingly trying to keep their citizens’ data within their own borders. With laws varying drastically between jurisdictions, it’s important to ensure that your customer's data resides in the same country as the customer. That makes it subject to the laws of that land and aligns your privacy mandate with your customer's expectations.

3.    Improves Latency

Storing your backup data closer to your users gives you faster speeds and lower latency. For businesses that frequently access their backups or have large amounts of data to backup, regional data centers also improve latency through a balanced workload. When no single server is over-provisioned, each regional data center can handle the workload in the event of an emergency.

Data Sovereignty with Carbonite™ Cloud-to-Cloud Backup

Carbonite Cloud-to-Cloud Backup, a SaaS data protection platform for Microsoft 365, Google Workspace, Salesforce, Dropbox and Box provides stringently secure backup and unlimited recovery in compliance with many countries data sovereignty requirements.

  • Data Sovereignty with Multiple DC Locations: With Carbonite Cloud-to-Cloud Backup, you have the choice of multiple data center locations in the EU (France, Germany and Ireland), Australia, US, UK and Canada. Our Summer release included the addition of the AWS Data Center in Paris, France, to our selection of cloud backup data centers. With so many choices, you comply with local data sovereignty laws.
  • Assured Recoverability with Unlimited Retention and Immutable Backups: Carbonite Cloud-to-Cloud Backup assures recoverability from any point-in-time with unlimited retention and unlimited point-in-time recovery. This is mandated in privacy laws like the GDPR.
  • Data Encryption At-Rest and In-Transit: Carbonite Cloud-to-Cloud Backup provides gold-standard AES 256-bit encryption for your data at-rest via Amazon Web Services. Transmitted data is encrypted and secured using SSL (HTTPS) enabled servers, reducing the chance and impact of a data breach.
  • Secure Authentication: If your Cloud Solution Provider (CSP) doesn’t support Multi-Factor Authentication (MFA), then your data is prone to attack. In fact, cloud platforms like Microsoft mandate the use of MFA/2FA. Carbonite supports MFA and SAML authentication via Okta.
  • Certified and Compliant: Our solutions are stringently secure and meet the compliance checkboxes– ISO 27001 certified, GDPR and HIPAA compliant, with 99.9% Uptime / Availability SLA.

Learn more about Carbonite Cloud-to-Cloud Backup.


Monty Sagal

Monty Sagal is CloudAlly’s Director of Channel Enablement and Compliance. He has over 20 years of experience spanning the entire SDLC - from planning, and product development, to project management, and customer engagement. While audits strike fear and dread for most, Monty has extensive experience as an internal auditor for ISO 27001 and software development. Read his practical insights on information and data security and privacy.

Related content