The concept of data sovereignty is that data is subject to the laws of the country where it was collected. A seemingly practical way to address data sovereignty requirements is to ensure that data is only stored within certain geographical regions. In other words, common practice tries to address data sovereignty requirements with data residency approaches. For this reason, cloud providers offer various regions or data centre locales.
However, true data sovereignty considers the jurisdiction of the facilities, companies and the parent companies of the service providers who hold or store data. Conceivably, an arms-length parent company could be compelled to give up data, which is a significant governance or regulatory issue for many organizations.
Leonovus Vault ensures that your data is only accessible in locations of your choice, regardless of where it is stored and with whom. Because you strictly control these locations, you can overcome data residency and achieve true data sovereignty.
Vault encrypts and fragments your data, and then distributes the fragments, ensuring that any single cloud provider does not have sufficient information to reconstruct the original data. Only Vault (under enterprise control) can reassemble all the necessary fragments, in the right order, to reconstruct the data.
With Vault’s embedded, automated orchestration, your organization can use storage from multiple providers at the same time. Vault lets you store data seamlessly in a wide array of storage infrastructure, including on-premises storage servers, and Amazon S3, Azure Blob Storage, Google Cloud Storage and S3-compatible providers.
Vault uses erasure coding to fragment your encrypted data. Vault automatically distributes only small fragments of each data object to any one provider, guaranteeing that no one provider has enough information to reconstruct the whole data object. Because Vault manages this multi-cloud interaction, there is no additional effort to add this extra level of security for your data.
Encryption with Enterprise-Controlled Keys
Because Vault performs its encryption in a manner independent of the underlying clouds, none of the providers have keys to your data. You can supply the encryption keys directly with the content or you can use the FIPS 140-2 compliant encryption built into Vault using its intrinsic key management. Regardless of your chosen encryption key management, no third party can be compelled to expose your data. Your organization always maintains direct control of the keys.