The Ultimate Guide to Choosing the Right Data Residency

This post is more than a year old. The contents and recommendations in this blog could be outdated.
  1. All about data regionality and centers
  2. Choosing the right data region for your company
    1. 1. Location
    2. 2. Security
    3. 3. Availability
    4. 4. Compliance
    5. 5. Cost
  3. New: Data redirection based on your customers' locations

Perhaps no other emerging technological advancements have shaped our society as rapidly as the phenomenon of digitalization. With the possibility of reaching people from around the globe, it is evident that the cyber-world also functions as a globalized melting pot of businesses: Practicing e-commerce allows companies to heavily expand their customer base, thus going from a local organization to a worldwide supplier.

A common misconception about digitalization and cloud storage services is that the saved information is just floating around in the cyber-world, independently of physical borders. In reality, however, the storage, security, and managing of your data is the responsibility of so-called data centers, housing businesses’ data at nearly 8000 worldwide locations.

Unfortunately, having your crucial data stored at a specific location alone does not automatically equal guaranteed protection: Due to such a large number of data centers, it is no surprise that not all of them are equally capable of fulfilling your organization-specific data-management needs. Therefore, when choosing a region of residency, you must make sure your location of choice provides an optimal web environment based on your business's requirements and circumstances and has the potential to reach your entire audience. This article will explain the role of data residency and centers in greater detail and list the factors you might want to consider when choosing a center region.

All about data regionality and centers

AAs the name suggests, data residency describes in which country or region an organization's data is stored and processed. With the help of infrastructure providers offering various data regions, organizations using Software as a Service (SaaS) or other cloud deployment services can store their data in multiple locations, thus benefiting their teams with seamless collaboration and their global users with high performance in any country. Once you have chosen a region (for example, Switzerland), all your data traffic is sent to a dedicated data center to ensure it is managed in the selected location.

Since the ability to select data regionality has not been a deciding factor when choosing a service provider for many organizations, numerous contracts are signed for a pre-determined term. Unfortunately, this decision is often made unknowingly of the fact that the selected data regionality can have a significant impact on the fate of businesses: As the lifeblood of the modern global economy, data must be handled by the right hands to avoid potential breaches, legal and data protection issues, or their complete loss.

But what is precisely the problem with keeping the default regionality if universally trusted? Absolutely nothing, provided you have reviewed the region and found it fits your organization's needs and circumstances. However, when it comes to data processing, there is no "one size fits all"; different businesses tend to have their main customer base, offices, and headquarters at distinct locations. Accordingly, should the default data region be in Australia, whereas the majority of your platform's users are located in the US, they might struggle with high latency, making the quality of service suffer in the process.

To sum it up, the benefits of choosing the fitting data residency include:

  • Improving the performance and flexibility of your cloud-deployed application/site wherever your customers are located
  • Compliance with ever more stringent global and regional data protection regulations
  • Seamless collaboration with employees working abroad and enhanced workforce mobility
  • Better availability and disaster recovery options
  • Facilitated access to public cloud operators

Choosing the right data region for your company

Now that it has been elaborated upon why choosing the right data region is crucial, it is worth discussing what factors should be considered when making the decision in question. In addition to location and security, the compliance and availabilty of a future technology partner should be carefully evaluated.

1. Location

One of the most significant elements to consider when picking a data region is the physical location. Since the geographical position of a data center directly impacts several other vital factors in the colocation process, it is worth carefully looking into the attributes of the available regionalities. If your service provider offers a variety of possibilities covering several continents, the key is to look at traffic patterns on your network to determine high-demand areas that could benefit from more coverage. For example, if most of your customers or users reside in western Europe, choosing that data region would ensure low latency for your primary audience when using your platform. This proximity to your platform's users, alias the most common locations from which it is accessed, can be retrieved from various analytical tools, such as Google Analytics.

Another location-related attribute you might want to consider is your business's residence(es); should your IT team need to examine the center or perform maintenance or updates in person, it is advised that it is located within an easily reachable distance. Obviously this depends on your business's delivery model and the increasingly rare occasions, e.g. in highly regulated or sensitive industries, where businesses operate their own infrastructure.
Furthermore, your staff will benefit from low latency if their data is stored and processed close to their office.

2. Security

Another crucial factor when choosing data residency is the strength of the center's security system. For an institution responsible for handling all your company's data and apps, a breach might prove disastrous. This fact is especially noteworthy since data centers are still a prime target for cybercriminals. For example, in 2019, six of CyrusOne's managed service clients, primarily located in their New York data center, have suffered availability concerns due to a ransomware program encrypting specific devices in their network. Therefore, it is strongly advised that the centers of choice use the latest security features and protection software.

Furthermore, besides using high-profile Software and technology to safeguard your assets, data centers should have robust overall security. Adequate protective equipment of both virtual and physical nature will not only keep your data safe from cybercriminals but also real-life ones.

3. Availability

Within the field of data centers, availability is measured by the host's uptime: The percentage of time your platform is up and running, alias functional. According to Hostingadvice, 99.9% uptime is a hosting industry standard, whereas five nines or better (99.999% and up) is the ideal. The required redundancy to guarantee the availability of a single location is typically achieved by running three physically separated data centers within the same region.

In the case of a multi-region application, such as ZITADEL, your data is automatically protected against a region-failure, regardless of the specific residency you have chosen. Accordingly, should your region of choice suffer from complications, traffic will be redirected to other locations (if permitted by the user's data location preference). This degree of redundancy is however not available within single region and single availability zone applications.

4. Compliance

Data compliance refers to the process of adhering to numerous requirements and standards to ensure the integrity and availability of regulated data and sensitive data, thus protecting them from unauthorized use. There are a plethora of industry-specific and location-specific standards governing data security and privacy; one of the most well-known ones is the European Union's General Data Protection Regulation (GDPR), which specifies how businesses should handle the personal data of any of their customers who reside in the European Union. Accordingly, every organization with customers in the European Union is subject to GDPR, with severe consequences of non-compliance that can put your company's long-term viability in peril. Moreover, not only the location of the data center, but also the residency of the infrastructure provider needs to be considered for data compliance.

5. Cost

The cost for storage and compute can vary greatly between different regions and countries. Some regions for cloud storage might be up to 75% more costly than other regions due to various factors that drive the cost to operate and maintain the required level of service and security within that that region. Balancing the previous mentioned factors with the cost of operating in a specific region is a key challenge for companies.

New: Data redirection based on your customers' locations

At ZITADEL, we firmly believe that a fitting data residence should be an asset and not a liability. The SaaS (public cloud service) solution of our identity and access management platform pledges provides the highest possible protection of our user's data; this includes supplying housing options that are true to our security and performance standards.

As of Version 2, ZITADEL will start by offering three data regionality options to choose from:

  • Switzerland
  • Global
  • GDPR-compliant regions

These options, however, include more than what meets the eye. To facilitate our customers' decision in choosing the right data center, our "Global" and "GDPR-compliant" options automatically select three housing regions based on the locality of end-users. In the case of the former option, this can include any country that fulfills ZITADEL's privacy requirements, while the latter works in a near-identical fashion, with the region pool only including GDPR-compliant regions.

Not only does the automatic redirection of your data save you a tremendous amount of time and effort by not having to research the residence of your customers and the attributes of various regions, but it also ensures that your data is housed by centers that fulfill all the location, security, availability, scalability, and compliance requirements of your organization: With the help of ZITADEL's highly distributed and redundant system spanning across multiple regions (multi-regional), as well as the use of serverless containers, we can guarantee fast and easy scaling to accommodate even the highest burst traffic with a short scaling time.

Liked it? Share it!