110 Questions to Ask When Building a Data Residency Global Strategy
2What Regulatory Requirements Can Be Expected?
Global data protection law seems to be in a constant state of flux, with no one-size-fits-all answers. To operate internationally, you’ll need to hold yourself to the highest standards of compliance with privacy regulations across every region and country in which you do business. You’ll have to work closely with a legal team that has a global perspective to understand your options for complying with changing regulations (EU Privacy Shield, Patriot Act and other regulations) and data center location.
3How Do I Handle Customers Who Push Back?
If your sales team is facing international customers and/or larger U.S. companies with a global presence who make demands for local or regional data centers, customers must become a key driver in this decision-making process. It’s important to be aware of—and carefully consider any—customer concerns. It’s also pretty enlightening to hear what customers of related companies are saying.
4What Security Problems Impact Data Residency?
Cloud is typically a popular choice over co-location for security reasons, with AWS (Amazon Web Services) being the most common—and largest—cloud service provider. Amazon spends millions of dollars on security, which benefits all its cloud customers. If you had to build your own security in different data centers, under a heterogeneous model equipped to manage different security concerns in different regions, that would be very difficult to manage. AWS supplies a staple security model that can be used across countries. Using its security stack and building security programs on top of that is powerful, as well as fast.
5What Are Other SaaS Companies Doing in This Area?
Another question: How did they arrive at their decision? Across industries, there’s a broad spectrum of interpretations of privacy and data regulations. This leads to a variety of options in terms of how businesses understand and integrate the requirements. This question will help you to uncover relevant companies that may be willing to share their assessment that will help you to clarify your options.
6What Does Risk Allocation Look Like in a Co-location or Public Cloud Deployment?
7What Are Cost Differences Between Public Cloud vs. Pure Co-lo Solution?
Another question: Would this change by the number of co-los you support? The trend is moving to the cloud, primarily because of ease of deployment: With cloud, you can bring up services literally in a matter of seconds rather than spending months building hardware and infrastructure before you can even begin to prepare your applications for deployment. With cloud, you just need to manage deployment. But you’ll also want to consider if/how costs could be mitigated, and what the trade-offs are in terms of cost.
8Which Countries Have Issues With Data Residency in a Non-On-Premises Solution?
9Does an On-Premises Co-lo Matter for a U.S.-Based Company?
This could mean, Does it matter from an actual legal/regulatory perspective or just in terms of customer/prospect perception? Co-lo hosting means you have a physical location for your data center. You get the power, space and network feed from a data center provider. You have all your own servers and you manage the whole system.
10How Does Storing Data Locally Impact Data Residency and Data Transfer Regulations?
Consider U.S. laws and regulations as well as those in the European Union or other countries in which your company does (or will do) business. In the European Union, few of the available options for data centers could be seen as falling somewhere on a continuum, where each option presents unique regulatory and operational challenges that will differ from company to company.
11How Are Public Cloud Providers Helping Customers Be Compliant in the EU?
Companies that are already using public cloud providers can provide their personal perspective. With a public cloud such as AWS, you get instances of servers and share the shared pool with other tenants. Within this public cloud environment, you create instances by just logging into your account. You don’t manage the underlying servers or infrastructure. You just install and manage your own operating system on top of the base operating system.