Skip to main content
Redstor.com

1380 - Data sovereignty

Jolette Roodt
  • Updated
    Tags:
  • Data sovereignty
  • SaaS

Introduction

This article provides information on how Redstor maintains data sovereignty in the various regions we support. As we are rapidly expanding our capability and regional presence, this article is regularly updated with information as it becomes available. Please check back regularly for the latest information.

  • To read more about data security at Redstor, see Article 989.
  • To read more about how we ensure data immutability, see Article 1420

 

Page contents:

 

Storage regions

Redstor currently has data storage facilities in the following locations:

  • Australia – New South Wales, Victoria
  • Far East – Hong Kong
  • France – Paris
  • Germany – Berlin, Frankfurt
  • South Africa – Cape Town, Johannesburg
  • UK – Reading, Slough
  • US – Arizona, Illinois, Texas, Virginia

 

Processing regions

For some of our services (see below), Redstor processes data regionally to ensure optimal performance and maintain data sovereignty. Our processing locations currently include:

  • CH – Zurich
  • EU – The Netherlands
  • UK – Cardiff, London
  • US – Virginia
  • ZA – Johannesburg

data_regions_map.png

 

Maintaining data sovereignty

Data sovereignty is maintained in different ways for the various Redstor services. See below for information regarding each service. 

 

SaaS applications

When it comes to the backup of SaaS applications like Microsoft 365 and Google Workspace, there are two things that happen to the data: processing and storage. Processing refers to the backup and recovery of the data as initiated through a user-defined schedule, while storage refers to the physical location of the servers where the backed-up data is hosted. The flow of SaaS data as it is backed up is therefore as follows:

data_flow.png

Data is transmitted securely over TLS 1.2, processed in the processing region, and stored in the storage location. Data is never stored at rest in the processing region. 

Redstor assists customers in complying with the necessary regulations by supporting region-based data processing and storage, thus enabling data sovereignty. Data processing and data storage can be done in the same or different regions. For customers who run their own Storage Platforms and therefore store their data themselves, only the data processing side is relevant.

By allowing SaaS data processing to occur on a regional basis, Redstor can maintain end-to-end data sovereignty even for customers with a multi-geographic tenancy. In other words, each account is processed and stored in its sovereign territory. This applies to all supported regions.

The diagrams below provide a simplified explanation of the steps for SaaS data processing and storage with Redstor.

 

Microsoft 365

For Microsoft 365 services, the account locale is already provided, which means the steps look like this:
 
data_sovereignty_locale.png
 
Note: You should have Data Sovereignty enabled on the Storage Platform Console for all Microsoft 365 groups. This setting can be found in the group configuration dialog (right-click > Configure Group).
 
enable_data_sovereignty.png
 

Other SaaS applications

For other SaaS applications, the account locale is not provided, which means the steps look like this:

data_sovereignty_no_locale.png

For customers who run their own Storage Platforms, the process is the same except that the locale of the Storage Pool can be assigned by the customer.

 

Machines

The storage location for a machine backup (ESE) account is determined by the Redstor Storage Platform based on the region and group where the account is created. For example, data from an account created in a UK Storage Pool will only be stored in our UK data centres.

 

Azure VM Pro

During the backup of Azure Virtual Machines, data is read from the storage location, transmitted securely over TLS 1.2 and processed in the processing region. Data is never stored at rest in the processing region. The storage region for an account is determined by the Redstor Storage Platform using information received from the Azure VM Pro agent. The storage region will be within the same geographical region as the source data.

 

Cloud infrastructure

Data is never stored at rest in the processing region. The storage region for an account is determined by the Redstor Storage Platform and will be within the same geographical region as the source data.

When it comes to the backup of Azure cloud infrastructure (such as Blob Storage), we support batch processing of Azure data in all regions. Since Redstor processes all Azure data in its region of origin, the customer is not liable for any egress charges.

With the backup of Amazon cloud infrastructure (such as EC2), the data remains in the customer's subscription.

 

Malware detection

Malware detection requires data to be scanned for suspicious data using Redstor’s proprietary machine learning model. During malware detection, data is read from the storage location, transmitted securely over TLS 1.2 and processed in the processing region. Source data is never stored at rest is the processing region. For malware detection, we support processing of data in all regions (CH, EU, UK, US, ZA).

Related articles

Comments

2 comments

Date Votes

Article is closed for comments.