In today’s world, where almost every transaction is digital and many of our social interactions take place online, protecting one’s data has become a paramount consideration. The short- and long-term effects of a data breach can have a significant impact on the individual, business, or entity that owned the data, ranging from inconvenience to financial loss to criminal liability. When you consider the data that is handled by businesses and governments, the stakes are even higher. For these reasons, these organizations spend a considerable amount on security to safeguard that data and put an emphasis on maintaining data sovereignty.
Data sovereignty: What is it, and why is it important?
This environment has driven some regions and some verticals to adopt a data sovereignty strategy through regulation or policy, where data is restricted from leaving a certain geographic region. The definition of data sovereignty centers on the idea that data remains subject to the laws of the region where it was collected or stored. The main driver behind these measures is to prevent actors from other parts of the world from gaining access to the data. This does not mean that traffic cannot traverse other parts of the world, as users may travel abroad and need to access data from different locations.
Rather, the termination points of users’ connections, where the users connect with the application and decryption is done, must be within a given geographic area. Countries such as Canada and regions like the European Union and the Middle East have aggressively applied data sovereignty requirements on government and financial institutions. In Europe, GDPR compliance is a critical driver behind data sovereignty initiatives.
A common misconception related to data sovereignty is that a customer’s traffic must remain within a given geographic region at all times. While this would be ideal, it’s very difficult and expensive to guarantee this. As noted earlier, many users travel abroad on business, and others work for multinational organizations as remote employees. Although these users may be required to connect to the company over VPN connections, that traffic will still pass through other regions.
In addition, the nature of the internet makes it difficult to ensure that traffic stays within a certain area because the traffic path is dictated by the policies of thousands of internet service providers (ISPs) that are interconnected throughout the world. It is very possible that traffic from a home user who is using an application hosted within their immediate region could end up traveling to another country and back based on the logical interconnectivity in place between the two endpoints.
Data sovereignty and encryption.
Maintaining data integrity under these conditions is one of the many reasons that all modern applications are encrypted, and encryption standards are constantly evolving to prevent exposure. Elliptical curve algorithms and the latest data encryption standards such as TLS 1.3 protocol make it extremely unlikely that any passive listeners, meaning someone who can get a copy of the packets for a user’s traffic, will be able to break the data encryption.
These algorithms require information that is only available to the client and the transaction server. This includes the server’s private key information and full access to bi-directional traffic to decrypt the data at either end of the transaction. Passive listeners used by would-be attackers do not have any way of getting this information in real time. Given all this, the practical approach to achieving data sovereignty requirements is not to ensure that all user traffic stays within a given region but rather to ensure that any locations where applications are terminated take place within the desired region. The application termination point is where the user effectively interacts with the application, TLS is terminated, and data is decrypted. This represents a vulnerability point where an attacker could potentially carry out a man-in-the-middle attack and gain access to the underlying user data. These are the principles that Vercara followed when architecting our UltraDDoS Protect, UltraWAF, and UltraAPI solutions (collectively, the Ultra security platform) to address our customers’ data sovereignty requirements.
How Vercara can help.
An effective Distributed Denial of Service (DDoS) mitigation service requires a lot of bandwidth to withstand attacks, so it is necessary to build out a network that has sufficient capacity to handle any type of attack. It is a best practice to spread the capacity across multiple geographically diverse locations to ensure that attacks are mitigated as close as possible to the source to eliminate network bottlenecks, ensure redundancy from localized events, and provide a lower latency experience to customers everywhere.
Vercara uses industry-standard anycast BGP, where a prefix is announced to the internet from multiple locations, as a means of distributing traffic across our 16 global data centers. Anycast spreads the incoming traffic across the network and tends to attract the majority of traffic toward the nearest mitigation data center. The Ultra Secure platform has 16 locations worldwide, including locations in Germany, France, Dubai, and Canada, where greater data sovereignty requirements are in place. Our presence in each of these markets ensures that the majority of customer traffic will tend to stay within the region.
Vercara offers additional options to further ensure data sovereignty, including:
Global mitigation / local termination.
For proxy-based customers, including DDoS or WAF customers located in Canada or in the Middle East region, we offer the ability to unicast the customer Session/TLS termination VIP address exclusively in that geography. This means that the customer VIP addresses would only be located in that market, Dubai or Toronto. The VIP range would still be anycast out all data centers attracting traffic to the nearest one. Layer 3 and 4 mitigations would be carried out locally at each ingress data center, but the remaining traffic would be backhauled to the originating data center. That is where any session/TLS termination would take place. This ensures that the data will always be processed within the desired region. If desired, a backup data center located in another geography can be designated as a backup location in case of localized outage or maintenance, but this will only be used in those situations.
BGP diversion.
Customer traffic that is diverted using BGP for DDoS is inherently immune to decryption and man-in-the-middle attacks because only traffic flowing in one direction toward the application origin will pass through the Ultra security network. Traffic decryption requires access to two-way traffic.
Restricted Anycast.
Customers in the European and US regions may choose a BGP announcement strategy to only announce customer prefixes in just the US or European mitigation centers. This would only attract traffic to data centers that are located in that region. All session/TLS termination would also exclusively take place in these datacenters.
These options provide a robust set of solutions for customers who want or need to ensure that data sovereignty requirements are met. Please reach out to us if you have any questions or would be interested in learning more about data sovereignty or Ultra security services in general.
