Maintaining Data Sovereignty: Best Practices for Moving Data Across Geographic Regions - Photo by Krzysztof Kowalik on UnsplashIn the past several years, the demand for cloud services and offerings has increased. Simultaneously, so has the volume of data requiring stewardship. The more data we store in the cloud, the more we must be vigilant – or face costly repercussions.

In most organizations, IT administrators serve as the stewards of data. They must keep governance and data protection top of mind. However, this stewardship is especially tricky during a merger, acquisition, or divestiture. These are instances when IT professionals often are asked to move data.

The rules and regulations around data privacy and security often vary, which makes it complex to move from one regional data center to another. Also, changing borders and political alliances – for instance, the withdrawal of the UK from the European Union – can shift data sovereignty rules.

Given this, IT professionals must know the critical questions to ask before beginning a migration project. Those who violate data sovereignty laws are likely not adhering to company policy. They could be financially and criminally liable for missteps. By asking the right questions, IT professionals will minimize their risks, which are not inconsequential.

The complexities of data sovereignty

Maintaining data sovereignty is complex. Where will data be stored and protected during transit? Who has jurisdictional oversight?

For instance, the European Union has its requirements, but so does each nation within the EU. Further complicating the situation is that migrations often occur in a complex legal web of multiple jurisdictions.

Suppose a company in the EU purchases an entity in the UK and wants to move its data. In that case, the IT manager needs to ensure the data migration meets the regulations of both geographies. Often, this means understanding the host of requirements that apply to migrating data between the source and destination. It also means knowing how to classify and protect the data while it’s in transit.

Key considerations when migrating data

There are several pressing questions and considerations IT administrators must address before beginning a migration across regions. Some best practices to help ensure the project is successful include:

  • Take stock of your data. A migration project is an opportunity for spring cleaning. IT administrators must ask, “What data do we no longer need?” Any unnecessary data that’s transferred poses an additional liability that you don’t want to incur. If you don’t need it, don’t move it.
  • Classify your data. Not all data is created equal. Compliance rules vary depending on the data and its location. Understanding the different classes of sensitive data and how that data must be protected will help ensure data protection. Identifying vulnerabilities will help you develop a risk management plan to address them.
  • Consider how the data is being treated. What happens to data in transit? Is it being transferred securely? Who has control and access to it? Will it be encrypted?
  • Monitor access controls. IT administrators must limit data access only to the necessary people. Another idea is to consider limiting the places the data will travel. One way to do this by putting the migration services or the computers doing the work within the locale of the source and destination. It minimizes where the data will go.
  • Consider the end state of the migration and decommissioning old infrastructure. Make sure that old data is destroyed, with no additional copies available.

How a migration tool can help

When researching tools to help with the migration, select the right software to help address some of these critical questions. Software like BitTitan MigrationWiz helps service providers and IT professionals specify where their data resides before, during, and after migration.

Other questions to ask when researching software include: Where does this tool or service ultimately reside? From the standpoint of data classification, will it treat data with the right level of sensitivity?

The service provider that has the credentials to access a migration service has a tremendous amount of power. When bringing in a partner to assist, it’s essential to understand how a service professional or their migration service handles the credentials for the customer data during the migration.

Specifically, you’ll want to understand where those credentials came from. What happens to them once the project is complete? Is the service provider storing the credentials during the project? Could a bad actor possibly use them to attack the data source or destination? How will the credentials be authenticated? A best practice is to store source and destination credentials in the locale of the source and destination.

Finally, consider the migration of the actual data. Ideally, the path to the destination is as point-to-point as possible.

Data sovereignty is complex, but ensuring your project meets the necessary regulations should not be impossible. Classifying and establishing your catalog of data will help move the project along. Figuring out what your constraints are and developing a plan to address them can help inform where your destination should be located. Be aware of the questions to ask. It will ensure the appropriate steps are taken to adhere to the regulations that apply and that your data securely makes it to its destination.

BitTitan Logo

BitTitan® empowers IT service professionals to successfully deploy and manage cloud technologies through its family of software solutions. MigrationWiz® is the industry-leading SaaS solution for mailbox, document, public-folder and Microsoft Teams migrations between a wide range of sources and destinations. Voleer® centralizes and automates IT tasks to optimize IT environments, enabling IT service professionals to effectively manage resources, security, data governance, and more. Perspectium eliminates data and process silos with integration solutions for ServiceNow, automating data transfers for analytics, backup and restoration, migrations, archiving, and extending ServiceNow workflows to other vital applications or external service providers.

Since 2009, BitTitan has moved over 25 million users to the cloud for 46,000 customers in 188 countries and supports leading cloud ecosystems including Microsoft, Amazon, Google and ServiceNow, with Perspectium enabling more than 75 billion ServiceNow transactions. The global company has offices in Seattle, San Diego and Singapore. To learn more, visit or the BitTitan blog.


Please enter your comment!
Please enter your name here