Trend Micro has released a UK-based version of its Vision One platform. The company says that this is about meeting an increased demand for data sovereignty, compliance and resilience among UK organisations. Data sovereignty is not just a UK demand. Worldwide, there is an increasing demand for it. That is due to increasing distrust in how protected data is and admissions from the cloud hyperscalers that they cannot guarantee data sovereignty.
Marc Schiener, Technical Director at Trend Micro, said, “This strategic development allows customers to process and store their security-related data entirely within UK borders.
“This addresses growing regulatory expectations while maintaining access to Trend Micro’s full cybersecurity portfolio.
“By bringing Trend Micro Vision One to the UK, we’re giving customers full control over their data, paired with the most advanced threat detection and risk management capabilities available.”
No impact on product functionality
Trend Micro has stressed that the focus here is to ensure that the data is ring-fenced without impacting the functionality of Vision One. In response to a request for more information, the company replied:
“Functionally, the UK-hosted and global versions are identical, offering the same features, capabilities, and operational performance without any technical limitations or compromises.
“The sole distinction lies in data residency, UK-hosted telemetry stays within British borders, while the global platform distributes customer data across multiple international locations, making this purely a matter of regulatory compliance and data sovereignty rather than product differentiation.”
This does raise several questions as to how multi-national customers will get the most out of Vision One.
- If the UK data is ring-fenced, how will that data be used as part of a wider security operation?
- Will customers have to duplicate rules and controls for the UK and global platform?
- With other countries such as France and Germany also pushing data sovereignty, will Trend Micro release versions for those countries? If so, that further widens the rules and usage question.
What is also unclear from the announcement is how complete the data sovereignty is. For example, on whose platform is this hosted? If the underlying platform host uses overseas sites for resilience and replication, then there will be questions over the ring fencing of the data.
Resilience is part of the reason that Trend Micro claims it is doing this. What it hasn’t done is list the data centres where the data will be held. Nor has it provided any details about failover and replication between sites, which is critical for resilience.
Making this transition easy
Trend Micro says UK customers can migrate seamlessly to the UK-hosted Vision One instance for no extra charge. That will be welcomed by many customers but ignores a significant technical challenge – separating UK data from other data.
It is far from a trivial problem. Data will have been heavily mixed with the global Vision One data sets. To migrate the data, ALL copies and records have to be identified, moved and then deleted from the global version. It would have been nice to see Trend Micro announce tools to make this easier. It could have announced new auditing tools that support data sovereignty, which would at least provide some help.
There is also no indication of how long or how complex this is likely to be. It’s highly unlikely that Trend Micro has not done trials with some customers. That will have given them indicators of pitfalls and issues that need addressing, and even sample workflows.
Enterprise Times: What does this mean?
This is a good move by Trend Micro and one that it says is customer-driven. However, the devil is in the details, and that is extremely light. As is shown from the questions above, there are numerous questions that remain unanswered. If Trend Micro comes back with a response to any of them, we will update this piece.
It is important that Trend Micro gets this right. There is increasing demand for data sovereignty across Europe and worldwide. Customers will need to be assured that data sovereignty does not impact the effectiveness of its solutions. If it can prove that, and prove that there will be no duplication of workload, that’s an even bigger boost.
