Jurisdiction Requirements

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
12 hours 57 minutes
Difficulty
Intermediate
CEU/CPE
13
Video Transcription
00:00
>> We talked about how data can have different states.
00:00
But one of the important aspects of the Cloud
00:00
is that these datacenters
00:00
are all over the world in different zones.
00:00
But the benefit that comes with having
00:00
a geographically dispersed set of
00:00
Cloud resources is that
00:00
you can have redundancy and backup.
00:00
But one of the pitfalls is that
00:00
different jurisdictions have different requirements.
00:00
In this lesson, we're going to talk
00:00
>> about the importance
00:00
>> of geographic location and legal jurisdiction,
00:00
the impact of jurisdiction on data protection,
00:00
and the differences between jurisdictions.
00:00
At a high level,
00:00
there are many different laws and
00:00
regulations when it comes to data protection.
00:00
We're going to go into some of them in
00:00
greater detail later in the course.
00:00
But for right now, it's important to realize
00:00
that different jurisdictions have different rules and
00:00
they have different requirements for how
00:00
Internet service providers and
00:00
companies need to conduct themselves in the Cloud.
00:00
The European Union, for example,
00:00
has very different rules on transparency than
00:00
other countries or I'd say confederations or groups.
00:00
One of their rules regarding transparency is
00:00
that Internet service providers can't
00:00
privilege the access of one of
00:00
their customers over another or if there's
00:00
some difference in terms of speed
00:00
or access between costumers,
00:00
the Internet service provider has to publish
00:00
a justification of why this is fair.
00:00
That seems like a little unusual by
00:00
some countries dispositions that,
00:00
well, people pay more,
00:00
shouldn't they have faster access.
00:00
But this just brings into play why it's important.
00:00
Understand the jurisdiction that your data is
00:00
located and where your Cloud resources are
00:00
hosted in order to not run a foul
00:00
of any jurisdiction requirements.
00:00
This can get complicated.
00:00
Some jurisdictions have higher standards,
00:00
others have lower standards,
00:00
and some have no standards at all,
00:00
as we'll see later.
00:00
But how you figure out what's
00:00
the most cost-effective strategy of meeting
00:00
those jurisdictional standards can
00:00
take many different flavors.
00:00
Some organizations just try
00:00
to go for the highest standard
00:00
to mitigate their legal risks and keep things simple.
00:00
Others trying to do a tailored approach
00:00
regarding which geographic zones,
00:00
certain kinds of data can be
00:00
stored in and processed and to
00:00
avoid some of the regulations
00:00
that some jurisdictions enforce.
00:00
Another very important aspect to
00:00
this is that if your company has
00:00
any aspirations of going
00:00
global or maybe it is a multinational firm,
00:00
your legal and compliance department needs to be in
00:00
sync and security regarding how Cloud data is stored,
00:00
how architecture is setup to
00:00
utilize different geographic areas,
00:00
and what new jurisdictional
00:00
exposure that can create for your organization.
00:00
Let's reflect for a moment.
00:00
How might understand jurisdictional requirements
00:00
help to address strategic risk?
00:00
Oftentimes technology people or
00:00
security people get tasked
00:00
with making the vision of businesses come to fruition,
00:00
but one of the important considerations
00:00
from a strategy perspective are,
00:00
what are the risks that are associated
00:00
with doing business in different jurisdictions?
00:00
Helping stakeholders understand
00:00
how jurisdictional requirements may
00:00
impact the burden of
00:00
compliance could be very useful to an organization.
00:00
Then the second thing to reflect on as is
00:00
your legal/compliance department aware
00:00
of your Cloud legal risks?
00:00
Sometimes there isn't as great a connection
00:00
between the legal department
00:00
and what happens within technology,
00:00
but being aware of these
00:00
different jurisdictional legal risks
00:00
and making sure that your department is aware of them,
00:00
and monitoring these risks,
00:00
and staying on top of that compliance obligations
00:00
can really save your firm a lot
00:00
of problems and decrease
00:00
the risks that come with
00:00
not meeting compliance obligations.
00:00
In summary, we talked about the impact of
00:00
jurisdiction on data protection
00:00
>> requirements and some of
00:00
>> the difficulties that come with
00:00
meeting jurisdiction requirements.
00:00
See you in the next lesson.
Up Next