Browse Prior Art Database

System and Method for Defining and Enforcing Data Localization

IP.com Disclosure Number: IPCOM000247196D
Publication Date: 2016-Aug-16
Document File: 5 page(s) / 67K

Publishing Venue

The IP.com Prior Art Database

Abstract

Disclosed are a system and method to define and enforce data localization. The system implements and enforces a geofence surrounding both an area of data storage and a user group, and governs access to that data by systems and users inside and outside the geofence.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 37% of the total text.

Page 01 of 5

System and Method for Defining and Enforcing Data Localization

The volume of available data is continually growing at a rapid rate. The exponential growth of data presents challenges with respect to data storage, access, security, and movement -- especially with data stored in the Cloud.

Numerous government and corporate data requirements are in place for security and compliance to which the keepers of data must adhere; non-compliance can result in prosecution and fines.

Organizations are challenged to ensure that data security policies are sufficiently sophisticated to allow data access only to the authorized applications and people, at the right time, and in the right location. Organizations must find a way to balance providing as much data as needed as fast as possible, while maintaining government and corporate compliance.

Presently, companies that hold data have no way to enforce data localization. Businesses cannot determine or restrict access to data by authorized users if the authorized users are outside of a defined boundary of data residency . There is presently no way to "geofence" data access by a requester from outside a defined border and determine whether to allow normal access , apply additional audit checking, or restrict access altogether.

The novel solution is a system and method to define and enforce data localization . The system implements and enforces a geofence surrounding both an area of data storage and a user group, and governs access to that data by systems and users inside and outside the geofence.

The novel software system allows the user to define a geographical boundary around a pool of data storage and a group of eligible users. The system enables the user/administrator to define access rules based on access requests from inside and outside the geographical boundary. The system enforces the rules and executes appropriate actions in real-time, based on adherence and violation of the rules.

The system is implemented as a software program and is operated by an administrator (e.g., security analyst). The administrator defines two logical types of geographical boundary:


A boundary around the data's physical storage location (e.g., on the premises of an organization, hosted in the Cloud by a provider, etc.)


A boundary around certain user groups. User group boundaries define users who can access the data and users who cannot access the data. The users that can access data can be any group of people who seek access to the data from

1


Page 02 of 5

within the geofence. The users who cannot access the data are either users who are located outside the geofence or users

who are within another geofence where access has been restricted or denied by the system. Examples of users include but are not limited to all employees of a company, all authorized users within a government ministry, residents of a province or state, or citizens of a country.

Upon the definition of the geofence boundaries, the system m...