This document in the Google Cloud Architecture Framework provides best practices for implementing data residency and sovereignty requirements.
Data residency and sovereignty requirements are based on your regional and industry-specific regulations, and different organizations might have different data sovereignty requirements. For example, you might have the following requirements:
- Control over all access to your data by Google Cloud, including what type of personnel can access the data and from which region they can access it.
- Inspectability of changes to cloud infrastructure and services, which can have an impact on access to your data or the security of your data. Insight into these types of changes helps ensure that Google Cloud is unable to circumvent controls or move your data out of the region.
- Survivability of your workloads for an extended time when you are unable to receive software updates from Google Cloud.
Manage your data sovereignty
Data sovereignty provides you with a mechanism to prevent Google from accessing your data. You approve access only for provider behaviors that you agree are necessary.
For example, you can manage your data sovereignty in the following ways:
- Store and manage encryption keys outside the cloud.
- Only grant access to these keys based on detailed access justifications.
- Protect data in use.
Manage your operational sovereignty
Operational sovereignty provides you with assurances that Google personnel can't compromise your workloads.
For example, you can manage operational sovereignty in the following ways:
- Restrict the deployment of new resources to specific provider regions.
- Limit Google personnel access based on predefined attributes such as their citizenship or geographic location.
Manage software sovereignty
Software sovereignty provides you with assurances that you can control the availability of your workloads and run them wherever you want, without depending on (or being locked in to) a single cloud provider. Software sovereignty includes the ability to survive events that require you to quickly change where your workloads are deployed and what level of outside connection is allowed.
Control data residency
Data residency describes where your data is stored at rest. Data residency requirements vary based on systems design objectives, industry regulatory concerns, national law, tax implications, and even culture.
Controlling data residency starts with the following:
- Understanding the type of your data and its location.
- Determining what risks exist to your data, and what laws and regulations apply.
- Controlling where data is or where it goes.
To help comply with data residency requirements, Google Cloud lets you control where your data is stored, how it is accessed, and how it's processed. You can use resource location policies to restrict where resources are created and to limit where data is replicated between regions. You can use the location property of a resource to identify where the service deploys and who maintains it.
For supportability information, see Resource locations supported services.
Learn more about data residency and sovereignty with the following resources:
- Implement privacy requirements (next document in this series)
- Data residency, operational transparency, and privacy for European customers on Google Cloud (PDF)
- Designing and deploying data security strategy (PDF)
- Cloud Key Management Service
- Trusting your data with Google Cloud (PDF)
- Privileged access at Google
- Google Cloud Access Transparency