Framework for Recommending Data Residency Compliant Application Architecture

Abstract

Data is a critical asset for organizations. It helps them generate business insights, improves decision making and creates a competitive advantage. Typically, organizations want exclusive control over data for their own advantage. To protect individual and national rights, governments frame data residency regulations. These laws govern the geographical constraints where storage, transmission and processing of data are allowed. Non-compliance to data regulations often lead to serious reper-cussions for organizations, ranging from hefty penalties to loss of brand value. The different variants of data residency constraints such as first copy within country storage poses challenges in designing a regulation-compliant application deployment architecture. In this paper, we propose a framework and multi-criteria decision technique for determining an optimal single cloud or multi cloud architecture. The framework is based on several criteria including permitted data flows as per regulations, data sensitivity and type, availability of cloud providers etc. The framework helps Cloud architects rapidly arrive at a set of deployment architecture options, which can further optimize by the architects.