When we store data on remote servers; either by using a web-based email client or cloud storage, that information is stored on a server designated or owned by that corporation or its affiliates. This sounds obvious but have you ever stopped to think about what this could mean? Data belonging to a corporate entity or individual in one country being stored in a different country is something that has got some experts a little hot under the collar. If you’re based in the UK but your data is stored in a datacentre in Nashville, for instance, the content of that data would be subject to the laws of the USA and the state of Tennessee, and not the UK mainland.
This could have implications for financial content, copyright and even outright ownership, given the right set of circumstances. To use an extreme example; imagine if information that is sensitive or critical of a certain government or institution ends up on a server in the subject country, or what if subject matter or financial intricacies that are wholly legal in one country end up stored in a country where they are not?
With economic constraints dictating more and more where data centres are distributed and similar constraints giving companies and individuals more reason to seek out cloud-based storage solutions, our important data is finding its way onto systems further afield than ever before. Whereas this allows costs to be kept down, it also throws up serious questions about what happens to that data and in this case what laws govern it once it arrives at its destination. SO, what is the deal with so called ‘data sovereignty’ and how can we remain in control of our data when it’s stored in another country or time-zone?
Tokenisation is being touted as the answer. It is the process by which before data is sent to a server it is replaced by unique identifying symbols that retain all the integrity of the information without compromising its security or changing it in any way. For instance a value such as a financial detail is replaced by a surrogate value that is the tokenisation value on it easy to its storage destination. All the information can then be retrieved by ‘detokenising’ the information at the point of origin or ‘sovereignty’, once it has been retrieved from the server.
Tokenisation is not encryption. Whereas encryption uses a mathmatic value or algorithm to transform data to an encrypted form, and then a reversal of that algorithm to transform it back, tokens completely replace the existing data and only using the ‘key’ can the original be retrieved. This means the data at the point of storage is merely gibberish that doesn’t contravene any laws and wouldn’t represent any value to anybody intercepting it at that end. It also adds another layer of security against hackers. It is only using the correct token key that the information can be converted back to its original form and meaning.
As cloud storage becomes more and more prevalent, expect tokenisation to become a far more recognised part of data storage.