Data Storage & Accessibility Control

Cloudflare today announced the release of a new collection of capabilities known as the Data Localization Suite. These features are available to customers on the Enterprise plan through an optional add-on.

The Data Localization Suite empowers organizations with greater control over data storage locations and access permissions based on the user’s geographic location. This functionality allows businesses to utilize Cloudflare’s services, including its serverless infrastructure, while adhering to relevant local and industry-specific regulations.

This suite is especially pertinent in light of the recent EU decision invalidating the Privacy Shield framework. Businesses operating within heavily regulated sectors, such as healthcare and law, may also find these features particularly valuable in meeting specific data handling requirements.

Consider a scenario where you are developing an application that requires all data to be stored within the European Union. While you could limit your application to a single data center or cloud region, this approach can hinder scalability as your customer base expands globally and may introduce potential service disruptions.

Cloudflare’s solution ensures that all data is encrypted both while stored and during transmission, particularly when mandatory TLS encryption is implemented. Users have the flexibility to manage their own private keys or establish customized rules governing their usage.

For example, a private key used for traffic inspection can be restricted to access only from a data center located in Europe. With the Privacy Shield no longer valid, this configuration simplifies compliance with European data protection regulations.

Cloudflare examines network requests to determine the appropriate course of action, such as automatically blocking requests from malicious bots. You can specify the region where these requests are inspected. Consequently, a malicious bot originating from a server in the U.S. would have its request sent to the nearest Cloudflare data center in the U.S., then routed to a European data center for inspection.

Regarding traffic logs and metadata, Edge Log Delivery enables you to directly transmit logs from Cloudflare’s edge network to your chosen storage solution, whether it’s a cloud storage bucket or an on-premises data center. This process bypasses Cloudflare’s central data centers entirely.

Furthermore, if you are utilizing Cloudflare Workers Durable Objects, you can implement jurisdiction restrictions. This allows you to prevent the storage of durable objects in certain locations when running applications on Cloudflare’s serverless platform, ensuring regulatory compliance.

The Data Localization Suite comprises a variety of tools and services, some of which are already available while others are newly introduced. It’s noteworthy that Cloudflare is prioritizing data locality despite its belief in the future of serverless computing and edge data centers.