Chapter 1:

Data Sovereignty: Controlling the "Where"

Data sovereignty means you control residency, backup targets, and encryption boundaries, and can evidence these controls.

  • Beyond Residency: Region selection alone is insufficient if automated snapshots or support processes can move data or metadata outside approved boundaries.
  • Encryption Boundaries: You must ensure encryption keys are governed under the appropriate jurisdiction, particularly for workloads in regulated sectors.
  • HYOK Architecture: True sovereignty requires Hold Your Own Key (HYOK) models where the identity provider and key store remain completely external to the database vendor. Standard BYOK models are often insufficient if the provider retains access to key memory.
  • Percona Advantage: Percona enables precise control by allowing databases to run on your selected infrastructure, enforcing residency via technical controls rather than vendor defined abstractions. Whether you use operators, use servers, or use both, your data stays within the boundaries you define.
Percona Sovereignty Resource Center
Speak to an expert