My MSSP is moving its data center out of the country. They say it is only metadata. I understand metadata is just data about the data however, for a company that has a policy that states all data must remain the US I am finding difficult to move forward. Does anyone know if any articles that cover this topic?
Solved! Go to Solution.
From experience: this comes down to the value of the metadata and its significance including that of source IP addresses, destinations, host names and any indicator of compromise i.e. security events transferred and what giveaways it provides. A Government agency may have a particular perspective, but even then there is movement towards the use of public cloud in some circumstances./
It's a risk management decision, once people understand the value of the metadata and whether it is being encrypted in transit or exposed to the world for all and sundry to see. And who is handling and protecting it.