Prevent Routing To Data Centers Outside Legal Jurisdiction

datacenters

#1

Hi,

Our system involves confidential personal data which, due to legal reasons, cannot leave our country of jurisdiction.

By default Cloudflare uses the nearest avaliable Data Center (in our case, London) but the risk is if the London Data Center went down (and the Edinburgh one too) our data could be routed, temporarily, outside the country.

We need a way to prevent data passing outside other countries, IE some way to exclude foreign nodes from carrying our traffic, or at least some guarantee our data won’t be routed through them. Is this possible?

This could make the difference between us using Cloudflare or not, but we need to know whats possible through Cloudflare when Legal asks the questions.


#2

As far as I know there isn’t a way. This would prevent them having any solution to DDoS attacks for only those datacenters.

The only thing you can try (I really doubt it will be possible, but trying never hurt anybody) is contacting the sales department (https://www.cloudflare.com/plans/enterprise/contact/) and seeing what they can do.


#3

Not what I was hoping to hear but thank you.

We’re stuck in a difficult place legally and whilst Azure can specify regions for deploying resources it could be problematic if Cloudflare doesn’t.

I understand the logic of being fully distributed and the point about making the data center a target for concentrated attacks that way, makes complete sense from a security and technical standpoint but could be problematic legally.

Will probably need to have a long chat with Legal to see what is considered acceptable in the name of security…

Thank you.


#4

Also consider that Cloudflare actually de-encrypts all content and re-encrypts it, so in every datacenter there is, even if for just a couple milliseconds plain text data.