Managing data compliance in today’s cloud era can be frustrating. On one hand, organizations need the scalability, adaptability, and efficiency that cloud systems provide, both for backend IT professionals and front-end users.
On the other hand, data sovereignty regulations—like GDPR or the United States Clarifying Lawful Overseas Use of Data (CLOUD) Act —have strict requirements surrounding how information can be stored, processed, and shared within (or beyond) geopolitical boundaries.
Because cloud-based systems can span multiple countries, it’s usually difficult to execute data compliance solutions like ORIGIN through the cloud and maintain sovereignty at the same time. To avoid violations, compliance teams instead need to carefully localize data management tools outside of cloud environments—an approach that often means duplicating instances of the same software application for each region.
However, Intlabs is charting a new path with the release of ORIGIN Cloud. For the first time, organizations can rely on a data compliance tool that runs in the cloud without compromising sovereignty guarantees. The result is a system that makes compliance workflows more scalable on the backend and more seamless for users.
Understanding the data architecture
To appreciate this novel approach, it helps to understand how sovereignty-minded data architectures typically work. Let’s take a look at ORIGIN’s previous version.
ORIGIN is a regulatory compliance solution that fits within your data governance stack. It makes it easier to share information between regions, systems, and teams while complying with sovereignty and privacy restrictions. Users add data sources to the platform, choose relevant regulations, and ORIGIN automatically pinpoints and protects non-compliant content before it’s shared.
To keep data within the country or jurisdiction where it’s governed, the platform required separate ORIGIN app instances for every sovereign region, each with its own URL and system boundary. For example, if you wanted to handle Canadian data, you would log into an ORIGIN app connected to Canadian servers and processors. Handling EU data? There was a separate ORIGIN instance to handle those data sources as well.
Originally, ORIGIN created multiple local app instances to maintain data sovereignty.
There’s nothing inherently wrong with this approach: it keeps data where it’s supposed to be, giving organizations peace of mind that their digital assets aren’t entering foreign regions without proper authorization or controls. The system still uses a single sign-on, and ORIGIN looks and functions the same regardless of which instance is being used. In fact, most data sovereignty solutions, or any software concerned with localizing data, rely on duplicating applications region by region.
However, if someone needs to alternate between EU and Canadian sources, they must navigate between two different ORIGIN urls. This gets a little clunky from a user perspective when multiple sovereignty zones are involved. From the backend, running separate instances also isn’t exactly elegant—yet it’s the only way to uphold complete data sovereignty. Until now.
Data governance in the cloud with ORIGIN
With its first cloud release, ORIGIN preserves all the compliance functionality of its previous version, but is now able to deliver it through a single app instead of creating separate instances for each region. After logging in, users can toggle between organizations, with each organization housing its own data sources. Organizations can represent different jurisdictions, making it easy to switch between sources if your data resides in multiple locations.
ORIGIN Cloud uses a unique architecture to achieve this simple workflow while guaranteeing full data sovereignty. Here’s how it works behind the scenes:
- ORIGIN uses public cloud-based or privately deployed data planes to save and retrieve data in each respective country or jurisdiction.
- When a user makes a data request, the system sends that data from the sovereign data plane directly to the user’s web browser rather than routing it through the app itself, now called the control plane.
- Every request is tied to an encrypted token generated by the user’s action. This means unauthorized parties can’t intercept the data, even if they compromise the app on the control plane.
ORIGIN Cloud routes data directly from local storage to the user to maintain data sovereignty while providing the ease of a single-app interface.
Unlike the old version, which creates system boundaries, ORIGIN now delivers a unified cloud data governance framework that easily scales with multiple jurisdictions. Crucially, the ORIGIN app orchestrates how data moves without becoming a part of the data pipeline itself. When data can move directly from local storage to authorized users and bypass the app, the system enables full data sovereignty while reducing the clunkiness of navigating several instances.
Why does this matter?
A single app approach results in a more seamless workflow. Users can see all available data sources and their jurisdictions without needing to switch between ORIGIN instances, making information easily discoverable through one pane of glass. Meanwhile, the system’s underlying architecture ensures that information remains both secure and sovereign. Administrators can easily add new organizations or sovereignty zones to the app as their data flows expand globally, scaling operations without sacrificing compliance or user efficiency.
Perhaps most importantly, the release represents a paradigm shift in what’s possible for data sharing architectures. Up to this point, sovereignty restrictions were the reason compliance tools like ORIGIN stayed out of the cloud. ORIGIN Cloud represents a new era of data sovereignty solutions, proving that you don’t have to choose between enforcing data protections and harnessing the benefits of cloud technology. You can have both.
A new way to design compliance systems
Data compliance software, which ensures that information adheres to regional privacy and sovereignty regulations, is typically difficult to combine with cloud technology. This is because compliance tools, like ORIGIN, rely on locally-hosted apps to keep data contained within their respective jurisdictions. Operating across multiple jurisdictions means generating separate app instances—an approach that is hard to optimally scale.
ORIGIN Cloud is the first data compliance tool that challenges these constraints. It’s built using a cloud-based architecture designed to keep information fully localized while deploying a single app. This approach keeps the user experience—and the backend—more streamlined.
ORIGIN’s cloud release is more than a product update—it’s a new way of thinking about the relationship between the cloud and data sovereignty. Intlabs offers a new model for organizations that still rely on fragmented, region-by-region systems, enabling regulated sectors to embrace cloud technology without sacrificing the controls that matter most.