GitHub adds Microsoft Azure-based EU data residency to Enterprise Cloud

GitHub adds Microsoft Azure-based EU data residency to Enterprise Cloud

GitHub has introduced a data residency feature for Enterprise Cloud, beginning with general availability in the EU from October 29, and with additional regions including Australia, Asia and Latin America to follow.

Currently, organizations that require their data to be stored in a specific region – for compliance or other reasons – may self-host using GitHub Enterprise Server. The produce description states that “One of the key advantages of GitHub Enterprise Server is that it provides organizations with complete control over their source code and data. Organizations can choose where to store their repositories and can control who has access to them.”

GitHub Enterprise cloud, by contrast, is hosted by GitHub and until now has not offered data residency guarantees. The press release introducing the data residency feature includes customer quotes from Zeiss, which states that it “aligns with local EU data protection regulations” and from Volkswagen’s CARIAD software development arm, which says that “ensuring that our data is predominantly hosted in Europe is a top priority.”

GitHub Enterprise Cloud is hosted on ghe.com and isolated from github.com.

A separate GitHub post describes “How we used GitHub to build GitHub Enterprise Cloud with data residency” and explains that Azure was chosen for hosting, since it has “data residency built-in, without having to build new datacenters ourselves.”

GitHub’s deployment process for Enterprise Cloud with data residency (from GitHub engineering post)

While the engineering post is worth a read for the description of how GitHub used features such as Codespaces, Actions and canary deployments internally – as well as forthcoming features such as hierarchical issues and typed issues – it reveals little about what Azure data residency means.

Microsoft describes Azure data residency on its website, and includes a number of caveats which organizations should review. Typically, data will be stored and processed in one Azure region but may be replicated to other regions for resiliency. However, “Microsoft will not store or process customer data outside the selected Geo” – where “Geo” is one of a list of geographies, including Europe. This document does note that AI and machine learning services may send data outside the selected geography.

This serves as a reminder that data residency options in a public cloud such as Azure are not the same as self-hosting in a datacenter owned or controlled by an organization. Self-hosting may provide more assurance of data residency and data sovereignty.

That said, from a technical perspective, using Enterprise Cloud has a number of advantages. GitHub states that “Changes to github.com and Enterprise Cloud with data residency are deployed minutes apart as part of a unified pipeline,” which means that features are kept up to date, whereas Enterprise Server has specific releases with only the four most recent releases supported.