Embodiments of the present invention utilize a data hash and an associated geotag for authentication of geolocation policies for data object storage in a cloud system. The geotag may be an alphanumeric identifier such as a city name, postal (ZIP) code, and/or latitude-longitude pair. Embodiments include a post-authenticate process, in which, after a data object is retrieved from a BMS, the geographic location of the source is confirmed to ensure the location policies have not been violated. Additionally, embodiments include a pre-authenticate process, in which, prior to storing a data object in a BMS, the geographic location of the BMS that is to receive the data object is confirmed to ensure the location policies will not be violated. Embodiments may use pre-authenticate, post-authenticate, or both pre-authenticate and post-authenticate, in order to implement and verify the location policies.