Export Control Compliance and Defense Technology

In the U.S, a host of stringent regulations apply to the export of defense solutions, products, or services. The laws govern the confidentiality of data or information on controlled military technology originating from the U.S to ensure that it does not fall in the wrong hands and negatively impact national security or foreign policy. Small […]

Read More

ITAR, Cloud, and Encryption

The International Traffic in Arms Regulations (ITAR) affect many businesses based or with operations in the United States. As businesses, especially small and medium sizes, embrace the cloud and other forms of digital transformation it becomes increasingly difficult to manage the responsibilities under ITAR as defense articles are virtualized and the definition of “export” becomes […]

Read More

ITAR and EAR Compliance in the Cloud

Recent changes to the EAR regulations provides a way for organizations to store data in Cloud environments and stay compliant with export rules. We first learned of these changes in the June 3, 2016 Federal Register but they are now final and part of the U.S. Code 15 CFR 734.18 and 734.19. In short, the […]

Read More

Organisations must reconsider how they protect data

By Ted Pretty A new IDC Perspective entitled Is Data the New Endpoint(1) proposes that organisations need to change how they think, and instead view data itself as an endpoint to improve how it can be secured. The report states that: “Data is an asset that is increasing in value, created and stored in an […]

Read More

Perimeter Security – A Cycle of Failure

The manner in which enterprises conduct business has changed drastically over the past two decades, but approaches to security have not. During the advent of e-commerce, businesses focused on network firewalls, system hardening and network intrusion detection systems to protect web servers from compromises or denial of service attacks. As businesses made this environment more […]

Read More

WannaCry Attack: Let’s Talk Cloud and Encryption

The 150 country wide ransomware attack, known as WannaCry, which took down a number of organisations, including several NHS trusts, flooded the media last month. The ransomware attack – which involved cyber criminals gaining access to data and then encrypting it with a key known only to them – saw $300 worth of bitcoin being […]

Read More

Office 365 Security Score

I recently ran across the Office 365 Secure Score tool. Basically, it provides a way for you to measure how many of the Office 365 security settings you’ve enabled and configured according to Microsoft’s best practices. For example, we use the Office 365 Multi-Factor Authentication so our tenancy received points for doing so but we […]

Read More

Google Announces Bring Your Own Key (BYOK)

Google recently announced Cloud Key Management Service for the Google Cloud Platform. Google KMS is Bring Your Own Key by another name. It includes the ability to log key management tasks and access to or use of key material. At this time of this blog the activity logging is in Beta so you have to […]

Read More

What is NIST 800-171 and Why You Should Care

[Update September 26, 2017: Read the follow-on blog which also has a spreadsheet to help organize your compliance efforts.] As a group of security and compliance industry veterans we’ve had to read our fair share of NIST publications*. The latest NIST document that has our attention is NIST 800-171, Protecting Controlled Unclassified Information in Nonfederal […]

Read More

Is Cloud Security Over-hyped?

Cloud security in all its various shapes and forms is a hot topic. While more attention to security is a good thing, it’s important to remember that Cloud security ignores the fact that most organizations haven’t finished securing the data that isn’t in the Cloud. For example, a spreadsheet of electronic protected health information (patient […]

Read More