Export Control Compliance and Defense Technology

In the U.S, a host of stringent regulations apply to the export of defense solutions, products, or services. The laws govern the confidentiality of data or information on controlled military technology originating from the U.S to ensure that it does not fall in the wrong hands and negatively impact national security or foreign policy. Small […]

Read More

ITAR, Cloud, and Encryption

The International Traffic in Arms Regulations (ITAR) affect many businesses based or with operations in the United States. As businesses, especially small and medium sizes, embrace the cloud and other forms of digital transformation it becomes increasingly difficult to manage the responsibilities under ITAR as defense articles are virtualized and the definition of “export” becomes […]

Read More

ITAR and EAR Compliance in the Cloud

Recent changes to the EAR regulations provides a way for organizations to store data in Cloud environments and stay compliant with export rules. We first learned of these changes in the June 3, 2016 Federal Register but they are now final and part of the U.S. Code 15 CFR 734.18 and 734.19. In short, the […]

Read More

Three best practices for data discovery

Data discovery and automated data classification are incredibly important to businesses, especially as upcoming regulations like Europe’s General Data Protection Regulation (GDPR) and Australia’s Notifiable Data Breach (NDB) scheme mandate that organizations must know where regulated data resides and are appropriately managing access to and use of it, at all times. Continuous understanding of what […]

Read More

HR Professionals can’t ignore NDB

In February 2017, the Notifiable Data Breaches (NDB) legislation was passed as an Amendment to the Australian Privacy Act (1988), with the new regime coming into effect on 22 February 2018. It’s literally just around the corner, so now is the time to make sure you understand what you’re required to do and how, as […]

Read More

Organisations must reconsider how they protect data

By Ted Pretty A new IDC Perspective entitled Is Data the New Endpoint(1) proposes that organisations need to change how they think, and instead view data itself as an endpoint to improve how it can be secured. The report states that: “Data is an asset that is increasing in value, created and stored in an […]

Read More

GDPR makes HIPAA and PCI fines look cute

If you think fines for non-compliance with HIPAA or PCI DSS are scary, GDPR will really blow your mind. Non-compliance with the GDPR can result in fines of up to €20MM or 4% of annual revenues, whichever is higher. Imagine a fictitious company, Karaleebro, that has $28B in annual revenues – most of it derived […]

Read More

A Closer Look at NIST 800-171

If you are reading this blog, you probably already know that NIST 800-171 is the requirements document titled, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations. Federal government contractors storing Controlled Unclassified Information (CUI) must comply with this standard by December 31, 2017 or notify their government customer of any delays in doing […]

Read More