Cloud computing has metamorphosed from being a niche concept to one of the fastest growing segments in the IT industry. According to Gartner’s report on cloud services, End-user spending on public cloud services is expected to record a compound annual growth rate of 17.7% from 2011 through 2016. While cloud computing helps businesses become more … More Data Security in the Cloud
By Andy Han — SharePoint 2013, made generally available (GA) earlier this year, introduces several new features that will impact how information is shared across the enterprise: new social capabilities, improved search, cross-site publishing, and a roadmap for companies that want to move to Office 365 in the Azure cloud. The net impact seems to … More SharePoint 2013: Exciting new capabilities to share (leak?) sensitive data
The latest A&D news: Aeroflex’s $8 million dollar settlement with the U.S. Department of State for violations of the Arms Export Control Act (AECA) and the International Traffic in Arms Regulations (ITAR). The State Department reported it conducted an “extensive compliance review” and discovered “inadequate corporate oversight and a systemic and corporate-wide failure” which resulted … More Export Control in the News: AeroFlex’s ITAR Settlement and Standards for Export Compliance
by Gary Stanley Just as with past export control reform efforts in the Clinton and Bush II years, the Obama Administration started with the best of intentions to make U.S. export and re-export control rules more straightforward and less burdensome. Without dispute, it has pushed through broader changes than any of its predecessors. Like its … More The Politics of Export Control Reform: Why Less Licensing = More Complexity
By Soujanya Madhurapantula. Best Practices for Automating Electronic Export Control So at this point, I’m sure you can appreciate the challenges that an end-to-end export control solution has to handle. Not only must it effectively and carefully track shipments of goods, but also deal with all the technical documents that come with the product throughout … More 4 Steps to Automate Technical Data Export compliance
By Sandeep Chopra. In my last two posts on Dynamic Access Control (DAC), I described some of the limitations of traditional approaches to Authorization Management (see here) and how dynamic authorization is different (see here). It’s all about choosing the right tool for the job. This 2-minute use case from Andy Han provides a quick … More DAC in 2 Minutes
By Soujanya Madhurapantula. In the previous post, you’ve seen how we can control the movement of physical products using GTS. However, any company that deals in ITAR controlled products has associated technical data that they will need to share. And when these guys are people who are outside the US, or people who are within … More Controlling the Transfer of ITAR-related Technical Data: What will it take?
By Sandeep Chopra. In my previous post on access control in Windows Fileservers before Windows Server 2012, I argued that container-based authorization can be the right tool for the job when… Data-level controls are not necessary Discretionary policy enforcement is sufficient The number of containers and groups is small In this post, I describe the … More Container Based Controls versus Dynamic Authorization: The Difference in Windows Environments (Part 2)
By Soujanya Madhurapantula. Let’s start with what a trade management system is, what it does, and what are some of its shortcomings. What is a Trade Management System Export control can get pretty messy, especially when you consider how a typical company will be operating according to the rules of multiple jurisdictions at any given … More Managing Export Compliance with Trade Management IT Systems
By Mandy Pang. I just got back from MS Tech Ed in New Orleans. The hot topic was obvious: Microsoft’s new cloud platform, Windows Azure. I attended multiple sessions (such as this one), and a central message was how easy Azure makes it for IT organizations to move their resources and applications to the cloud. … More A Report From MS TechED 2013: Are We Moving Our Authorization Overhead to the Cloud?
nextlabs.wordpress.com 