Page 58 - index
P. 58
A Guide to Cloud Compliance in the Defense Industry
By William O’Brien, COO, Brainloop Inc.
Defense contractors do not differ from other industries in seeking fast, efficient and cost-
effective technology solutions to most efficiently run their businesses. This process often leads
contractors to rely on free or low cost, low functionality public cloud storage solutions to store,
exchange and collaborate on data with colleagues and third parties.
While this may seem like standard business practice (as well as quite convenient), the defense
industry – out of all sectors – must consider security and compliance regulations when
implementing such technology into their day-to-day workflow.
This reality is no more acute than when they are handling sensitive and export-controlled
information and technical data where mere promises of security and half-hearted attempts to
achieve security will not suffice.
Don’t Ignore “The Important”
Traditionally – and surprisingly – security compliance when dealing with sensitive information
too often isn’t at the forefront for defense contractors. Perhaps it is only human nature at play,
but until businesses fail to meet certain policies and are sanctioned, the issue of data and
document security is more often acknowledged in theory rather than honored in practice.
But once that penalty is imposed and a company must pay a significant fine, which can range
from tens of thousands to millions of dollars due to regulatory violations, then the issue and
need for airtight solutions become a primary goal.
Perhaps even worse, once fined, the reputation of that contractor is immediately tarnished
within its supply chain, its customers and the public.
Any company can opt out of this cycle. Companies can learn the lessons of security and
institute appropriate practices before it’s too late to avoid adverse consequences. They can, as
others have, stop ignoring compliance once and for all, before the breaches and resulting
punishments occur.
Just the thought of sensitive technical data landing in the hands of an uninvited, unlicensed third
party poses far too much of a risk for companies to do otherwise.
The threat is more common than most think. Just consider the following situation: an employee
at a U.S. defense contractor stores a file containing sensitive data onto a free or near free cloud
storage platform, for the sake of expediency.
After just a few clicks of the user or perhaps due to data mining by the storage company, a link
to that file is shared with a third-party vendor.
58 Cyber Warnings E-Magazine – December 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
