A Systematic Approach to Controlled Technical Data

NextLabs routinely advises customers whose businesses handle Controlled Technical Data (CTD) such as ITAR, EAR, and data controlled by non-US Jurisdictions, to take a proactive, systematic approach to managing CTD throughout its lifecycle. Many of these enterprises have been in business for a number of decades, during which time they have created substantial CTD organically, and acquired additional CTD through various business transactions and transformations. The CTD routinely spans every type of electronic storage that has ever been used in the enterprise. A portion of this CTD, in some cases a substantial portion, has reached Legacy CTD status, which means that it is no longer actively used in the normal business operations of the enterprise. more “A Systematic Approach to Controlled Technical Data”

4 Ways IT must Change to Protect your Business

By E.K. Koh, VP of Solutions at NextLabs

It’s not your perimeter. It’s not your applications. In an age where there is no perimeter, where data moves from application to application, from servers to desktops to tablets and smart phones that the company does not even own, managing security at the perimeter or application is essential, but not sufficient. What is your value at risk? It is your DATA.

Data is Valuable

In a survey by Forrester, companies noted that corporate secrets (or intellectual property) comprise 2/3 of their information portfolio, with 1/3 being customer custodial data. The figure below shows the relative value of different types of data rated on a million dollar scale: more “4 Ways IT must Change to Protect your Business”

Data Segregation: Missing piece in securing Enterprise Content

By Soujanya Madhurapantula, Senior Product Manager at NextLabs

I have had the same conversation with a lot of our customers… it keeps me awake at night.

Here is how many customers have described it to me:

We have millions of documents sitting in our enterprise application servers that we know are accessible to all our users. We are subject to regulations that require us to identify classified documents within these large sets of data, and segregate them into restricted servers. It is also important for us to restrict users from storing documents in the wrong servers. We are not sure how to segregate this data and put them into the right physical servers. This project is so complex, we do not even know where to start. more “Data Segregation: Missing piece in securing Enterprise Content”

Can we turn off Snowden’s access after the fact?

By E.K. Koh

In my last blog, Would data-level controls have stopped Snowden, I highlighted the importance to separate system rights from data rights. But what if Snowden was using a login credential that in fact grants him rights to sensitive data? Accounts vary, but in the blog What the Snowden affair taught us , Anand alluded to the fact that Snowden gained access by stealing credentials of users with higher privilege. Unfortunately, even a system with fine grained data entitlement capabilities will not be able to stop Snowden, under his new identity, from copying sensitive data. more “Can we turn off Snowden’s access after the fact?”

Export Control in the News: AeroFlex’s ITAR Settlement and Standards for Export Compliance

The latest A&D news: Aeroflex’s $8 million dollar settlement with the U.S. Department of State for violations of the Arms Export Control Act (AECA) and the International Traffic in Arms Regulations (ITAR).

The State Department reported it conducted an “extensive compliance review” and discovered “inadequate corporate oversight and a systemic and corporate-wide failure” which resulted in unauthorized exports and re-exports of electronics, microelectronics and related technical data that are subject to ITAR. more “Export Control in the News: AeroFlex’s ITAR Settlement and Standards for Export Compliance”

Managing Export Compliance with Trade Management IT Systems

By Soujanya Madhurapantula.

Let’s start with what a trade management system is, what it does, and what are some of its shortcomings.

What is a Trade Management System

Export control can get pretty messy, especially when you consider how a typical company will be operating according to the rules of multiple jurisdictions at any given time.  Businesses that must comply with Export Control regulations like ITAR often maintain license and distribution information in a central Trade Management System (TMS).  more “Managing Export Compliance with Trade Management IT Systems”