Can we turn off Snowden’s access after the fact?

By E.K. Koh

In my last blog, Would data-level controls have stopped Snowden, I highlighted the importance to separate system rights from data rights. But what if Snowden was using a login credential that in fact grants him rights to sensitive data? Accounts vary, but in the blog What the Snowden affair taught us , Anand alluded to the fact that Snowden gained access by stealing credentials of users with higher privilege. Unfortunately, even a system with fine grained data entitlement capabilities will not be able to stop Snowden, under his new identity, from copying sensitive data. more “Can we turn off Snowden’s access after the fact?”

Attributes is the new role?

By Sandeep Chopra.

“Attributes” is the new Role?

In the last Gartner Identity and Access Summit in Nov 2013, Gregg Kreizmann, Research VP in Gartner, made a prediction that by 2020, 70% of all businesses will use attribute-based access control (ABAC) as the dominant mechanism to protect critical assets, up from <5% today.

In Oct 2013, NIST published their report titled “Guide to Attribute-based Access Control Definition and Consideration”, which we discussed in an earlier blog. This is recognition that organizations, including the federal government, need to govern how information is shared across systems, applications, and organizations. more “Attributes is the new role?”

A “Cheat Sheet” on the Obama Export Control Reforms

By Gary Stanley.

The initial Obama export control reforms became effective on Oct 15th.  Although these reforms promise less licensing, they come at the price of more complex controls and more extensive record keeping.  The new rules must be approached in a systematic manner.   Here’s a “cheat sheet” to help you take advantage of these significant changes to U.S. export and re-export controls. more “A “Cheat Sheet” on the Obama Export Control Reforms”

Export Control Reform – Are you Ready?

By E.K. Koh.

Parts of the US Export Control Reform went into effect on October 15th, 2013.  Are you ready?

The current system has two different control lists administered by two different departments, Commerce and State, and there are three primary export licensing agencies, Commerce, State, and the Treasury.  A multitude of agencies – Commerce, Defense, Homeland Security, Justice, State, and the Treasury – each have authority to investigate and/or enforce some or all of the export controls, each using separate IT systems that do not intercommunicate. more “Export Control Reform – Are you Ready?”

Export Control in the News: AeroFlex’s ITAR Settlement and Standards for Export Compliance

The latest A&D news: Aeroflex’s $8 million dollar settlement with the U.S. Department of State for violations of the Arms Export Control Act (AECA) and the International Traffic in Arms Regulations (ITAR).

The State Department reported it conducted an “extensive compliance review” and discovered “inadequate corporate oversight and a systemic and corporate-wide failure” which resulted in unauthorized exports and re-exports of electronics, microelectronics and related technical data that are subject to ITAR. more “Export Control in the News: AeroFlex’s ITAR Settlement and Standards for Export Compliance”

The Politics of Export Control Reform: Why Less Licensing = More Complexity

by Gary Stanley

Just as with past export control reform efforts in the Clinton and Bush II years, the Obama Administration started with the best of intentions to make U.S. export and re-export control rules more straightforward and less burdensome.  Without dispute, it has pushed through broader changes than any of its predecessors.

Like its predecessors’ changes, however, the Obama Administration’s may have reduced the licensing burden, but at the expense of making U.S. export and re-export controls more difficult to understand and administer.  The reason lies in the politics of U.S. export controls. more “The Politics of Export Control Reform: Why Less Licensing = More Complexity”

Controlling the Transfer of ITAR-related Technical Data: What will it take?

By Soujanya Madhurapantula.

In the previous post, you’ve seen how we can control the movement of physical products using GTS.  However, any company that deals in ITAR controlled products has associated technical data that they will need to share.  And when these guys are people who are outside the US, or people who are within the US but not US persons, then the technical data transmissions themselves are all considered as exports. more “Controlling the Transfer of ITAR-related Technical Data: What will it take?”

Managing Export Compliance with Trade Management IT Systems

By Soujanya Madhurapantula.

Let’s start with what a trade management system is, what it does, and what are some of its shortcomings.

What is a Trade Management System

Export control can get pretty messy, especially when you consider how a typical company will be operating according to the rules of multiple jurisdictions at any given time.  Businesses that must comply with Export Control regulations like ITAR often maintain license and distribution information in a central Trade Management System (TMS).  more “Managing Export Compliance with Trade Management IT Systems”