Download   Report
  1. technology and computing

WH IT E PA PE R Compliance with ITAR and Export

WHITEPAPER
Compliance with ITAR and Export
Controls in Collaboration Systems
SharePoint, File Servers, OneDrive,
SharePoint Online, and Office365
Compliance with ITAR and
Export Controls in Collaboration
and SharePoint Online for Government
Executive Summary
IT executives for organizations that are subject to export controls and
regulations, including ITAR, EAR, as well as German BAFA regulations,
and the UK Export Control Act, are under pressure to meet the
restrictions on access that are required of them, while also gaining the
efficiencies afforded by collaboration platforms. The obvious challenge,
however, is to properly secure SharePoint, file servers, OneDrive,
SharePoint Online, and Office365 environments for use cases that involve
export controlled data.
CipherPoint Software offers products to find, encrypt, control access,
and log access to export controlled information in file sharing and
collaboration platforms, both on Premises and in Cloud environments.
The purpose of this document is to demonstrate how an organization can
use CipherPoint’s products to identify locations that contain export
controlled information, secure those locations exactly according to the
NIST 800-111 guidance, and then be able to quickly respond to an
incident and report any permitted or denied access to this restricted data.
CipherPoint’s approach not only reduces the Total Cost of Ownership
associated with security solutions but also reduces the costs and time it
takes to respond to security incidents.
CipherPoint Software, Inc. | 1730 Blake Street, Suite 400 | Denver, CO 80202 | 888-657-5355 | [email protected] | www.CipherPoint.com
Compliance with ITAR and
Export Controls in Collaboration
and SharePoint Online for Government
Finding Export Controlled Information in
Collaboration Systems
An obvious first step in addressing compliance obligations and security
requirements is to understand the scope of the issue. For export
controlled information in collaboration systems, this means scanning the
information repositories to determine exactly where export controlled
data exists.
Finding export-controlled information in any repository can be a daunting
challenge in file repositories such as SharePoint, file servers, and cloud
collaboration systems. With systems such as these, even if you have
good governance policies, it is easy for employees to place sensitive,
export controlled information in locations that are not adequately
secured, and where access controls and permissions are not correctly
configured.
CipherPoint offers a content scanning module in our Eclipse Data
Security Suite that can easily scan your collaboration sites and document
libraries and lists for export controlled information.
Once you have confirmed whether or not information that should be
restricted per export restrictions resides in your collaboration systems,
you can decide if there is a business need for that information to be in the
platform, and then go about the effort of securing the information, and
controlling access to it.
Securing Export-Controlled Information
Collaboration systems such as SharePoint provide native access controls
to ensure that only certain users or groups have access to a particular
collaboration site or document library. A common approach is to align the
SharePoint permissions model with Active Directory group membership
which is, in turn, aligned with corporate Role-Based Access Control
(RBAC) policies. Once configured, organizations need to carefully audit
and manage access to export-controlled data. Permissions management
is a common point of failure as permissions can be changed by multiple
users and at different levels of granularity (e.g. Site, Library, or Item).
Native platform permissions management capabilities in collaboration
platforms are generally insufficient to the task of ensuring that this
sensitive information cannot be accessed by those with no valid “need to
know”.
CipherPoint Software, Inc. | 1730 Blake Street, Suite 400 | Denver, CO 80202 | 888-657-5355 | [email protected] | www.CipherPoint.com
Compliance with ITAR and
Export Controls in Collaboration
and SharePoint Online for Government
What’s needed is an approach that not only secures the confidentiality of
export-controlled information but also provides evidence that the
necessary security controls are in place. Further, meeting those security
objectives while simultaneously enabling operational efficiencies through
the adoption of collaboration platforms such as SharePoint is a significant
benefit for any organization trying to deploy scarce budget dollars as
effectively as possible. The key security controls for export-controlled
information include:
•
•
•
•
•
A RBAC policy that clearly defines those who have a business
need to access export-controlled data
Access controls that are managed and enforceable per the
organization’s RBAC policy
Activity logging to track permitted and denied access requests to
export controlled information and to provide non-repudiation
Data at rest encryption and encryption key management in
accordance with the guidelines in NIST 800-111
Separation of duties among IT operations and the Information
Security or Risk and Compliance departments
CipherPoint Solution
The CipherPoint solution is specifically architected to maintain the
confidentiality of information stored in SharePoint environments and other
multi-tenant file sharing and collaboration platforms. Customers can use
CipherPoint’s technology to:
•
•
•
•
Find export-controlled data in SharePoint, file servers, OneDrive,
SharePoint Online, and Office365
Transparently encrypt it according to the NIST guidelines
Control and audit access to export-controlled data per “need to
know” policies
Report and respond to accesses to export-controlled information
The approach above allows an organization to not only demonstrate the
due diligence required to avoid fines which may be associated with
export security breaches or improper disclosures of export-controlled
information but also to quickly and cost effectively respond to a potential
breach of this information.
CipherPoint Software, Inc. | 1730 Blake Street, Suite 400 | Denver, CO 80202 | 888-657-5355 | [email protected] | www.CipherPoint.com
Compliance with ITAR and
Export Controls in Collaboration
and SharePoint Online for Government
CipherPoint’s Eclipse solution includes a centralized management
console, which allows organizations to locate and manage the security
and transparent encryption of export restricted data. This architecture
provides true separation of duties and enforces need to know policies
allowing the SharePoint administrators or third party Cloud providers to
manage the platform and the Compliance team to manage security of this
information. The Compliance team administers the security controls
without requiring elevated access to SharePoint, only the authorized endusers are able to access export restricted information, and the
CipherPoint system tracks permitted and denied requests to documents
and changes made to security controls. CipherPoint’s technology is
transparent to end-users in order to remove any obstacles to adoption of
SharePoint, file servers, OneDrive, SharePoint Online, or Office365.
Conclusion
Government regulators have strict requirements on controlling access to export
controlled data. Translating their requirements into policies and controls for you
collaboration environment is left up to your organization. CipherPoint’s Eclipse
family of data security solutions give you the tools you need to identify exportcontrolled information in existing information repositories, secure the data
through encryption and access controls, and then audit and report on access to
satisfy auditors. The combination of collaboration platforms such as SharePoint,
file servers, OneDrive, SharePoint Online, and Office365 and CipherPoint Eclipse
allows organizations not only to achieve the business efficiencies associated
with collaboration, but also meet ITAR and other export compliance
requirements, and avoid security breaches and fines.
About CipherPoint Software, Inc.
CipherPoint identifies, secures, and audits access to sensitive and
regulated data on-premises and in cloud file sharing and collaboration
systems with a single data security management console. CipherPoint’s
solution is unique in keeping privileged IT administrators and outside
attackers that target IT level access from being able to view sensitive
information. CipherPoint is uniquely capable of securing data across file
servers, on-premises SharePoint, Office365, SharePoint Online, and other
cloud collaboration systems. CipherPoint’s products are easy to deploy
and manage, and scalable to meet the needs of large enterprises.
A winner of the SINET 16 award as a top security company in 2012, and
CipherPoint Software, Inc. | 1730 Blake Street, Suite 400 | Denver, CO 80202 | 888-657-5355 | [email protected] | www.CipherPoint.com
Compliance with ITAR and
Export Controls in Collaboration
and SharePoint Online for Government
“Most Innovative Cloud Security Solution in 2014” from Cyberdefense
magazine, CipherPoint is headquartered in Denver, Colorado, and was
founded by IT security experts with deep experience in building
successful security technology companies. Customers in healthcare,
financial services, manufacturing, government, and other industries, in
Europe, North America, and Asia rely on CipherPoint to protect access to
sensitive and regulated information. CipherPoint is proud to be a member
of the Microsoft Business Critical SharePoint Program.
Copyright 2014, all rights reserved. CipherPoint® is a registered trademark of CipherPoint Software, Inc. CipherPoint Eclipse,CipherPoint
Eclipse for SharePoint, CipherPoint Eclipse for SharePoint Online/Office 365, CipherPoint Eclipse for Healthcare, CipherPoint Eclipse for File
Servers, CipherPoint Eclipse Data Security Console and the stylized CipherPoint logo are trademarks of CipherPoint Software, Inc..
SharePoint, SharePoint Online, and Office 365 are trademarks of Microsoft. Doc. ID: CPWP014
CipherPoint Software, Inc. | 1730 Blake Street, Suite 400 | Denver, CO 80202 | 888-657-5355 | [email protected] | www.CipherPoint.com
Mississippi Department of Education o

Mississippi Department of Education o

How to Increase Your Employees' Productivity by Allowing Them to Find

How to Increase Your Employees' Productivity by Allowing Them to Find

BEST PRACTICES Managing Projects using Project Server 2010

BEST PRACTICES Managing Projects using Project Server 2010

Effectively Using Your SharePoint Intranet from a Mobile Device Lisa Ruff

Effectively Using Your SharePoint Intranet from a Mobile Device Lisa Ruff

Document 387135

Document 387135

Document 390065

Document 390065

HOW TO: Keep SharePoint file names and folder structure in... BLOB store

HOW TO: Keep SharePoint file names and folder structure in... BLOB store

Enterprise Content Management Strategy March 2010

Enterprise Content Management Strategy March 2010

SharePoint Compliance Portal Development

SharePoint Compliance Portal Development

brochure

brochure

abcdocz.com

© Copyright 2024