While cloud technology is becoming more ubiquitous, government contractors and agencies must be vigilant with the control of their data. If you’re working with the Department of Defense (either directly or through a subcontract), hopefully you are aware of and abide by export control regulations. These include Export Administration Regulations (EAR) and International Traffic in Arms Regulations (ITAR), and many others, spanning dozens of government agencies. For good reasons, the US Government has tight controls over the export of material, technology, and information. This includes physical hardware such as munitions, technological assets such as schematics, or information relating to the same. Even a conversation can be an “export” if certain types of information are disclosed, so contractors have to be exceedingly careful.
Cloud technology comes into the picture because software vendors are eager to sell businesses solutions that include integration with the cloud. Consumers and businesses enjoy the automatic data synching, cloud backup, and business resiliency that cloud technology offers. However, many cloud-based services are not compliant with US export regulations. When looking to deploy a cloud solution, one of the first questions to ask is: Where is the data stored and who can access it? This will weed out the majority of cloud products, because even if the software vendor is located in the US, they may backup data overseas. It’s a common practice to reduce the risk of environmental catastrophes. Even if they don’t use international backup, they may not be able to guarantee compliance, which means your business will be at risk if a regulation is violated.
NuWaves takes pride in protecting the warfighter by ensuring data is secure.
Should DoD contractors bother with cloud technology? There are some sectors of any business that won’t be subject to export regulations, such as Accounting. Utilizing a Software as a Service (SaaS) Accounting system is probably not going to get you into any export regulation issues. You should always do your due diligence when evaluating potential implementations.
Cloud technology can offer benefits that are hard to ignore, but businesses have to be vigilant with where their data is stored and who can access it. Though we consider data to be different from “physical” exports, it is as physical as anything else. Data stored on a computer, whether local or in the cloud has a physical location and thus must be controlled as any other export-regulated material. Businesses are encouraged to have an Export Compliance department, even if it’s a department of one to help better understand and manage export compliance.