@CloudExpo Authors: Yeshim Deniz, Liz McMillan, Pat Romanski, Elizabeth White, Zakia Bouachraoui

Blog Feed Post

Department of State Approves Perspecsys Tokenization to Process ITAR Data in the Cloud

MCLEAN, Va. – June 4, 2014 – Perspecsys, the leader in enterprise cloud data protection, announced today that it received a written ruling from the U.S. Department of State’s Directorate of Defense Trade Controls (DDTC) confirming that technical data secured using Perspecsys tokenization can be processed outside the U.S. through the cloud without obtaining an export license under the International Traffic in Arms Regulations (ITAR).

In its groundbreaking decision, DDTC reinterpreted the ITAR to authorize the use of Perspecsys tokenization to process ITAR technical data in the cloud without a license, even where the tokenized technical data may be transferred to servers located outside the United States. DDTC’s new interpretation shifts the regulatory landscape – opening the cloud to companies subject to the ITAR.

In the past, organizations had explored the use of encryption to secure ITAR-controlled data in the cloud. While more secure than plain text, encryption failed to materialize as a viable cloud computing solution for companies subject to ITAR. Encryption presents a fundamental security concern because encrypted data on the cloud can be decrypted and exposed through the use of a key or mathematical derivation.

Perspecsys tokenization differs significantly from encryption, as there is no cipher algorithm to mathematically transform tokenized data back to its clear text. Implementing Perspecsys’ tokenization solution means that clear text ITAR data stays within the owner’s secured network and never leaves the owner’s control in any format – providing maximum security and compliance.

“We’re no strangers to regulations and compliance and have worked to help companies in regulated industries around the globe utilize the cloud without violations,” said David Canellos, president and CEO, Perspecsys. “We took the initiative to approach DDTC with the proposition that Perspecsys’ tokenization cloud solution would satisfy ITAR requirements. The DDTC ruling that our tokenization product will not require an ITAR license is not only validation for Perspecsys, but a complete game changer for ITAR-governed companies who were previously unable to work how they wanted – in the cloud.”

“Perspecsys has developed a way to put ITAR data in the cloud securely through tokenization, which will make life much easier for the defense industry,” said Richard A. Clarke, former Senior White House Advisor on Cyber Security. “As someone who, as Assistant Secretary of State, was once responsible for ITAR enforcement, I welcome this creative use of technology to enable compliance.”

Perspecsys customers are able to tokenize data in a DDTC-approved fashion via the Perspecsys AppProtex Cloud Control Gateway. The AppProtex Gateway intercepts sensitive data while it is still on-premise and replaces it with a random tokenized value, rendering it meaningless should anyone outside of the company access the data while it is being processed or stored in the cloud. The gateway does this while remaining completely transparent to cloud application users – they have full use of critical capabilities such as Searching, Sorting and Reporting, even on data that has been strongly tokenized.



The post Department of State Approves Perspecsys Tokenization to Process ITAR Data in the Cloud appeared first on Cloud Computing Best Practices.

Read the original blog entry...

More Stories By Cloud Best Practices Network

The Cloud Best Practices Network is an expert community of leading Cloud pioneers. Follow our best practice blogs at http://CloudBestPractices.net

CloudEXPO Stories
DXWorldEXPO | CloudEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.
Founded in 2000, Chetu Inc. is a global provider of customized software development solutions and IT staff augmentation services for software technology providers. By providing clients with unparalleled niche technology expertise and industry experience, Chetu has become the premiere long-term, back-end software development partner for start-ups, SMBs, and Fortune 500 companies. Chetu is headquartered in Plantation, Florida, with thirteen offices throughout the U.S. and abroad.
Today, we have more data to manage than ever. We also have better algorithms that help us access our data faster. Cloud is the driving force behind many of the data warehouse advancements we have enjoyed in recent years. But what are the best practices for storing data in the cloud for machine learning and data science applications?
DevOpsSummit New York 2018, colocated with CloudEXPO | DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City. Digital Transformation (DX) is a major focus with the introduction of DXWorldEXPO within the program. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term.
The standardization of container runtimes and images has sparked the creation of an almost overwhelming number of new open source projects that build on and otherwise work with these specifications. Of course, there's Kubernetes, which orchestrates and manages collections of containers. It was one of the first and best-known examples of projects that make containers truly useful for production use. However, more recently, the container ecosystem has truly exploded. A service mesh like Istio addresses many of the challenges faced by developers and operators as monolithic applications transition towards a distributed microservice architecture. A tracing tool like Jaeger analyzes what's happening as a transaction moves through a distributed system. Monitoring software like Prometheus captures time-series events for real-time alerting and other uses. Grafeas and Kritis provide security polic...