Skip to content
Close
SEARCH
Talk with Us
Talk with Us
Our Approach
Consulting Services
Cloud Security and Compliance
Cloud Adoption and Modernization
Cloud Capabilities and Engineering
All Partners
AWS
Google Cloud
Microsoft Azure
Schellman
News
Blog
Video Library
White Papers
Events
Open Source Projects
About Us
Who We Are
Our Clients
Our Team
Our Jobs
Contact Us
industrial r&d platform

Industrial R&D Platform

ScaleSec unlocks defense customers for simulation platform through ITAR compliance support
INDUSTRY
Information Technology
LOCATION
Palo Alto, CA
USE CASE
GCP ITAR Compliance, NIST SP 800-171

Assignment

ScaleSec guided an early-stage startup to support ITAR compliance, enabling their SaaS platform's public launch and pursuit of defense industry customers.

Challenges Faced

To meet ITAR compliance by a targeted launch date, ScaleSec helped the startup navigate regulatory, technical, and procedural hurdles.

The platform's role under ITAR was not immediately clear, as they did not fit the standard definition of a manufacturer, exporter, or broker of defense articles. ScaleSec communicated with the Directorate of Defense Trade Controls (DDTC) to clarify their requirements and responsibilities.

In reviewing the deployed Google Cloud Platform architecture, ScaleSec uncovered that some GCP services or features were not authorized for ITAR. ScaleSec recommended specific technical solutions to work around those constraints. Additionally, product updates were required to warn users of ITAR-controlled data in a clear but least-intrusive way, so ScaleSec developed clear guidance for achieving this balance.

As a startup, their established information security policy was lightweight and needed careful updates to meet requirements without adding unnecessary burden. Company staff were not familiar with the ITAR, so ScaleSec provided comprehensive and concise training to ensure they understood how to follow the newly required procedures.

Approach Taken

ScaleSec carefully navigated ITAR regulations to understand applicable requirements. In particular, the company needed to select a compatible security framework and establish a compliance program.

ScaleSec recommended building a program using the NIST SP 800-171 framework, to meet both immediate and future compliance goals. ScaleSec then reviewed existing processes and technical architectures against ITAR and NIST SP 800-171 to identify required changes. ScaleSec recommended specific technical changes to meet these requirements without degradation of resiliency or performance, going beyond simply informing the company that they did not meet a requirement.

ScaleSec also drafted an updated information security policy to meet requirements while avoiding adding unnecessary burden. Finally, ScaleSec trained the company's staff on ITAR compliance and provided customized training curriculum for new employee onboarding and refresher training.

Results

With ScaleSec’s assistance, the company launched on schedule with ITAR compliance support, enabling immediate engagement with US defense industry customers for the design and development of export-controlled articles. ScaleSec and this startup continue to collaborate on additional cloud architecture, security, and compliance goals.

Want to speak with a ScaleSec expert?

Want to optimize and transform your existing digital portfolio? Reach out to us.
Connect