Skip to content
Close
SEARCH
Talk with Us
Talk with Us
Our Approach
Consulting Services
Cloud Security and Compliance
Cloud Adoption and Modernization
Cloud Capabilities and Engineering
All Partners
AWS
Google Cloud
Microsoft Azure
Schellman
News
Blog
Video Library
White Papers
Events
Open Source Projects
About Us
Who We Are
Our Team
Our Jobs
Contact Us
luminary-cloud2

Luminary Cloud

ScaleSec unlocks defense customers for simulation platform through ITAR compliance support
INDUSTRY
Information Technology
USE CASE
GCP ITAR Compliance, NIST SP 800-171
CUSTOMER
Luminary Cloud
WEBSITE
https://www.luminarycloud.com/

luminary-logo

 

PLATFORM

Google Cloud

About the Customer

Luminary Cloud builds an innovative cloud-based simulation platform to enable accelerated industrial research and development. The high performance and high accuracy of this simulation platform speeds engineering cycles, providing faster time to insight compared to cumbersome engineering simulation solutions.

Challenges

This innovative simulation platform is particularly valuable to customers developing defense-related designs, which are subject to US export control under the International Traffic in Arms Regulations (ITAR). To meet ITAR compliance by a targeted launch date, ScaleSec helped the startup navigate regulatory, technical, and procedural hurdles.

The platform's role under ITAR was not immediately clear, as they did not fit the standard definition of a manufacturer, exporter, or broker of defense articles. ScaleSec communicated with the Directorate of Defense Trade Controls (DDTC) to clarify their requirements and responsibilities.

In reviewing the platform's architecture as deployed to Google Cloud Platform, ScaleSec uncovered that some GCP services or features were not authorized for ITAR. ScaleSec recommended specific technical solutions to work around those constraints. Additionally, product updates were recommended to warn users of ITAR-controlled data in a clear but least-intrusive way, so ScaleSec developed clear guidance for achieving this balance.

As a startup, their established information security policy was lightweight and needed careful updates to meet requirements without adding unnecessary burden. Company staff were not familiar with the ITAR, so ScaleSec provided comprehensive and concise training to ensure they understood how to follow the newly required procedures.

Approach Taken

ScaleSec carefully navigated ITAR regulations to understand applicable requirements. In particular, Luminary needed to select a compatible security framework and establish a compliance program.

ScaleSec recommended building a program using the NIST SP 800-171 framework, to meet both immediate and future compliance goals. ScaleSec then reviewed existing processes and technical architectures against ITAR and NIST SP 800-171 to identify required changes. ScaleSec recommended specific technical changes to meet these requirements without degradation of resiliency or performance, going beyond simply informing the company that they did not meet a requirement.

ScaleSec also drafted an updated information security policy to meet requirements while avoiding adding unnecessary burden. Finally, ScaleSec trained the company's staff on ITAR compliance and provided customized training curriculum for new employee onboarding and refresher training.

Results

With ScaleSec’s assistance, Luminary launched on schedule with ITAR compliance support, enabling immediate engagement with US defense industry customers for the design and development of export-controlled articles. ScaleSec and Luminary continue to collaborate on additional cloud architecture, security, and compliance goals.

Want to speak with a ScaleSec expert?

Want to optimize and transform your existing digital portfolio? Reach out to us.
Connect