Luminary Cloud
PLATFORM
Google Cloud
About the Customer
Luminary Cloud builds an innovative cloud-based simulation platform to enable accelerated industrial research and development. The high performance and high accuracy of this simulation platform speeds engineering cycles, providing faster time to insight compared to cumbersome engineering simulation solutions.
Challenges
This innovative simulation platform is particularly valuable to customers developing defense-related designs, which are subject to US export control under the International Traffic in Arms Regulations (ITAR). To meet ITAR compliance by a targeted launch date, ScaleSec helped the startup navigate regulatory, technical, and procedural hurdles.
The platform's role under ITAR was not immediately clear, as they did not fit the standard definition of a manufacturer, exporter, or broker of defense articles. ScaleSec communicated with the Directorate of Defense Trade Controls (DDTC) to clarify their requirements and responsibilities.
In reviewing the platform's architecture as deployed to Google Cloud Platform, ScaleSec uncovered that some GCP services or features were not authorized for ITAR. ScaleSec recommended specific technical solutions to work around those constraints. Additionally, product updates were recommended to warn users of ITAR-controlled data in a clear but least-intrusive way, so ScaleSec developed clear guidance for achieving this balance.
As a startup, their established information security policy was lightweight and needed careful updates to meet requirements without adding unnecessary burden. Company staff were not familiar with the ITAR, so ScaleSec provided comprehensive and concise training to ensure they understood how to follow the newly required procedures.
Approach Taken
ScaleSec carefully navigated ITAR regulations to understand applicable requirements. In particular, Luminary needed to select a compatible security framework and establish a compliance program.
ScaleSec recommended building a program using the NIST SP 800-171 framework, to meet both immediate and future compliance goals. ScaleSec then reviewed existing processes and technical architectures against ITAR and NIST SP 800-171 to identify required changes. ScaleSec recommended specific technical changes to meet these requirements without degradation of resiliency or performance, going beyond simply informing the company that they did not meet a requirement.
ScaleSec also drafted an updated information security policy to meet requirements while avoiding adding unnecessary burden. Finally, ScaleSec trained the company's staff on ITAR compliance and provided customized training curriculum for new employee onboarding and refresher training.
Results
With ScaleSec’s assistance, Luminary launched on schedule with ITAR compliance support, enabling immediate engagement with US defense industry customers for the design and development of export-controlled articles. ScaleSec and Luminary continue to collaborate on additional cloud architecture, security, and compliance goals.