Defense Contractor Achieves Continuous ITAR, EAR Compliance Within Multi-SharePoint Farm Architecture

Critical Needs

  • Compliant migration
  • Continuous enforced EAR and ITAR Compliance
  • Improved records management

Success Highlights

  • Discovered and classified all dark data prior to executing a compliant migration from file share.
  • Successfully migrated to complex multi-farm SharePoint architecture with tiered classification levels
  • Forced continuous ITAR and EAR compliance as mandated by government customers
  • Developed accurate tagging and reliable records management across all farms
Simply put, full ITAR and EAR compliance would not have been possible without Compliance Guardian.

Customer Profile

The large defense contractor is a private company serving both public and private sector organizations. It has been in business for more than 70 years with 15,000 employees across 100 worldwide locations in 25 countries. It has an annual revenue of more than $3 billion.

The Challenge

The large defense contractor was in process of moving from a combination of SharePoint on-premises and file share systems to a complex four SharePoint 2013 farm environment.

For data pertaining to its commercial customers, it would host its SharePoint 2013 testing and production environments in the public cloud. For data pertaining to its public sector customers, it would host SharePoint 2013 testing and production environments in an International Traffic in Arms Regulations (ITAR) compliant, highly secured corporate data center.

However, the large defense contractor needed to scan through five terabytes of data across multiple environments, much of it unclassified or dark data, to determine which data should go to which environment.

The AvePoint Solution

AvePoint Services researched ITAR and Export Administration Regulations (EAR) requirements and developed more than 20 custom text phrases and regular expressions to help Compliance Guardian identify sensitive data that would need to be managed according to government regulations.

AvePoint’s Service Team also discovered the company’s collaboration methodology would also require EAR compliance, which was alarming to the customer and proved to be true.

Following the successful compliant migration, the large defense contractor worked with AvePoint to implement live scans with Compliance Guardian to force compliance across their environments.

With this implementation, anytime an employee uploaded a document or other file with sensitive information to the wrong location, Compliance Guardian would immediately prevent the upload and quarantine the file to a safe location.

The large global contractor also deployed Compliance Guardian’s ability to classify and tag data files to be managed with their three-tier records management taxonomy. As a result, multiple tags were given to files, which meant these files met the criteria for multiple actions.

To help offset any impact to the performance of the company’s farms, AvePoint implemented offload servers to the architecture to mitigate the impact.

AvePoint also wen the extra mile to develop a custom calculator for the customer to determine how to manage the data collected and stored by Compliance Guardian on an ongoing basis. This has been a key component enabling the large defense contractor to continuously monitor for compliance while keeping an eye on their database storage.

The Bottom Line

Simply put, full ITAR and EAR compliance would not have been possible without Compliance Guardian. Not only can the large contractor rest easy knowing it’s not at risk for costly fines, but it can also be confident it won’t lose its customer’s trust in its ability to handle sensitive data.

At the same time, the company can start to realize the cost and operational benefits of leveraging the public cloud for its less sensitive data.

Compliance Guardian has also automated and simplified its record management process helping the company generate considerable savings.

Moving forward, the large government contractor will be expanding their Compliance Guardian footprint outside of on-premise SharePoint as they look to invest more heavily in Office 365 from a collaboration perspective. Microsoft collaboration assets such as OneDrive For Business, Exchange, and Yammer will be targeted.

About AvePoint

AvePoint is a global technology company and proven software leader. Since its founding in 2001, AvePoint has become one of the world’s largest providers of lifecycle management software solutions for SharePoint, offering a fully integrated solution for SharePoint lifecycle management. Propelled by one of the world’s largest SharePoint-exclusive research & development teams, AvePoint helps more than 8,000 customers – including many Fortune 500 companies and government agencies – meet their specific business objectives by unleashing SharePoint’s full potential. AvePoint, Inc. is headquartered and maintains its principle engineering center in Jersey City, NJ, with wholly owned sales and engineering centers in the USA, Canada, Australia, United Kingdom, Germany, Japan, Singapore, and China. AvePoint is a Depth Managed Microsoft Gold Certified Portals and Collaboration Partner and Gold Certified ISV Partner as well as US Government GSA provider via strategic partnerships.