Defense Contractor Achieves Continuous ITAR, EAR Compliance Within Multi-SharePoint Farm Architecture
- Compliant migration
- Continuous enforced EAR and ITAR Compliance
- Improved records management
Simply put, full ITAR and EAR compliance would not have been possible without Compliance Guardian.
The large defense contractor is a private company serving both public and private sector organizations. It has been in business for more than 70 years with 15,000 employees across 100 worldwide locations in 25 countries. It has an annual revenue of more than $3 billion.
The large defense contractor was in process of moving from a combination of SharePoint on-premises and file share systems to a complex four SharePoint 2013 farm environment.
For data pertaining to its commercial customers, it would host its SharePoint 2013 testing and production environments in the public cloud. For data pertaining to its public sector customers, it would host SharePoint 2013 testing and production environments in an International Traffic in Arms Regulations (ITAR) compliant, highly secured corporate data center.
However, the large defense contractor needed to scan through five terabytes of data across multiple environments, much of it unclassified or dark data, to determine which data should go to which environment.
AvePoint Services researched ITAR and Export Administration Regulations (EAR) requirements and developed more than 20 custom text phrases and regular expressions to help Compliance Guardian identify sensitive data that would need to be managed according to government regulations.
AvePoint’s Service Team also discovered the company’s collaboration methodology would also require EAR compliance, which was alarming to the customer and proved to be true.
Following the successful compliant migration, the large defense contractor worked with AvePoint to implement live scans with Compliance Guardian to force compliance across their environments.
With this implementation, anytime an employee uploaded a document or other file with sensitive information to the wrong location, Compliance Guardian would immediately prevent the upload and quarantine the file to a safe location.
The large global contractor also deployed Compliance Guardian’s ability to classify and tag data files to be managed with their three-tier records management taxonomy. As a result, multiple tags were given to files, which meant these files met the criteria for multiple actions.
To help offset any impact to the performance of the company’s farms, AvePoint implemented offload servers to the architecture to mitigate the impact.
AvePoint also wen the extra mile to develop a custom calculator for the customer to determine how to manage the data collected and stored by Compliance Guardian on an ongoing basis. This has been a key component enabling the large defense contractor to continuously monitor for compliance while keeping an eye on their database storage.
Simply put, full ITAR and EAR compliance would not have been possible without Compliance Guardian. Not only can the large contractor rest easy knowing it’s not at risk for costly fines, but it can also be confident it won’t lose its customer’s trust in its ability to handle sensitive data.
At the same time, the company can start to realize the cost and operational benefits of leveraging the public cloud for its less sensitive data.
Compliance Guardian has also automated and simplified its record management process helping the company generate considerable savings.
Moving forward, the large government contractor will be expanding their Compliance Guardian footprint outside of on-premise SharePoint as they look to invest more heavily in Office 365 from a collaboration perspective. Microsoft collaboration assets such as OneDrive For Business, Exchange, and Yammer will be targeted.