ITAR
International Traffic in Arms Regulation (ITAR) is administered by the U.S. Department of State’s Directorate of Defense Trade Controls. It dictates that information and material pertaining to defense and military related technologies (for items listed on the U.S. Munitions List) may only be shared with U.S. Persons unless authorization from the Department of State is received or a special exemption is used. U.S. Persons (including organizations) can face heavy fines if they have, without authorization or the use of an exemption, provided foreign (non-US) persons with access to ITAR-protected defense articles, services or technical data.
What are the Penalties for Violating ITAR?
Civil violations of the ITAR carry a maximum fine of up to $500,000 per violation. Each criminal violation of the ITAR may result in a fine of up to $1,000,000, imprisonment for up to ten years, or both. Persons or entities charged with violations of the ITAR may also be debarred from exporting United States Munitions List (USML) items, or selling USML items domestically to be exported, from the United States. A debarment may either be for a set period of time or until the State Department releases the debarment. In addition to civil and criminal penalties, any property, funds, vessels, vehicles, or equipment connected to a violation can be seized and forfeited by the U.S. Government.
ITAR’s Impact on Cloud Computing
In an effort to support a global network of customers and data centers, most cloud providers are unable to guarantee data access only by U.S. citizens. For instance, one of the largest players in enterprise cloud computing has data centers in US and Singapore (with data centers in Japan & Europe expected to go-live soon) that are staffed by foreign nationals Even though U.S. customers’ ITAR sensitive information might reside in California or Virginia, it is likely that these data centers will be serviced by foreign nationals in an effort to provide 24/7/365, around the world service.
Ensure ITAR Compliance with CipherCloud
CipherCloud’s award-winning cloud data encryption solution allows customers to encrypt ITAR data using NIST approved encryption schemes, before the data leaves the enterprise network. This ensures that ITAR data is never available to the cloud provider in clear-text. Furthermore, CipherCloud’s patent-pending technology preserves all native features and functionality of compatible cloud solutions, such as searching, sorting, and reporting. Customers retain full control of data and encryption keys within their enterprise network, which allows customers to comply with ITAR requirements. Additional key characteristics of CipherCloud include:
- Out-of-the-box connectors for Salesforce, Force.com, Amazon Web Services (EC3, S3), Box.net, etc.
- Centralized logging and auditing of user activities in the cloud
- Rapid configuration and deployment
- Stateless and high-performance architecture
- Subscription based pricing that eliminates up-front capital expenditure