Summit 7 Team Blogs

Scott Edwards to Speak Risks, Requirements, and Evolution of Cloud Security at SIA Conference in DC


On September 27th, Scott Edwards will be speaking alongside one of Boeing’s leading information security professionals at the all-day Society for International Affairs (SIA) conference in Washington, D.C. The event – entitled “IT Capabilities and Solutions for the Trade Compliance Community: Where IT and Trade Compliance Intersect” will cover export compliance capabilities and considerations, identification of controlled data, identity management, and compliant data access and transfers in the cloud. Edwards, specifically, will be discussing the different risks, requirements, and evolving aspects of compliance in the cloud.

In addition to this panel discussion, the conference boasts speakers from the US Government, Department of State’s Directorate of Defense Trade Controls (DDTC), and different members of the industry. Edwards was asked to participate among these other industry experts due to his work in the industry and his content on NIST 800-171 and DFARS Compliance. Interested in reading some of his work? Click here.

For conference information, go to www.siaed.org. (as of posting, registration is closed)

Want the flyer? Click here.


Let's Re-Cap: Compliance in the Cloud. What It Is and Why It’s Important

There are many obvious advantages  for organizations migrating to cloud platforms, yet where there are benefits, there are also concerns. Will moving data to the cloud compromise industry-specific compliance requirements? Are there higher risks for security breaches? Understanding the proper rules of cloud compliance will ease most of these worries.

As a practice, cloud compliance is the process of meeting a set of rules and regulations that an industry body or government agency sets forth as law or a best practice. For federal contractors, December 31, 2017 is the deadline for compliance with Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012. This clause is a response to data breaches and increasing threats to cyber security, and is already becoming part of every DoD contract.

Companies are actively moving towards cloud-based business systems/platforms to more easily meet these regulations before the deadline and to avoid loss of contracts or future business. However, in the process, these organizations are struggling to successfully manage all the configurations within their platform, such as Microsoft’s Office 365. In Office 365 alone, there are hundreds of thousands of configuration combinations to wade through to best meet the compliance needs and operational needs of the business.

As such, a compilation of FAQs was recently curated and put together in this blog series to help organizations answer some of the more immediate questions. To learn more about DFARS and NIST compliance in the Microsoft Cloud, feel free to find details and information here.