{"id":96,"date":"2015-10-26T16:41:18","date_gmt":"2015-10-26T16:41:18","guid":{"rendered":"http:\/\/exportcompliancesolutions.com\/blog\/?p=96"},"modified":"2015-11-05T15:00:08","modified_gmt":"2015-11-05T15:00:08","slug":"export-controlled-data-store-it-in-the-cloud-or-keep-it-down-home","status":"publish","type":"post","link":"https:\/\/exportcompliancesolutions.com\/blog\/2015\/10\/26\/export-controlled-data-store-it-in-the-cloud-or-keep-it-down-home\/","title":{"rendered":"Export-Controlled Data &#8211; Store It in the Cloud or Keep It Down Home?"},"content":{"rendered":"<p><strong><em>Question: Is there any reason that our company can\u2019t use a cloud storage service provider, such as Dropbox, Google Drive, Box, or Microsoft Office 365, to store and share export-controlled information and technical data? Most businesses are using the cloud these days. Are there any problems with this? <\/em><\/strong><\/p>\n<p>The simple answer is, Yes, there are problems. Serious ones. Uploading your ITAR-controlled technical data, or controlled technology subject to the EAR, to \u201cthe Cloud\u201d while maintaining full compliance with U.S. export laws and regulations is very challenging, and carries with it a high risk of violations and penalties. As we\u2019ll be explaining on this blog, regulatory changes appear to be on the way. In the not-too-distant future, U.S. companies may be able to use cloud computing and other online digital services, subject to certain encryption requirements, to transfer and store their unclassified technical data without the need to obtain licenses or other authorizations. Hope is on the horizon. At present, however\u2014yes, there are problems.<\/p>\n<p>Even though cloud computing is a rapidly advancing technology at present, with more and more businesses routinely using Dropbox, Google Drive, and similar online services, this has been\u2014and still is\u2014a confusing regulatory area for which State and Commerce have provided very limited guidance until recently. We\u2019re glad that appears to be changing now.<\/p>\n<p>Nevertheless\u2014even after the long-awaited publication of new Proposed Rules by the <a href=\"https:\/\/www.pmddtc.state.gov\/FR\/2015\/2015-12844_80FR31525.pdf\">DDTC<\/a> and <a href=\"http:\/\/www.gpo.gov\/fdsys\/pkg\/FR-2015-06-03\/pdf\/2015-12843.pdf\">BIS<\/a> on June 3 containing multiple clarifications and definitions, and even after the issuance of an <a href=\"http:\/\/www.gpo.gov\/fdsys\/pkg\/FR-2015-08-26\/pdf\/2015-20870.pdf\">interim rule by the DoD<\/a> on August 26 addressing requirements for cloud computing services\u2014it is still far from clear how exporters can be certain they are fully compliant with the EAR and ITAR and avoid inadvertent violations when uploading controlled data to the cloud. A storm of controversy continues to swirl around the subject of cloud computing, IT security, and export controls. Discussions between the defense industry, research universities, the legal community, and the regulatory agencies are intense and ongoing.<\/p>\n<p>Until the dust settles on this, we recommend extreme caution in using any commercial cloud storage service for information storage and transmission when export controls apply. Without clear regulatory guidance, contracting with a third-party for transferring and storing your ITAR-controlled and EAR-controlled data and technology electronically may expose you and your organization to the risk of violating U.S. export laws, with severe penalties and consequences.<\/p>\n<p><strong><em>But my cloud service provider assures me that my data is absolutely secure\u2014so secure that they themselves have no way to decrypt my files without my password, even if I asked them to. <\/em><\/strong><\/p>\n<p>Yes, Dropbox, Google Drive, Microsoft Office 365, and similar services offer a secure and convenient online environment for storing and sharing documents, and are widely used and trusted in industry for work collaboration, file sharing, and data maintenance. And it is true that they typically provide multiple security precautions, including using SSL for transmitting content and their own separate layer of AES-256 bit encryption server-side.<\/p>\n<p><em>Nevertheless,<\/em> even though these IT companies have strict internal security policies limiting access by their employees to their customers\u2019 files, it is evident in many cases that user-data files stored on their servers are <em>in principle<\/em> accessible by their staff\u2014which may include individuals who are not U.S. persons as defined by the ITAR.<\/p>\n<p>Read the terms of your storage provider\u2019s user agreement and privacy policy carefully. Those legal documents frequently include such warnings as the following: \u201cIf we are required to provide your files to a court or law enforcement agency, which we may do under the conditions set forth above, we will remove the encryption from the files before providing them to the authorized government officials.\u201d You\u2019ll also see various disclaimers of responsibility in case of data-security breaches, and statements indicating that the provider has a process in place for contingencies when their system is compromised. Some cloud storage providers claim in their promotional materials that your data is absolutely secure, but remember that what they advertise and what you agree to when you open an account are two different things.<\/p>\n<p>The convenience, economy, and popularity of online services notwithstanding, the use of third-party providers for storing and sharing ITAR-controlled technical data remains problematic. Why?<\/p>\n<p>Here\u2019s one reason: U.S. export control regulations prohibit the unauthorized sharing of controlled technical data with non-U.S persons or foreign nationals, and also prohibit transactions with certain foreign individuals and states. This prohibition includes any form of sharing, <em>including electronic \u201ctransmission<\/em>,\u201d and <em>including even theoretical access to such data by IT administrators or employees who maintain the electronic data storage and transmission systems and who could potentially monitor them.<\/em> Whenever you store or transmit controlled technical data via non-company servers, you are, in effect, sending your data through cyberspace on the back of a virtual postcard, and you are liable for any access to that data\u00a0by unlicensed foreign nationals while it is in storage or transit\u2014even if the access is unintentional, and even if you were not aware that the access was occurring.<\/p>\n<p>Remember that commercial cloud computing and online data storage services are not U.S. defense firms; they are unlikely to have segregated systems to protect ITAR-controlled information from foreign-person access. Under the export regulations currently in effect\u2014ignoring, for the moment, <em>proposed <\/em>revisions to the EAR and ITAR that are under consideration but haven\u2019t been finalized\u2014even high-level encryption is not an adequate security measure for protecting your company\u2019s controlled technical data on non-company servers. Currently, transfer of the data to a server or network location outside the U.S. constitutes an \u201cexport\u201d even if the data is encrypted. Furthermore, providing employees who are not U.S. persons, whether they are employed in the U.S. or at non-U.S. offices, with the ability to access ITAR-controlled data (even if they don\u2019t actually access the data) may constitute an \u201cexport,\u201d even if the data is protected by encryption.<\/p>\n<p>Here\u2019s another reason: using external providers of cloud storage and file-sharing services, such as Dropbox, Box, or Google Drive, for ITAR-restricted data is problematic because it is difficult or impossible to know where their servers are physically located (that is, whether they are in the U.S. or overseas), how they route data traffic (particularly during peak hours or off-times), or whether their security procedures are truly adequate all along the line to prohibit access to your data by foreign nationals. Most\u2014if not all\u2014cloud computing services routinely use a network of servers that extends beyond U.S. borders. In reality, you have no idea where your data is currently stored\u2014and wherever that may be, it could change tomorrow. Yet any transfer of data from the user to a server outside the U.S., as well as any transfer of the controlled data between two foreign-located servers, constitutes a \u201ctransmission,\u201d and thus an unauthorized export, according to current U.S. laws.<\/p>\n<p><strong><em>But didn\u2019t all that change this year? I read in the news that BIS and DDTC have relaxed their rules now, in recognition of the growing popularity of cloud computing, and that the export regulations have been amended to permit cloud storage of ITAR and EAR data in certain circumstances. Did I hear you right? Are you telling me that\u2019s not true?<\/em><\/strong><\/p>\n<p>You heard me right. That\u2019s not true. Those amendments to the ITAR and the EAR you heard about have <em>not<\/em> been made\u2014at least, not yet. Here\u2019s what <em>is<\/em> true:<\/p>\n<p>On June 3, 2015, both the <a href=\"http:\/\/www.gpo.gov\/fdsys\/pkg\/FR-2015-06-03\/pdf\/2015-12843.pdf\">Commerce Department<\/a> and <a href=\"https:\/\/www.pmddtc.state.gov\/FR\/2015\/2015-12844_80FR31525.pdf\">State Department<\/a> published long-awaited <em>proposals<\/em> for revising the EAR and ITAR in order to provide security standards for the transmission and storage of ITAR- and EAR-controlled data and information. If these Proposed Rules are adopted and finalized, they could well represent an important step towards clarifying what exporters need to do in order to comply with U.S. export controls with regard to the transmission, storage, and \u201ccloud\u201d processing of export-controlled technical data, technology, and software.<\/p>\n<p>Among other things, if the revisions proposed on June 3 are eventually adopted and published as final rules, transmitting or storing electronic data in a way that meets certain specified security standards will no longer constitute an \u201cexport\u201d of the data, and therefore will <em>not<\/em> require a prior export authorization or be subject to some other restrictions.\u00a0Specifically, the June 3 proposals from State and Commerce both say that sending, taking, or storing technical data, technology, or software will not be considered an export <em>when the following conditions are met<\/em>:<\/p>\n<p style=\"padding-left: 30px;\">(1) The data must be unclassified;<\/p>\n<p style=\"padding-left: 30px;\">(2) The data must be secured using \u201cend-to-end encryption\u201d (as defined in the proposed new rule);<\/p>\n<p style=\"padding-left: 30px;\">(3) The data must be secured using cryptographic modules compliant with a certain encryption standard\u2014FIPS 140\u20132, or its successors [in stating this condition, the BIS proposal adds the phrase \u201cor other similar cryptographic means,\u201d whereas the DDTC doesn\u2019t wish to add that phrase]; and<\/p>\n<p style=\"padding-left: 30px;\">(4) The data must <em>not<\/em> be stored in certain prohibited countries [<em>for the BIS,<\/em> this means the server locations can\u2019t be in countries listed in Country Group D:5 (see Supplement No. 1 to Part 740 of the EAR) or in the Russian Federation; <em>for the DDTC,<\/em> this means no data should be stored on servers situated in ITAR Section 126.1 Proscribed Countries or in the Russian Federation].<\/p>\n<p>At first glance, these proposed changes look very hopeful. By providing clarity and legal certainty in this regulatory area, they promise to simplify the compliance process greatly. If implemented, these provisions could offer U.S. companies the option of using the new cloud technologies for transmitting and storing export-controlled data without the risk of export violations, as long they exercise due diligence to ensure that those data security requirements are met.<\/p>\n<p>On closer examination, however, there are some notable caveats in these Proposed Rules:<\/p>\n<p style=\"padding-left: 30px;\"><strong>(1)\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/strong>Both proposals make it clear that if information should be \u201creleased\u201d that permits foreign persons to access your encrypted controlled data (e.g., decryption keys, network access codes, passwords, etc.), then this data transmission or storage <em>will<\/em> be considered an export, and <em>will<\/em> be subject to all applicable licensing requirements and restrictions\u2014and penalties for export violations.<\/p>\n<p style=\"padding-left: 30px;\"><strong>(2)<\/strong>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 To qualify for this exclusion, your transmission or storage must utilize \u201cend-to-end encryption.\u201d In both the State and Commerce proposals, this means that cryptographic protection of the export-controlled data must be continuous and uninterrupted between the originator and the intended recipient (who could be the originator himself, in the case of simple file storage or archiving). At no point in the process can access in unencrypted form be given to any third parties. That includes internet service providers (ISPs), application providers (such as Microsoft Office 360 or Google Office), or cloud storage providers (such as Dropbox or Box), or any other online services.<\/p>\n<p style=\"padding-left: 30px;\">(<strong>Note:<\/strong> BIS and DDTC are insisting on this condition because they are have found that the methods and procedures currently used by third-party digital service providers, including popular cloud software providers and some e-mail services may allow the data transmitted to be encrypted and decrypted multiple times before it reaches its intended recipient. BIS and DDTC both believe this presents an unacceptable risk of unauthorized release. Keeping the data encrypted from start to finish is the simplest and surest way to minimize the possibility that a foreign cloud service provider or a non-U.S. person employee of a domestic cloud service provider will get access to your ITAR-controlled data or EAR-controlled technology or software in unencrypted form.)<\/p>\n<p style=\"padding-left: 30px;\"><strong>(3)\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/strong>To qualify for this exclusion, your export-controlled data cannot be stored on, or pass through, any servers in certain specified countries that pose significant national security risks, including the Russian Federation.<\/p>\n<p>On the whole, the provisions in the June 3 Proposed Rules allowing the transfer and storage of properly encrypted technical data are good news for U.S. exporters and should be welcomed. These changes would allow controlled technical data originating in the U.S. to be stored in one or more countries outside of the United States without export licensing, provided the data has been properly encrypted and isn\u2019t stored in arms-embargoed countries or Russia. The proposed security requirements are strict and would almost certainly create complications for the current business model of most cloud storage providers, forcing them to make some changes in the way they operate if they want to serve customers with EAR- and ITAR-compliance requirements. But the requisite changes would appear to be within their capabilities, and the potential benefits of the new rules\u2014which include, among other things, considerably reduced administrative burdens for U.S. manufacturers and suppliers of defense articles and services\u2014 are great.<\/p>\n<p>Remember, however, that until State and Commerce have finalized their proposed amendments, the current regulations remain in effect. Until they have been changed, we recommend using locally hosted applications for storing and sharing sensitive technical data. The pundits may well be right when they tell us that the future of data storage is in the cloud, but for now, if your data is export-controlled, the safest place for it is in-house.<\/p>\n<p><strong><em>There are other important regulatory changes in the works with the potential to impact cloud computing, IT security, and export controls. Next week we\u2019ll look at a few of them. Sign up today for notifications of future posts\u2014and join the discussion by sending your own questions about export compliance to \u201cAn EAR . . . to the ITAR.\u201d<\/em><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Question: Is there any reason that our company can\u2019t use a cloud storage service provider, such as Dropbox, Google Drive, Box, or Microsoft Office 365, to store and share export-controlled information and technical data? Most businesses are using the cloud these days. Are there any problems with this? <\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"nf_dc_page":"","footnotes":""},"categories":[7,3],"tags":[],"class_list":["post-96","post","type-post","status-publish","format-standard","hentry","category-all","category-compliance"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.9 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Export-Controlled Data - Store It in the Cloud or Keep It Down Home? - Export Compliance Solutions<\/title>\n<meta name=\"description\" content=\"Cloud storage of EAR- and ITAR-controlled data carries a high risk of compliance violations under current U.S. laws. New proposed rules could change that.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/exportcompliancesolutions.com\/blog\/2015\/10\/26\/export-controlled-data-store-it-in-the-cloud-or-keep-it-down-home\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Export-Controlled Data - Store It in the Cloud or Keep It Down Home? - Export Compliance Solutions\" \/>\n<meta property=\"og:description\" content=\"Cloud storage of EAR- and ITAR-controlled data carries a high risk of compliance violations under current U.S. laws. New proposed rules could change that.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/exportcompliancesolutions.com\/blog\/2015\/10\/26\/export-controlled-data-store-it-in-the-cloud-or-keep-it-down-home\/\" \/>\n<meta property=\"og:site_name\" content=\"Export Compliance Solutions\" \/>\n<meta property=\"article:published_time\" content=\"2015-10-26T16:41:18+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2015-11-05T15:00:08+00:00\" \/>\n<meta name=\"author\" content=\"Export Compliance Solutions\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Export Compliance Solutions\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/exportcompliancesolutions.com\/blog\/2015\/10\/26\/export-controlled-data-store-it-in-the-cloud-or-keep-it-down-home\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/exportcompliancesolutions.com\/blog\/2015\/10\/26\/export-controlled-data-store-it-in-the-cloud-or-keep-it-down-home\/\"},\"author\":{\"name\":\"Export Compliance Solutions\",\"@id\":\"https:\/\/exportcompliancesolutions.com\/blog\/#\/schema\/person\/67ff29bf0564dfc7e76544292c11dcb9\"},\"headline\":\"Export-Controlled Data &#8211; Store It in the Cloud or Keep It Down Home?\",\"datePublished\":\"2015-10-26T16:41:18+00:00\",\"dateModified\":\"2015-11-05T15:00:08+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/exportcompliancesolutions.com\/blog\/2015\/10\/26\/export-controlled-data-store-it-in-the-cloud-or-keep-it-down-home\/\"},\"wordCount\":2246,\"commentCount\":1,\"publisher\":{\"@id\":\"https:\/\/exportcompliancesolutions.com\/blog\/#organization\"},\"articleSection\":[\"All\",\"Compliance\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/exportcompliancesolutions.com\/blog\/2015\/10\/26\/export-controlled-data-store-it-in-the-cloud-or-keep-it-down-home\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/exportcompliancesolutions.com\/blog\/2015\/10\/26\/export-controlled-data-store-it-in-the-cloud-or-keep-it-down-home\/\",\"url\":\"https:\/\/exportcompliancesolutions.com\/blog\/2015\/10\/26\/export-controlled-data-store-it-in-the-cloud-or-keep-it-down-home\/\",\"name\":\"Export-Controlled Data - Store It in the Cloud or Keep It Down Home? - Export Compliance Solutions\",\"isPartOf\":{\"@id\":\"https:\/\/exportcompliancesolutions.com\/blog\/#website\"},\"datePublished\":\"2015-10-26T16:41:18+00:00\",\"dateModified\":\"2015-11-05T15:00:08+00:00\",\"description\":\"Cloud storage of EAR- and ITAR-controlled data carries a high risk of compliance violations under current U.S. laws. New proposed rules could change that.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/exportcompliancesolutions.com\/blog\/2015\/10\/26\/export-controlled-data-store-it-in-the-cloud-or-keep-it-down-home\/\"]}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/exportcompliancesolutions.com\/blog\/#website\",\"url\":\"https:\/\/exportcompliancesolutions.com\/blog\/\",\"name\":\"Export Compliance Solutions\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/exportcompliancesolutions.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/exportcompliancesolutions.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/exportcompliancesolutions.com\/blog\/#organization\",\"name\":\"Export Compliance Solutions\",\"url\":\"https:\/\/exportcompliancesolutions.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/exportcompliancesolutions.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/exportcompliancesolutions.com\/blog\/wp-content\/uploads\/2015\/09\/ecs_logo.png\",\"contentUrl\":\"https:\/\/exportcompliancesolutions.com\/blog\/wp-content\/uploads\/2015\/09\/ecs_logo.png\",\"width\":226,\"height\":113,\"caption\":\"Export Compliance Solutions\"},\"image\":{\"@id\":\"https:\/\/exportcompliancesolutions.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/exportcompliancesolutions.com\/blog\/#\/schema\/person\/67ff29bf0564dfc7e76544292c11dcb9\",\"name\":\"Export Compliance Solutions\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/exportcompliancesolutions.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/fb63828a9af2d663044d4b4f3b70b09291b2ff872bf165b3fad5dada75698fb1?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/fb63828a9af2d663044d4b4f3b70b09291b2ff872bf165b3fad5dada75698fb1?s=96&d=mm&r=g\",\"caption\":\"Export Compliance Solutions\"},\"url\":\"https:\/\/exportcompliancesolutions.com\/blog\/author\/export-compliance-solutions\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Export-Controlled Data - Store It in the Cloud or Keep It Down Home? - Export Compliance Solutions","description":"Cloud storage of EAR- and ITAR-controlled data carries a high risk of compliance violations under current U.S. laws. New proposed rules could change that.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/exportcompliancesolutions.com\/blog\/2015\/10\/26\/export-controlled-data-store-it-in-the-cloud-or-keep-it-down-home\/","og_locale":"en_US","og_type":"article","og_title":"Export-Controlled Data - Store It in the Cloud or Keep It Down Home? - Export Compliance Solutions","og_description":"Cloud storage of EAR- and ITAR-controlled data carries a high risk of compliance violations under current U.S. laws. New proposed rules could change that.","og_url":"https:\/\/exportcompliancesolutions.com\/blog\/2015\/10\/26\/export-controlled-data-store-it-in-the-cloud-or-keep-it-down-home\/","og_site_name":"Export Compliance Solutions","article_published_time":"2015-10-26T16:41:18+00:00","article_modified_time":"2015-11-05T15:00:08+00:00","author":"Export Compliance Solutions","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Export Compliance Solutions","Est. reading time":"11 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/exportcompliancesolutions.com\/blog\/2015\/10\/26\/export-controlled-data-store-it-in-the-cloud-or-keep-it-down-home\/#article","isPartOf":{"@id":"https:\/\/exportcompliancesolutions.com\/blog\/2015\/10\/26\/export-controlled-data-store-it-in-the-cloud-or-keep-it-down-home\/"},"author":{"name":"Export Compliance Solutions","@id":"https:\/\/exportcompliancesolutions.com\/blog\/#\/schema\/person\/67ff29bf0564dfc7e76544292c11dcb9"},"headline":"Export-Controlled Data &#8211; Store It in the Cloud or Keep It Down Home?","datePublished":"2015-10-26T16:41:18+00:00","dateModified":"2015-11-05T15:00:08+00:00","mainEntityOfPage":{"@id":"https:\/\/exportcompliancesolutions.com\/blog\/2015\/10\/26\/export-controlled-data-store-it-in-the-cloud-or-keep-it-down-home\/"},"wordCount":2246,"commentCount":1,"publisher":{"@id":"https:\/\/exportcompliancesolutions.com\/blog\/#organization"},"articleSection":["All","Compliance"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/exportcompliancesolutions.com\/blog\/2015\/10\/26\/export-controlled-data-store-it-in-the-cloud-or-keep-it-down-home\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/exportcompliancesolutions.com\/blog\/2015\/10\/26\/export-controlled-data-store-it-in-the-cloud-or-keep-it-down-home\/","url":"https:\/\/exportcompliancesolutions.com\/blog\/2015\/10\/26\/export-controlled-data-store-it-in-the-cloud-or-keep-it-down-home\/","name":"Export-Controlled Data - Store It in the Cloud or Keep It Down Home? - Export Compliance Solutions","isPartOf":{"@id":"https:\/\/exportcompliancesolutions.com\/blog\/#website"},"datePublished":"2015-10-26T16:41:18+00:00","dateModified":"2015-11-05T15:00:08+00:00","description":"Cloud storage of EAR- and ITAR-controlled data carries a high risk of compliance violations under current U.S. laws. New proposed rules could change that.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/exportcompliancesolutions.com\/blog\/2015\/10\/26\/export-controlled-data-store-it-in-the-cloud-or-keep-it-down-home\/"]}]},{"@type":"WebSite","@id":"https:\/\/exportcompliancesolutions.com\/blog\/#website","url":"https:\/\/exportcompliancesolutions.com\/blog\/","name":"Export Compliance Solutions","description":"","publisher":{"@id":"https:\/\/exportcompliancesolutions.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/exportcompliancesolutions.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/exportcompliancesolutions.com\/blog\/#organization","name":"Export Compliance Solutions","url":"https:\/\/exportcompliancesolutions.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/exportcompliancesolutions.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/exportcompliancesolutions.com\/blog\/wp-content\/uploads\/2015\/09\/ecs_logo.png","contentUrl":"https:\/\/exportcompliancesolutions.com\/blog\/wp-content\/uploads\/2015\/09\/ecs_logo.png","width":226,"height":113,"caption":"Export Compliance Solutions"},"image":{"@id":"https:\/\/exportcompliancesolutions.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/exportcompliancesolutions.com\/blog\/#\/schema\/person\/67ff29bf0564dfc7e76544292c11dcb9","name":"Export Compliance Solutions","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/exportcompliancesolutions.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/fb63828a9af2d663044d4b4f3b70b09291b2ff872bf165b3fad5dada75698fb1?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/fb63828a9af2d663044d4b4f3b70b09291b2ff872bf165b3fad5dada75698fb1?s=96&d=mm&r=g","caption":"Export Compliance Solutions"},"url":"https:\/\/exportcompliancesolutions.com\/blog\/author\/export-compliance-solutions\/"}]}},"_links":{"self":[{"href":"https:\/\/exportcompliancesolutions.com\/blog\/wp-json\/wp\/v2\/posts\/96","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/exportcompliancesolutions.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/exportcompliancesolutions.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/exportcompliancesolutions.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/exportcompliancesolutions.com\/blog\/wp-json\/wp\/v2\/comments?post=96"}],"version-history":[{"count":2,"href":"https:\/\/exportcompliancesolutions.com\/blog\/wp-json\/wp\/v2\/posts\/96\/revisions"}],"predecessor-version":[{"id":106,"href":"https:\/\/exportcompliancesolutions.com\/blog\/wp-json\/wp\/v2\/posts\/96\/revisions\/106"}],"wp:attachment":[{"href":"https:\/\/exportcompliancesolutions.com\/blog\/wp-json\/wp\/v2\/media?parent=96"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/exportcompliancesolutions.com\/blog\/wp-json\/wp\/v2\/categories?post=96"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/exportcompliancesolutions.com\/blog\/wp-json\/wp\/v2\/tags?post=96"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}