SlideShare a Scribd company logo

Ignyte - US Sovereign Cloud Computing

Ignyte Assurance Platform
Ignyte Assurance Platform

US Sovereign Cloud Computing. What it is and how it will effect the future of your business.

Technology
1 of 22
Download to read offline
US Sovereign Cloud Computing 01 March 2023
Agenda ● What is a Sovereign Cloud Computing? ● National & Local Impact ● Restricted Data ● Summary ● Q&A
• Enterprise Risk Leader 15 years of Business and Security Technology Leadership experience • Corporate cyber security experience — FIS, NCR, IBM, Dell, Credit Unions, etc…. • R&D & Model development — Trusted Platform Module (TPM) Chip Development, Air Force Tech Transfer, Citrix patent (team member) • Federal agency cyber experience — USAF, Army, Navy, DOS, NRO, NGA, CIA, NSA, NASIC and others units for system accreditations Max Aulakh, MBA, CISSP, CISA, CRISC Managing Director Formal Education & Credentials • Wright State University — MBA (2014) • American Military University — B.S Information Security, Computer Science (2009) • Community College of the Air Force — Criminal Justice (2009) • Cyber & Technology Industry Credentials: CISSP, PMP, Linux+, Security+, Network+, ITIL-F, Certified Scrum Master ✔ Cigital Defensive Programming, OWASP, Threat Modeling, etc.. ✔ Cyber Regulatory/Frameworks — CMMC, NIST, HIPAA, HITRUST, SOC 1/2, CIS, FFIEC, ISO 27K, FISMA • Formal Military Physical Security Training: Counter Terrorism, HAZMAT, Explosive Ordinance, Customs, Use of Force, LOAC, Force Protection, Combat Leadership, Ground Defense Command, SERE, Bloodborne Pathogens • Formalized Weapon Systems Training: M9, M4, M2, M249 & M240B US Military Operational – Strategic Tour of Duties 2007-2009: Iraq — Security Forces Leadership 2006-2007: Afghanistan — Security Forces Member/Forward Deployed Military Linguist (Hindi, Urdu & Punjabi) 2005-2006: Iraq — Security Forces/Classified Systems Member 2003-2005: Turkey — US Nuclear Weapons Systems Administrator & Security Member max@ignyteplatform.com I 937-789-4216 I https://www.linkedin.com/in/maxaulakh/ Cyber & Technology Industry Credentials • CISSP • PMP • Linux+ • Certified Scrum Master • Digital Defensive Programming • OWASP • Threat Modeling • Security+ • Network+ • ITIL-F • USAF • Army • Navy • CIA • NSA • NASIC • DOS • NRO • NGA Federal & Corporate agency cybersecurity experience • Dell • IBM • UFCU
Introduction: What is Sovereign Cloud Computing
What is Sovereign Cloud Computing ● Isolated in-country platform ● Autonomous legal entity (not a government owned entity) ● All operations are managed by sovereign citizen of that country
Sovereign Computing & Data ● Data is subject to where the data is collected ● Any foreign entity is not able to exert control over the data ● All data (customer data & metadata) is resident and controlled in that jurisdiction
Data Sovereignty ● Stored locally within the autonomous cloud provider within the country. ● Staff is subject to local laws of the country. ○ May even have security clearances and/or proper approvals. Data Sovereignty and Data Residency Data Residency ● Customer’s data is in local zone or country ● Access to account information could be overseas such as logins, passwords, Network information, diagnostics, etc.. ● The customer data is controlled access by the foreign entity. ○ Example: US Contractor providing services overseas or foreign contractor (outsourced staff) providing technology services to a US entity.
● Government entities what complete control over their data. ○ National Security (US) and/or Economical Benefit (European) ● US Hyperscaler Dominance - global & critical data is managed by US Cloud provider(s) - Rapid changes in geo political climate. ○ Ukraine, China, Russia, etc.. ● US Cloud Act gives USG complete access to jurisdictional control of data even if the data is residing in foreign soil. Primary Drivers of Sovereign Cloud
Two main objectives: ● Amended the Stored Communications Act to require providers to comply with their obligations to preserve, backup or disclose electronic data in their possession regardless of where that information is located; ● Allow the U.S. government to enter into executive agreements with foreign governments for reciprocal expedited access to electronic information held by providers based abroad. Enacted in March 2018 Also known as Section 702 of the US Foreign Intelligence Surveillance Act (FISA) US Clarifying Lawful Overseas Use of Data (CLOUD) Act
● European Countries (GDPR) ○ UKCloud, Germany (Gaia-X), Switzerland, France, etc.. ● Asia ○ India, China & Taiwan ● Middle East ● United States ○ GovCloud Geographies Adopting
● Azure GCC High ● Google Public Sector ● Amazon GovCloud ● Oracle Cloud Examples of Sovereign Clouds - United States
National & Local Impact
● Data fuels the defense economy ● Data fuels innovation and growth ● As a nation if we are not in control of the data - than it is very hard for data to become a nation asset in its own right. National Impact CUI is the path of least resistance for adversaries. Loss of aggregated CUI is the one of the most significant risks to national security, directly affecting lethality of our warfighters. Defense Counterintelligence Agency
● Wright Patterson AFB ● Defense Contractors ● Manufacturing ● Federally Funded Research Development Centers (FFRDCs) ○ Educational Institutions ○ Science and Technology ● Supporting Technology Services Organizations ○ IT, MSPs, MSSPs, CSPs Local Impact - Defense Industrial Base
● Cyber Security Maturity Model Certification (CMMC) ○ Potential to replace many industry wide certification schemes ○ Widest impact ● Federal Risk and Authorization Management Program (FedRAMP) ● Executive Order 14028 Section 4e - Software Supply Chain Government Programs
US Data Restrictions Regulation Authority Stakeholder Primary Focus Specifies International Traffic in Arms (ITAR) 22 CFR Parts 120-130 US Department of State (DDTC) United States Munitions List (USML) Protection of defense-related articles and services Export Administration Regulations (EAR) 15 CFR Parts 730-774 US Department of Commerce (BIS) Commerce Control List (CCL) Protection of commercial and dual-use items, information and technology. Controlled Unclassified Information (CUI) Program EO 13556 US National Archives (NARA) Controlled Unclassified Information (CUI) CUl categories & protection requirements Defense Federal Acquisition Regulation Supplement (DFARS) 252 204-7012 252.204-7021 US Department of Defense (DoD) Controlled Unclassified Information (CUI) - NIST SP 800-171 implementation - Cybersecurity Maturity Model Certification (CMMC) Federal Acquisition Regulation (FAR) 52.204-21 General Services Administration (GSA) US Department of Defense (DoD) National Aeronautics and Space Administration (NASA) Federal Contract Information (FCI) 15 basic cybersecurity requirements
Technical Definitions FCI Information, not intended for public release, that is provided by or generated for the Government under a contract to develop or deliver a product or service to the Government, but not including information provided by the Government to the public (such as on public websites) or simple transactional information, such as necessary to process payments. CUI Government-created or -owned UNCLASSIFIED information that must be safeguarded from unauthorized disclosure. An overarching term representing many different categories, each authorized by one or more law, regulation, or Government-wide policy. Information requiring specific security measures indexed under one system across the Federal Government. CDI Unclassified controlled technical information or other information, as described in the Controlled Unclassified Information (CUI) Registry at http://www.archives.gov/cui/registry/category-list.html, that requires safeguarding or dissemination controls pursuant to and consistent with law, regulations, and Governmentwide policies, and is— (1) Marked or otherwise identified in the contract, task order, or delivery order and provided to the contractor by or on behalf of DOD in support of the performance of the contract; or (2) Collected, developed, received, transmitted, used, or stored by or on behalf of the contractor in support of the performance of the contract. CTI Technical information with military or space application that is subject to controls on the access, use, reproduction, modification, performance, display, release, disclosure, or dissemination. Controlled technical information would meet the criteria, if disseminated, for distribution statements B through F using the criteria set forth in DOD Instruction 5230.24, Distribution Statements on Technical Documents. The term does not include information that is lawfully publicly available without restrictions. ITAR The International Traffic in Arms Regulations (“ITAR,” 22 CFR 120-130) implements the AECA. The Arms Export Control Act requires that all manufacturers, exporters, temporary importers, and brokers of defense articles (including technical data) as defined on the United States Munitions List (ITAR part 121) and furnishers of defense services are required to register with the Directorate of Defense Trade Controls (DDTC) as described in ITAR part 122 (part 129 for brokers). It is primarily a means to provide the U.S. Government with necessary information on who is involved in certain ITAR controlled activities and does not confer any export or temporary import rights or privileges. Registration is generally a precondition for the issuance of any license or other approval and use of certain exemptions. Per ITAR §122.1, any person who engages in the United States in the business of either manufacturing or exporting or temporarily importing defense articles or furnishing defense services is required to register with DDTC. Manufacturers who do not engage in exporting must nevertheless register. Please review and thoroughly understand all definitions, especially the definition of Exporting as it applies to ITAR. Additionally, review and understand entries on the United States Munitions List (ITAR part 121)
DoD Distribution Marked Information DISTRIBUTION STATEMENT A Approved for public release: distribution unlimited. DISTRIBUTION STATEMENT B. Distribution authorized to U.S. Government agencies (reason) (date of determination). Other requests for this document shall be referred to (controlling DoD office). DISTRIBUTION STATEMENT C. Distribution authorized to U.S. Government agencies and their contractors (reason) (date of determination). Other requests for this document shall be referred to (controlling DoD office) DISTRIBUTION STATEMENT D. Distribution authorized to Department of Defense and U.S. DoD contractors only (reason) (date of determination). Other requests for this document shall be referred to (controlling DoD office). DISTRIBUTION STATEMENT E. Distribution authorized to DoD Components only (reason) (date of determination). Other requests for this document shall be referred to (controlling DoD office). DISTRIBUTION STATEMENT F. Further dissemination only as directed by (controlling office) (date of determination) or higher DoD authority.
Summary
● Sovereign Computing ● Isolated in-country platforms ● Data residency versus data sovereignty ● Data as the new oil - a national asset ● Economical & National Security Benefit ● Emerging Programs ● CMMC ● FedRAMP ● SBOMs via Executive Order ● Protection of CUI Recap
Q&A
Thank you www.ignyteplatform.com info@ignyteplatform.com 1.833.IGNYTE1 5818 Wilmington Pike, Centerville, OH 45459-7004 Max Aulakh Managing Director max@ignyteplatform.com 937-789-4216

Recommended

Key Cyber Security Issues for Government Contractors
Key Cyber Security Issues for Government ContractorsKey Cyber Security Issues for Government Contractors
Key Cyber Security Issues for Government ContractorsGovernment Technology and Services Coalition
 
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...John Hamilton, DAHC,EHC,CFDAI, CPP, PSPO
 
DFARS & CMMC Overview
DFARS & CMMC Overview DFARS & CMMC Overview
DFARS & CMMC Overview Ignyte Assurance Platform
 
Arnold & Porter Cybersecurity Compliance and Enforcement for Federal Contractors
Arnold & Porter Cybersecurity Compliance and Enforcement for Federal ContractorsArnold & Porter Cybersecurity Compliance and Enforcement for Federal Contractors
Arnold & Porter Cybersecurity Compliance and Enforcement for Federal ContractorsJSchaus & Associates
 
Cybersecurity 101: Government Contracts
Cybersecurity 101: Government ContractsCybersecurity 101: Government Contracts
Cybersecurity 101: Government ContractsPatton Boggs LLP
 
IT Position of Trust Designation
IT Position of Trust DesignationIT Position of Trust Designation
IT Position of Trust DesignationMurray Security Services
 
NIST Cybersecurity Requirements for Government Contractors
NIST Cybersecurity Requirements for Government ContractorsNIST Cybersecurity Requirements for Government Contractors
NIST Cybersecurity Requirements for Government ContractorsUnanet
 
Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017
Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017
Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017Amazon Web Services
 

Recommended

Key Cyber Security Issues for Government Contractors
Key Cyber Security Issues for Government ContractorsKey Cyber Security Issues for Government Contractors
Key Cyber Security Issues for Government ContractorsGovernment Technology and Services Coalition
 
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...John Hamilton, DAHC,EHC,CFDAI, CPP, PSPO
 
DFARS & CMMC Overview
DFARS & CMMC Overview DFARS & CMMC Overview
DFARS & CMMC Overview Ignyte Assurance Platform
 
Arnold & Porter Cybersecurity Compliance and Enforcement for Federal Contractors
Arnold & Porter Cybersecurity Compliance and Enforcement for Federal ContractorsArnold & Porter Cybersecurity Compliance and Enforcement for Federal Contractors
Arnold & Porter Cybersecurity Compliance and Enforcement for Federal ContractorsJSchaus & Associates
 
Cybersecurity 101: Government Contracts
Cybersecurity 101: Government ContractsCybersecurity 101: Government Contracts
Cybersecurity 101: Government ContractsPatton Boggs LLP
 
IT Position of Trust Designation
IT Position of Trust DesignationIT Position of Trust Designation
IT Position of Trust DesignationMurray Security Services
 
NIST Cybersecurity Requirements for Government Contractors
NIST Cybersecurity Requirements for Government ContractorsNIST Cybersecurity Requirements for Government Contractors
NIST Cybersecurity Requirements for Government ContractorsUnanet
 
Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017
Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017
Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017Amazon Web Services
 
Robert Nichols: Cybersecurity for Government Contractors
Robert Nichols: Cybersecurity for Government ContractorsRobert Nichols: Cybersecurity for Government Contractors
Robert Nichols: Cybersecurity for Government ContractorsGovernment Technology and Services Coalition
 
Isaca new delhi india privacy and big data
Isaca new delhi india privacy and big dataIsaca new delhi india privacy and big data
Isaca new delhi india privacy and big dataUlf Mattsson
 
Mulin Holstein PKI-strategy
Mulin Holstein PKI-strategyMulin Holstein PKI-strategy
Mulin Holstein PKI-strategyfEngel
 
FED GOV CON - Cybersecurity Compliance Under The DFARS
FED GOV CON - Cybersecurity Compliance Under The DFARSFED GOV CON - Cybersecurity Compliance Under The DFARS
FED GOV CON - Cybersecurity Compliance Under The DFARSJSchaus & Associates
 
FED GOV CON - Cybersecurity Compliance Under The FAR
FED GOV CON - Cybersecurity Compliance Under The FARFED GOV CON - Cybersecurity Compliance Under The FAR
FED GOV CON - Cybersecurity Compliance Under The FARJSchaus & Associates
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingIgnyte Assurance Platform
 
Minimizing Compliance Resistance to Digital Transformation --- Design for reg...
Minimizing Compliance Resistance to Digital Transformation --- Design for reg...Minimizing Compliance Resistance to Digital Transformation --- Design for reg...
Minimizing Compliance Resistance to Digital Transformation --- Design for reg...VMware Tanzu
 
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...Ignyte Assurance Platform
 
ITAR for Government Contracts - Revised for Recent Amendments
ITAR for Government Contracts - Revised for Recent Amendments ITAR for Government Contracts - Revised for Recent Amendments
ITAR for Government Contracts - Revised for Recent Amendments Doug Bowman
 
The Anatomy of Building a Compliant PCF Service in a Limited Connectivity Env...
The Anatomy of Building a Compliant PCF Service in a Limited Connectivity Env...The Anatomy of Building a Compliant PCF Service in a Limited Connectivity Env...
The Anatomy of Building a Compliant PCF Service in a Limited Connectivity Env...VMware Tanzu
 
Government-ForeScout-Solution-Brief
Government-ForeScout-Solution-BriefGovernment-ForeScout-Solution-Brief
Government-ForeScout-Solution-BriefJonathan Reyes
 
Controlled unclassified information
Controlled unclassified informationControlled unclassified information
Controlled unclassified informationKaye Beach
 
GDPR - Top 10 AWS Security and Compliance Best Practices
GDPR - Top 10 AWS Security and Compliance Best PracticesGDPR - Top 10 AWS Security and Compliance Best Practices
GDPR - Top 10 AWS Security and Compliance Best PracticesAhmad Khan
 
Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Ulf Mattsson
 
Isf 2015 continuous diagnostics monitoring may 2015
Isf 2015 continuous diagnostics monitoring may 2015Isf 2015 continuous diagnostics monitoring may 2015
Isf 2015 continuous diagnostics monitoring may 2015abhi75
 
Southern Risk Council - Cybersecurity Update 10-9-13
Southern Risk Council - Cybersecurity Update 10-9-13Southern Risk Council - Cybersecurity Update 10-9-13
Southern Risk Council - Cybersecurity Update 10-9-13Phil Agcaoili
 
Complying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and DataComplying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and DataPrecisely
 
ITAR for Defense Industry Executives
ITAR for Defense Industry ExecutivesITAR for Defense Industry Executives
ITAR for Defense Industry ExecutivesDouglas Burdett
 
The Cloud Computing Contract Playbook: Contracting for Cloud Services
The Cloud Computing Contract Playbook: Contracting for Cloud ServicesThe Cloud Computing Contract Playbook: Contracting for Cloud Services
The Cloud Computing Contract Playbook: Contracting for Cloud ServicesThis account is closed
 
Mbs r35 b
Mbs r35 bMbs r35 b
Mbs r35 bSelectedPresentations
 
CMMC 2.0 Explained: Impact for SMBs
CMMC 2.0 Explained: Impact for SMBsCMMC 2.0 Explained: Impact for SMBs
CMMC 2.0 Explained: Impact for SMBsIgnyte Assurance Platform
 
NIST_Ignyte_OSCALWorkshop_2022.pdf
NIST_Ignyte_OSCALWorkshop_2022.pdfNIST_Ignyte_OSCALWorkshop_2022.pdf
NIST_Ignyte_OSCALWorkshop_2022.pdfIgnyte Assurance Platform
 

More Related Content

Similar to Ignyte - US Sovereign Cloud Computing

Isaca new delhi india privacy and big data
Isaca new delhi india privacy and big dataIsaca new delhi india privacy and big data
Isaca new delhi india privacy and big dataUlf Mattsson
 
Mulin Holstein PKI-strategy
Mulin Holstein PKI-strategyMulin Holstein PKI-strategy
Mulin Holstein PKI-strategyfEngel
 
FED GOV CON - Cybersecurity Compliance Under The DFARS
FED GOV CON - Cybersecurity Compliance Under The DFARSFED GOV CON - Cybersecurity Compliance Under The DFARS
FED GOV CON - Cybersecurity Compliance Under The DFARSJSchaus & Associates
 
FED GOV CON - Cybersecurity Compliance Under The FAR
FED GOV CON - Cybersecurity Compliance Under The FARFED GOV CON - Cybersecurity Compliance Under The FAR
FED GOV CON - Cybersecurity Compliance Under The FARJSchaus & Associates
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingIgnyte Assurance Platform
 
Minimizing Compliance Resistance to Digital Transformation --- Design for reg...
Minimizing Compliance Resistance to Digital Transformation --- Design for reg...Minimizing Compliance Resistance to Digital Transformation --- Design for reg...
Minimizing Compliance Resistance to Digital Transformation --- Design for reg...VMware Tanzu
 
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...Ignyte Assurance Platform
 
ITAR for Government Contracts - Revised for Recent Amendments
ITAR for Government Contracts - Revised for Recent Amendments ITAR for Government Contracts - Revised for Recent Amendments
ITAR for Government Contracts - Revised for Recent Amendments Doug Bowman
 
The Anatomy of Building a Compliant PCF Service in a Limited Connectivity Env...
The Anatomy of Building a Compliant PCF Service in a Limited Connectivity Env...The Anatomy of Building a Compliant PCF Service in a Limited Connectivity Env...
The Anatomy of Building a Compliant PCF Service in a Limited Connectivity Env...VMware Tanzu
 
Government-ForeScout-Solution-Brief
Government-ForeScout-Solution-BriefGovernment-ForeScout-Solution-Brief
Government-ForeScout-Solution-BriefJonathan Reyes
 
Controlled unclassified information
Controlled unclassified informationControlled unclassified information
Controlled unclassified informationKaye Beach
 
GDPR - Top 10 AWS Security and Compliance Best Practices
GDPR - Top 10 AWS Security and Compliance Best PracticesGDPR - Top 10 AWS Security and Compliance Best Practices
GDPR - Top 10 AWS Security and Compliance Best PracticesAhmad Khan
 
Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Ulf Mattsson
 
Isf 2015 continuous diagnostics monitoring may 2015
Isf 2015 continuous diagnostics monitoring may 2015Isf 2015 continuous diagnostics monitoring may 2015
Isf 2015 continuous diagnostics monitoring may 2015abhi75
 
Southern Risk Council - Cybersecurity Update 10-9-13
Southern Risk Council - Cybersecurity Update 10-9-13Southern Risk Council - Cybersecurity Update 10-9-13
Southern Risk Council - Cybersecurity Update 10-9-13Phil Agcaoili
 
Complying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and DataComplying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and DataPrecisely
 
ITAR for Defense Industry Executives
ITAR for Defense Industry ExecutivesITAR for Defense Industry Executives
ITAR for Defense Industry ExecutivesDouglas Burdett
 
The Cloud Computing Contract Playbook: Contracting for Cloud Services
The Cloud Computing Contract Playbook: Contracting for Cloud ServicesThe Cloud Computing Contract Playbook: Contracting for Cloud Services
The Cloud Computing Contract Playbook: Contracting for Cloud ServicesThis account is closed
 

Similar to Ignyte - US Sovereign Cloud Computing (20)

Robert Nichols: Cybersecurity for Government Contractors
Robert Nichols: Cybersecurity for Government ContractorsRobert Nichols: Cybersecurity for Government Contractors
Robert Nichols: Cybersecurity for Government Contractors
 
Isaca new delhi india privacy and big data
Isaca new delhi india privacy and big dataIsaca new delhi india privacy and big data
Isaca new delhi india privacy and big data
 
Mulin Holstein PKI-strategy
Mulin Holstein PKI-strategyMulin Holstein PKI-strategy
Mulin Holstein PKI-strategy
 
FED GOV CON - Cybersecurity Compliance Under The DFARS
FED GOV CON - Cybersecurity Compliance Under The DFARSFED GOV CON - Cybersecurity Compliance Under The DFARS
FED GOV CON - Cybersecurity Compliance Under The DFARS
 
FED GOV CON - Cybersecurity Compliance Under The FAR
FED GOV CON - Cybersecurity Compliance Under The FARFED GOV CON - Cybersecurity Compliance Under The FAR
FED GOV CON - Cybersecurity Compliance Under The FAR
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
 
Minimizing Compliance Resistance to Digital Transformation --- Design for reg...
Minimizing Compliance Resistance to Digital Transformation --- Design for reg...Minimizing Compliance Resistance to Digital Transformation --- Design for reg...
Minimizing Compliance Resistance to Digital Transformation --- Design for reg...
 
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
 
ITAR for Government Contracts - Revised for Recent Amendments
ITAR for Government Contracts - Revised for Recent Amendments ITAR for Government Contracts - Revised for Recent Amendments
ITAR for Government Contracts - Revised for Recent Amendments
 
The Anatomy of Building a Compliant PCF Service in a Limited Connectivity Env...
The Anatomy of Building a Compliant PCF Service in a Limited Connectivity Env...The Anatomy of Building a Compliant PCF Service in a Limited Connectivity Env...
The Anatomy of Building a Compliant PCF Service in a Limited Connectivity Env...
 
Government-ForeScout-Solution-Brief
Government-ForeScout-Solution-BriefGovernment-ForeScout-Solution-Brief
Government-ForeScout-Solution-Brief
 
Controlled unclassified information
Controlled unclassified informationControlled unclassified information
Controlled unclassified information
 
GDPR - Top 10 AWS Security and Compliance Best Practices
GDPR - Top 10 AWS Security and Compliance Best PracticesGDPR - Top 10 AWS Security and Compliance Best Practices
GDPR - Top 10 AWS Security and Compliance Best Practices
 
Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...
 
Isf 2015 continuous diagnostics monitoring may 2015
Isf 2015 continuous diagnostics monitoring may 2015Isf 2015 continuous diagnostics monitoring may 2015
Isf 2015 continuous diagnostics monitoring may 2015
 
Southern Risk Council - Cybersecurity Update 10-9-13
Southern Risk Council - Cybersecurity Update 10-9-13Southern Risk Council - Cybersecurity Update 10-9-13
Southern Risk Council - Cybersecurity Update 10-9-13
 
Complying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and DataComplying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and Data
 
ITAR for Defense Industry Executives
ITAR for Defense Industry ExecutivesITAR for Defense Industry Executives
ITAR for Defense Industry Executives
 
The Cloud Computing Contract Playbook: Contracting for Cloud Services
The Cloud Computing Contract Playbook: Contracting for Cloud ServicesThe Cloud Computing Contract Playbook: Contracting for Cloud Services
The Cloud Computing Contract Playbook: Contracting for Cloud Services
 
Mbs r35 b
Mbs r35 bMbs r35 b
Mbs r35 b
 

More from Ignyte Assurance Platform

How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...Ignyte Assurance Platform
 
CMMC 2.0 | What the changes mean for organizations in the DIB
CMMC 2.0 | What the changes mean for organizations in the DIBCMMC 2.0 | What the changes mean for organizations in the DIB
CMMC 2.0 | What the changes mean for organizations in the DIBIgnyte Assurance Platform
 
CMMC 2.0 I L1 & L2 Scoping Guidance Explained
CMMC 2.0 I L1 & L2 Scoping Guidance ExplainedCMMC 2.0 I L1 & L2 Scoping Guidance Explained
CMMC 2.0 I L1 & L2 Scoping Guidance ExplainedIgnyte Assurance Platform
 
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with IgnyteMidway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with IgnyteIgnyte Assurance Platform
 
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply ChainsFortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply ChainsIgnyte Assurance Platform
 
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsFull Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsIgnyte Assurance Platform
 
How I Woke Up from the CMMC Compliance Nightmare
How I Woke Up from the CMMC Compliance NightmareHow I Woke Up from the CMMC Compliance Nightmare
How I Woke Up from the CMMC Compliance NightmareIgnyte Assurance Platform
 
Ignyte assurance platform NIST RMF datasheet.
Ignyte assurance platform NIST RMF datasheet.Ignyte assurance platform NIST RMF datasheet.
Ignyte assurance platform NIST RMF datasheet.Ignyte Assurance Platform
 

More from Ignyte Assurance Platform (15)

CMMC 2.0 Explained: Impact for SMBs
CMMC 2.0 Explained: Impact for SMBsCMMC 2.0 Explained: Impact for SMBs
CMMC 2.0 Explained: Impact for SMBs
 
NIST_Ignyte_OSCALWorkshop_2022.pdf
NIST_Ignyte_OSCALWorkshop_2022.pdfNIST_Ignyte_OSCALWorkshop_2022.pdf
NIST_Ignyte_OSCALWorkshop_2022.pdf
 
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
 
CMMC 2.0 | What the changes mean for organizations in the DIB
CMMC 2.0 | What the changes mean for organizations in the DIBCMMC 2.0 | What the changes mean for organizations in the DIB
CMMC 2.0 | What the changes mean for organizations in the DIB
 
CMMC 2.0 I L1 & L2 Assessment Guidance
CMMC 2.0 I L1 & L2 Assessment GuidanceCMMC 2.0 I L1 & L2 Assessment Guidance
CMMC 2.0 I L1 & L2 Assessment Guidance
 
CMMC 2.0 I L1 & L2 Scoping Guidance Explained
CMMC 2.0 I L1 & L2 Scoping Guidance ExplainedCMMC 2.0 I L1 & L2 Scoping Guidance Explained
CMMC 2.0 I L1 & L2 Scoping Guidance Explained
 
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with IgnyteMidway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
 
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply ChainsFortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
 
Securing the Supply Chain
Securing the Supply ChainSecuring the Supply Chain
Securing the Supply Chain
 
CMMC Breakdown
CMMC BreakdownCMMC Breakdown
CMMC Breakdown
 
Corporate Cyber Program
Corporate Cyber ProgramCorporate Cyber Program
Corporate Cyber Program
 
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsFull Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
 
How I Woke Up from the CMMC Compliance Nightmare
How I Woke Up from the CMMC Compliance NightmareHow I Woke Up from the CMMC Compliance Nightmare
How I Woke Up from the CMMC Compliance Nightmare
 
CMMC DFARS/NIST SP 800-171
CMMC DFARS/NIST SP 800-171 CMMC DFARS/NIST SP 800-171
CMMC DFARS/NIST SP 800-171
 
Ignyte assurance platform NIST RMF datasheet.
Ignyte assurance platform NIST RMF datasheet.Ignyte assurance platform NIST RMF datasheet.
Ignyte assurance platform NIST RMF datasheet.
 

Recently uploaded

Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 

Recently uploaded (20)

Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 

Ignyte - US Sovereign Cloud Computing

  • 2. Agenda ● What is a Sovereign Cloud Computing? ● National & Local Impact ● Restricted Data ● Summary ● Q&A
  • 3. • Enterprise Risk Leader 15 years of Business and Security Technology Leadership experience • Corporate cyber security experience — FIS, NCR, IBM, Dell, Credit Unions, etc…. • R&D & Model development — Trusted Platform Module (TPM) Chip Development, Air Force Tech Transfer, Citrix patent (team member) • Federal agency cyber experience — USAF, Army, Navy, DOS, NRO, NGA, CIA, NSA, NASIC and others units for system accreditations Max Aulakh, MBA, CISSP, CISA, CRISC Managing Director Formal Education & Credentials • Wright State University — MBA (2014) • American Military University — B.S Information Security, Computer Science (2009) • Community College of the Air Force — Criminal Justice (2009) • Cyber & Technology Industry Credentials: CISSP, PMP, Linux+, Security+, Network+, ITIL-F, Certified Scrum Master ✔ Cigital Defensive Programming, OWASP, Threat Modeling, etc.. ✔ Cyber Regulatory/Frameworks — CMMC, NIST, HIPAA, HITRUST, SOC 1/2, CIS, FFIEC, ISO 27K, FISMA • Formal Military Physical Security Training: Counter Terrorism, HAZMAT, Explosive Ordinance, Customs, Use of Force, LOAC, Force Protection, Combat Leadership, Ground Defense Command, SERE, Bloodborne Pathogens • Formalized Weapon Systems Training: M9, M4, M2, M249 & M240B US Military Operational – Strategic Tour of Duties 2007-2009: Iraq — Security Forces Leadership 2006-2007: Afghanistan — Security Forces Member/Forward Deployed Military Linguist (Hindi, Urdu & Punjabi) 2005-2006: Iraq — Security Forces/Classified Systems Member 2003-2005: Turkey — US Nuclear Weapons Systems Administrator & Security Member max@ignyteplatform.com I 937-789-4216 I https://www.linkedin.com/in/maxaulakh/ Cyber & Technology Industry Credentials • CISSP • PMP • Linux+ • Certified Scrum Master • Digital Defensive Programming • OWASP • Threat Modeling • Security+ • Network+ • ITIL-F • USAF • Army • Navy • CIA • NSA • NASIC • DOS • NRO • NGA Federal & Corporate agency cybersecurity experience • Dell • IBM • UFCU
  • 5. What is Sovereign Cloud Computing ● Isolated in-country platform ● Autonomous legal entity (not a government owned entity) ● All operations are managed by sovereign citizen of that country
  • 6. Sovereign Computing & Data ● Data is subject to where the data is collected ● Any foreign entity is not able to exert control over the data ● All data (customer data & metadata) is resident and controlled in that jurisdiction
  • 7. Data Sovereignty ● Stored locally within the autonomous cloud provider within the country. ● Staff is subject to local laws of the country. ○ May even have security clearances and/or proper approvals. Data Sovereignty and Data Residency Data Residency ● Customer’s data is in local zone or country ● Access to account information could be overseas such as logins, passwords, Network information, diagnostics, etc.. ● The customer data is controlled access by the foreign entity. ○ Example: US Contractor providing services overseas or foreign contractor (outsourced staff) providing technology services to a US entity.
  • 8. ● Government entities what complete control over their data. ○ National Security (US) and/or Economical Benefit (European) ● US Hyperscaler Dominance - global & critical data is managed by US Cloud provider(s) - Rapid changes in geo political climate. ○ Ukraine, China, Russia, etc.. ● US Cloud Act gives USG complete access to jurisdictional control of data even if the data is residing in foreign soil. Primary Drivers of Sovereign Cloud
  • 9. Two main objectives: ● Amended the Stored Communications Act to require providers to comply with their obligations to preserve, backup or disclose electronic data in their possession regardless of where that information is located; ● Allow the U.S. government to enter into executive agreements with foreign governments for reciprocal expedited access to electronic information held by providers based abroad. Enacted in March 2018 Also known as Section 702 of the US Foreign Intelligence Surveillance Act (FISA) US Clarifying Lawful Overseas Use of Data (CLOUD) Act
  • 10. ● European Countries (GDPR) ○ UKCloud, Germany (Gaia-X), Switzerland, France, etc.. ● Asia ○ India, China & Taiwan ● Middle East ● United States ○ GovCloud Geographies Adopting
  • 11. ● Azure GCC High ● Google Public Sector ● Amazon GovCloud ● Oracle Cloud Examples of Sovereign Clouds - United States
  • 13. ● Data fuels the defense economy ● Data fuels innovation and growth ● As a nation if we are not in control of the data - than it is very hard for data to become a nation asset in its own right. National Impact CUI is the path of least resistance for adversaries. Loss of aggregated CUI is the one of the most significant risks to national security, directly affecting lethality of our warfighters. Defense Counterintelligence Agency
  • 14. ● Wright Patterson AFB ● Defense Contractors ● Manufacturing ● Federally Funded Research Development Centers (FFRDCs) ○ Educational Institutions ○ Science and Technology ● Supporting Technology Services Organizations ○ IT, MSPs, MSSPs, CSPs Local Impact - Defense Industrial Base
  • 15. ● Cyber Security Maturity Model Certification (CMMC) ○ Potential to replace many industry wide certification schemes ○ Widest impact ● Federal Risk and Authorization Management Program (FedRAMP) ● Executive Order 14028 Section 4e - Software Supply Chain Government Programs
  • 16. US Data Restrictions Regulation Authority Stakeholder Primary Focus Specifies International Traffic in Arms (ITAR) 22 CFR Parts 120-130 US Department of State (DDTC) United States Munitions List (USML) Protection of defense-related articles and services Export Administration Regulations (EAR) 15 CFR Parts 730-774 US Department of Commerce (BIS) Commerce Control List (CCL) Protection of commercial and dual-use items, information and technology. Controlled Unclassified Information (CUI) Program EO 13556 US National Archives (NARA) Controlled Unclassified Information (CUI) CUl categories & protection requirements Defense Federal Acquisition Regulation Supplement (DFARS) 252 204-7012 252.204-7021 US Department of Defense (DoD) Controlled Unclassified Information (CUI) - NIST SP 800-171 implementation - Cybersecurity Maturity Model Certification (CMMC) Federal Acquisition Regulation (FAR) 52.204-21 General Services Administration (GSA) US Department of Defense (DoD) National Aeronautics and Space Administration (NASA) Federal Contract Information (FCI) 15 basic cybersecurity requirements
  • 17. Technical Definitions FCI Information, not intended for public release, that is provided by or generated for the Government under a contract to develop or deliver a product or service to the Government, but not including information provided by the Government to the public (such as on public websites) or simple transactional information, such as necessary to process payments. CUI Government-created or -owned UNCLASSIFIED information that must be safeguarded from unauthorized disclosure. An overarching term representing many different categories, each authorized by one or more law, regulation, or Government-wide policy. Information requiring specific security measures indexed under one system across the Federal Government. CDI Unclassified controlled technical information or other information, as described in the Controlled Unclassified Information (CUI) Registry at http://www.archives.gov/cui/registry/category-list.html, that requires safeguarding or dissemination controls pursuant to and consistent with law, regulations, and Governmentwide policies, and is— (1) Marked or otherwise identified in the contract, task order, or delivery order and provided to the contractor by or on behalf of DOD in support of the performance of the contract; or (2) Collected, developed, received, transmitted, used, or stored by or on behalf of the contractor in support of the performance of the contract. CTI Technical information with military or space application that is subject to controls on the access, use, reproduction, modification, performance, display, release, disclosure, or dissemination. Controlled technical information would meet the criteria, if disseminated, for distribution statements B through F using the criteria set forth in DOD Instruction 5230.24, Distribution Statements on Technical Documents. The term does not include information that is lawfully publicly available without restrictions. ITAR The International Traffic in Arms Regulations (“ITAR,” 22 CFR 120-130) implements the AECA. The Arms Export Control Act requires that all manufacturers, exporters, temporary importers, and brokers of defense articles (including technical data) as defined on the United States Munitions List (ITAR part 121) and furnishers of defense services are required to register with the Directorate of Defense Trade Controls (DDTC) as described in ITAR part 122 (part 129 for brokers). It is primarily a means to provide the U.S. Government with necessary information on who is involved in certain ITAR controlled activities and does not confer any export or temporary import rights or privileges. Registration is generally a precondition for the issuance of any license or other approval and use of certain exemptions. Per ITAR §122.1, any person who engages in the United States in the business of either manufacturing or exporting or temporarily importing defense articles or furnishing defense services is required to register with DDTC. Manufacturers who do not engage in exporting must nevertheless register. Please review and thoroughly understand all definitions, especially the definition of Exporting as it applies to ITAR. Additionally, review and understand entries on the United States Munitions List (ITAR part 121)
  • 18. DoD Distribution Marked Information DISTRIBUTION STATEMENT A Approved for public release: distribution unlimited. DISTRIBUTION STATEMENT B. Distribution authorized to U.S. Government agencies (reason) (date of determination). Other requests for this document shall be referred to (controlling DoD office). DISTRIBUTION STATEMENT C. Distribution authorized to U.S. Government agencies and their contractors (reason) (date of determination). Other requests for this document shall be referred to (controlling DoD office) DISTRIBUTION STATEMENT D. Distribution authorized to Department of Defense and U.S. DoD contractors only (reason) (date of determination). Other requests for this document shall be referred to (controlling DoD office). DISTRIBUTION STATEMENT E. Distribution authorized to DoD Components only (reason) (date of determination). Other requests for this document shall be referred to (controlling DoD office). DISTRIBUTION STATEMENT F. Further dissemination only as directed by (controlling office) (date of determination) or higher DoD authority.
  • 20. ● Sovereign Computing ● Isolated in-country platforms ● Data residency versus data sovereignty ● Data as the new oil - a national asset ● Economical & National Security Benefit ● Emerging Programs ● CMMC ● FedRAMP ● SBOMs via Executive Order ● Protection of CUI Recap
  • 21. Q&A
  • 22. Thank you www.ignyteplatform.com info@ignyteplatform.com 1.833.IGNYTE1 5818 Wilmington Pike, Centerville, OH 45459-7004 Max Aulakh Managing Director max@ignyteplatform.com 937-789-4216