Pic
Security

Still using Google for ITAR?

Popular software applications like those offered by Google are putting small businesses regulated by ITAR at risk.


With the rise of cloud-based technology, we are experiencing a surge of productivity applications that are built to be lightweight, configurable, and affordable. These include products like Airtable, Monday.com, QuickBase, as well as the ubiquitous Google suite of apps (Docs, Sheets, Drive).

These commercial, off-the-shelf (COTS) software products are a boon for small to medium businesses that aren’t ready to invest in an ERP like Oracle or SAP, and want something to quickly set up and start managing their processes. However, for businesses that are subject to ITAR and EAR, these products pose a major risk for non-compliance. For these manufacturers, the only alternative is expensive on-prem software that is difficult to maintain.

Cloud-based services are expected to account for nearly 50% of all organization-level software usage among manufacturers by 2023. Businesses dealing with ITAR should have an equal opportunity to leverage the cloud in improving their operations.

Explain ITAR and EAR.

First, a quick explanation of ITAR and EAR. ITAR and EAR are parallel regulations that regulate the import and export of goods, data and services. ITAR is focused on defense-related articles while EAR focuses on dual-use items available for commercial sale and government use. Both regulations are aimed at preventing sensitive information from being accessible by foreign nationals.

What’s the Risk?

The risk in using COTS products like Google Suite or Airtable is that the provisions of these regulations extend not only beyond the business itself to the software vendor they use, but also to the infrastructure provider the software vendor uses.

The most popular infrastructure provider is Amazon Web Services (AWS), with applications like Airtable and Monday.com hosted on their servers. These applications, along with others like Dropbox and QuickBase, are not compliant because they are hosted on the AWS public cloud, which is accessible by foreign nationals employed by Amazon. Google’s suite of products is also not compliant because it is hosted on Google Cloud, which does not support ITAR-controlled data.

What’s the Solution?

The benefit of these applications is their ability to leverage the cloud’s capabilities to manage your business in real-time at an affordable price. The good news is that it is still possible to use the cloud to manage ITAR-controlled data. Both AWS and Microsoft Azure offer ITAR and EAR-compliant cloud infrastructures that software vendors can host their products on, called AWS GovCloud and Microsoft Azure Government respectively.

While the popular COTS products mentioned above are not hosted on these special cloud infrastructures, there are other products that are that can meet your needs. We suggest you run a thorough investigation of what applications your employees are using to store, send and receive sensitive data, and build a plan to switch usage over to a compliant product.

FactoryFour for ITAR

FactoryFour was designed with the same aesthetic and usability principles as these COTS products, with the ability to scale with your unique processes and organization growth. Most importantly, we are ITAR and EAR compliant and focused specifically on manufacturing. FactoryFour provides you with:

  • Fully compliant data storage hosted on AWS GovCloud restricted to the US.
  • Secure data encryption in transit and at rest.
  • Granular permissioning to ensure only approved personnel can access sensitive data.
  • Traceable, electronic audit trail of all actions performed or data entered.
  • Sequestered team of US persons on FactoryFour Customer Success staff that have been trained in safe handling of Export Controlled and ITAR governed data.

Need a manufacturing management software that is ITAR compliant? Speak to one of our experts today.

Need a manufacturing management software that is ITAR compliant? Speak to one of our experts here and book a demo today.