SafeShare for ITAR is a secure enterprise file sync and sharing solution deployed in Amazon GovCloud and offered as a multi-tenant SaaS. SafeShare for ITAR allows small to medium businesses to migrate regulated data to the Cloud without impacting their employees’ ability to access and securely share sensitive information. This platform automatically and transparently secures files with end-to-end encryption, granular access controls, and multi-factor authentication. Unlike commercial cloud offerings (Office 365, Google Drive, Dropbox, and Box), SafeShare for ITAR allows businesses to adopt the cloud without compromising their compliance requirements.
If your organization is planning on or is currently working on material defined within Part 121, the USML it is very likely you are required to be compliant with ITAR regulation 22 CRF 120-130.
Please refer to the Enumeration of Articles published by the Electronic Code of Federal Regulations (e-CFR) for the reference to materials.
‘SafeShare for ITAR’ is a secure, ITAR and EAR complaint cloud-based system with files stored in a US sovereign cloud.
Files are protected according to the end-to-end encryption definition in the EAR
Access SafeShare for ITAR from any device or web browser
Strong authentication of users to prevent breaches due to stolen passwords
Reporting on usage and logging of all access
Integrates with services such as Microsoft ADFS for identity management and authentication
Easily grant access and share information with external users
US-based customer support for quick responses to your questions
Because the files are encrypted end-to-end, then even
if the system is compromised your documents are protected from being read by anyone that you have not authorized.
The encryption keys are strictly managed by the ‘SafeShare for ITAR’ system to enforce access control according to permissions set by the document owner.
Even your IT systems administrator cannot access the files or encryption keys.
‘SafeShare for ITAR’ is a file storage system that encrypts files as hey are uploaded into the system. Access is controlled by the Document Owner who assigns individuals permissions such as download, view-only or edit online.
Documents are then automatically un-encrypted when accessed by authenticated and authorized individuals.
This approach to high security data management is called ‘Data-Centric Security’, where the focus is on protecting the data itself, as the key asset, rather than depending on network security or blocking intruders at the perimeter.
‘SafeShare for ITAR’ provides a secure, structured records storage system for compliance with ITAR record keeping requirements.
These include the ‘Office of Export Compliance’ and ‘e-CFR’ (Electronic Code of Federal Regulations) record keeping requirements for ITAR companies, where all shipping and export transaction documents are to be securely stored and organized for quick retrieval during audits.
‘SafeShare for ITAR’ is a cloud-based, highly secure and easy-to-use file storage and sharing system that has been packaged specifically for ITAR and EAR regulated data.
You can restrict access to any location or country – just set the coordinates!
‘SafeShare for ITAR’ has been developed to be intuitive and easy-to-use, recognizing that system users want to focus on their business rather than how to correctly use the file sharing system.
The system has been designed to deliver maximum practical automation and the least possible dependence on manual user processes.
To the greatest extent possible, ‘SafeShare for ITAR’ operates automatically in the background in a way that minimises user impact while ensuring the effective application of security controls.
Find out how to create a ITAR and EAR compliant infrastructure for data.
Cocoon Data maintains an ISO 27001 certification, adheres to NIST 800-171 guidelines and we are in the process of adopting CMMC prior to this new regulation going live.
Data ownership by default is linked to the user that created the data. Each piece of data is encrypted with its own AES-256 bit key and the key is owned by the owner of the data.
All data is stored in AWS GovCloud.
All data is encrypted prior to transit in and out of SafeShare in GovCloud. Data at rest is encrypted with AES-256 bit encryption keys which are only accessible by the data owner (user). Each document is encrypted with its own unique AES-256 bit encryption key (100 documents have 100 unique keys. Our patented approach to encryption and policy association the data owner identity allows for more granular and secure controls then traditional volume encryption which only employs 1 encryption key and relies solely on policy to protect sensitive data.
All Cocoon Data engineering staff are required to pass a background check. Engineers that work on our GovCloud Operations Team have additional requirements such as being a US citizen and going through extensive training on ITAR regulation and security protocol for such regulated data.
All GovCloud operations follow strict security guidelines including, but not limited to, change control of all system configurations, internal audits, internal penetration testing, formal review processes, C3PAO audits and C3PAO penetration testing. In the event of a data breach we will employ our critical security response team to shut down the breach, gather forensic evidence and notify our customer base of such an incident.
All support is conducted in house. Most development is conducted in house. All development that is conducted by third parties is reviewed and audited prior to merge with any of our products.
All data is backed up for 35 days.
SafeShare is built on modern high availability cluster architecture that allows for a high degree of flexibility and uptime. All data is stored in a database independently from infrastructure. Backups are done daily and stored for 35 days. The following conditions are made:
a) Determine Process and System Criticality
b) Identify Outage Impacts and Estimated Downtime
i) Outage Impacts
ii) Estimated Downtime
1: Maximum Tolerable Downtime (MTD)
2: Recovery Time Objective (RTO)
3: Recovery Point Objective (RPO)
c) Identify Recovery Priorities for System Resources
i) Recovery Time Objective (RTO)
Cocoon Data requires all GovCloud engineers to sign an NDA requiring them to not divulge or disclose sensitive information about Cocoon Data, Cocoon Data clients or sensitive information about any party learned under their employment.
Cocoon Data updates and/or performs routine maintenance on SafeShare infrastructure at least quarterly.
Please see Cocoon Data’s SLA documentation.
(99.9%?, 95%?) Cocoon Data offers a minimum of 99.9% uptime of our SaaS offerings.