Issue link: https://iconnect007.uberflip.com/i/1265351
34 SMT007 MAGAZINE I JULY 2020 by a lot of our proprietary systems like we were before. So, that would be a recommendation I would make: use the cloud-based file systems and file-sharing sources to make that work. Matties: Because of ITAR and other regulations, how does that cloud-based or hybrid cloud- based service fit into those situations? Cormier: As of right now, there are only two mainstream providers that can meet the stan- dards: Amazon Web Service's GovCloud (which is its full suite of AWS products, from S3 bucket storage and cloud compute to any- thing that you're looking for on the compute side), and Microsoft Azure. The GovCloud allows you to be pinpointed as a government entity, and you can tell it what boundaries you require your data to stay within. Then, you still meet those ITAR requirements and some of the defense requirements as well. Matties: Third-party solutions are providing your security, but it probably provides you some relief in IT concerns or workload. Cormier: Exactly, because there are services that we're able to turn on to monitor and alert us that are better than most security systems that we could try to bring in-house and pay a lot more money for. Again, the cost-benefit made too much sense not to move in that direction. Matties: You have some new mechanisms. What other advice do you have for fabricators to consider? Cormier: I recommend performing a risk anal- ysis quite often to pinpoint your vulnerabili- ties, know how to drive yourself forward to fix certain points of weakness. Review and con- firm on a regular basis that you're reviewing your disaster recovery plans. Then, ensure that everybody's on the same page as you add new services, etc. You have to constantly review those to make sure that you're not going to miss anything in case of an event like this. Matties: Backup is something that's part of the strategy. You have an isolated backup that is offsite, remote, and not connected as well. Have you changed your backup strategy? Cormier: Yes. We've gone through a different approach for utilizing more cloud. Again, we're using Amazon AWS's GovCloud services and Glacier storage for a lot of our backup systems. We were originally sharing between facilities so that they were technically offsite, but again, this exposed a weakness that required us to switch gears and change tactics. Matties: With offsite and go-between facilities, that seems like a reasonable and sound strat- egy until somebody finds the vulnerability. Cormier: There are a lot of companies and solu- tions, and they meet a lot of these industry requirements, such as Veeam Backup Solu- tions and a couple of others that allow for your backup strategy to slipstream straight into a cloud platform, which is quite nice. Matties: And you were lucky since it wasn't a data breach. It was a lockout situation. Cormier: It affected availability but not the integrity or confidentiality of the data. Matties: But even with the lockout situation, this shut your business down. Cormier: Correct. Matties: From a leadership and administration perspective, Dave, this is a business interrup- tion that most people don't insure against. I'm not sure what the insurance companies are doing in that regard. Do you have any advice for people on what they should look at when insuring that type of business interruption? Dave Ryder: First, let me address the insurance side of the issue. There are certain things you can do through your insurance company to ensure that you're covered in cases like this. Unfortunately for us, we were limited on that side of the insurance coverage, and it simply