-
Where Your Clients’ Financial Data Lives: A Data Sovereignty Checklist for Accounting Firms
Accounting firms hold their clients’ most sensitive financial data. An 8-point checklist for evaluating where that data actually lives: residency, access, audit trail, key custody, WORM retention, and breach cooperation.
-
Client Confidentiality in the Cloud: A Data Sovereignty Checklist for Law Firms
A law firm’s duty of confidentiality follows the data onto infrastructure it does not own. An 8-point checklist for evaluating where client files actually live: residency, personnel, matter-scoped access, audit trail, key custody, legal hold, portability, and breach cooperation.
-
The 72-Hour Clock: DFARS 252.204-7012 and What Your Cloud Provider Owes You
DFARS 7012 is not just the 110 controls CMMC assesses. It is a 72-hour reporting clock, a 90-day preservation duty, and a cloud paragraph with two halves most vendor conversations skip. Here is the obligation-ownership split.
-
The VMware Renewal Letter: What Mid-Market IT Should Do Before Signing
A 90-day checklist for the mid-market IT team staring at a VCF or VVF renewal quote that is two to ten times last cycle. Get your real core count, price your actual requirement, and use the renewal as leverage.
-
OpenCloud 7.0.0: What’s New, and What It Means If Someone Else Runs It For You
OpenCloud 7.0.0 brings a rebuilt sharing backend with a one-time migration blackout window, plus security hardening. Here is what changed, and why managed customers read about it in a release note instead of performing it at 2 a.m.
-
Mapping Open Edge Cloud to CMMC Level 2 (Via FedRAMP Moderate Equivalent)
We walked all 14 CMMC Level 2 domains and mapped Open Edge Cloud actual posture, practice by practice. About 75 of 110 practices land on the platform side. The engineering target is FedRAMP Moderate; CMMC L2 falls out as marginal additional surface via DoD FedRAMP Mod Equivalent recognition for CUI.
-
How Open Edge Cloud Approaches Compliance: A Control-by-Control Operating Picture
The operating picture of compliance at Open Edge Cloud: FIPS 140-3 validated cryptography, federated SSO, encrypted multi-year audit retention, Wazuh FIM and SCA, tailored CIS L2 hardening, and an OSCAL artifact program targeting FedRAMP Moderate.
-
Patching OpenStack Barbican to Generate P-521 EC Keys (and Filing the Upstream Bug)
How we hit a Barbican validator bug rejecting P-521 elliptic curve key orders, fixed it locally, and submitted the patch upstream alongside three other recently merged Barbican contributions.
-
GDPR-Compliant File Sharing for US Companies
If your US company works with EU customers, partners, or employees, you are processing EU personal data. GDPR applies to you – not because you are in the EU, but because the people whose data you handle are. This creates a specific problem for file sharing. Documents, contracts, employee records, and customer files routinely contain…
-
Total Cost of Ownership: Self-Hosted vs Managed OpenCloud
OpenCloud is free to download and run. The software costs nothing. The infrastructure underneath it is a different story. If you are evaluating OpenCloud for enterprise file sharing, you have two paths: host it yourself or pay someone to manage it. Both are valid. But the real cost of each option looks very different from…