This article can also be found in the Premium Editorial Download "Information Security magazine: Nine tips to guarding your intellectual property."
Download it now to read this article plus other related content.
Why are many companies not sufficiently protecting their trade secrets? Aside from not fully understanding what a trade secret is, many have not identified their own trade secrets. Even if they have, a lot have not determined where in the organization their secrets are, in what form they exist (such as digital or paper) and by whom they are used.
"If your employees don't know what to protect, how can they protect it?" says Christopher Burgess, senior security adviser to the CSO at Cisco Systems.
Additionally, some companies put a priority on innovation rather than security. "The smaller tech companies in particular need to be very nimble, so the focus in the executive suite is on product development and customer service rather than protecting IP," says Parrella of the CHIP unit.
Even with the IP protections many Fortune 500 companies have in place, trade secrets continue to leak out. Weaknesses in security procedures, inherent vulnerabilities within business processes, disjointed risk management programs and ineffective education and awareness programs all contribute to this problem.
All too often, senior management teams, boards of directors and senior executives are lulled into a false sense of security about trade secrets. Largely this is due to misunderstanding
the legal protection for trade secrets, coupled with being organizationally buffered from the daily operations security managers face.
"When we speak to victims, we are finding out that the people responsible for security on R&D projects are not at the C-suite level, so that magnitude of the risk is filtered out by the time it gets to the top of the organization," says Parrella.
Furthermore, many organizations believe that they mitigate the risk of trade secret theft via contractual agreements such as NDAs and confidentiality agreements, but this simply isn't the case. Although important to have in place from a prosecution standpoint, these agreements are not particularly effective at preventing theft, says Schadler: "The sort of people who want to steal the trade secrets are not going to feel bound by an NDA."
And while a company might have a strong IP protection program on paper, it can get in the way of employees doing their jobs effectively. A related problem is that the corporate culture may be at odds with IP security directives and employees simply ignore them. IP protection done wrong creates a barrier to creativity, which is what makes U.S. companies such great innovators.
This was first published in May 2007