Feature

Intellectual property protection do's and don'ts

Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: Nine tips to guarding your intellectual property."

Download it now to read this article plus other related content.

    Requires Free Membership to View

Spilled Secrets
Recent cases illustrate the variety of ways valuable IP can leak out of an organization.
  • An executive of an Ohio hydraulic pump maker was convicted last year of stealing his company's trade secrets by handing over financial and confidential marketing materials to a South African-based competitor.


  • A Kentucky man was convicted in 2006 of conspiring to steal and sell trade secrets belonging to Corning. While an employee, the man stole drawings of Corning's Thin Filter Translator Liquid Crystal Display glass and sold them to an offshore-based business.


  • A Duracell employee downloaded sensitive data about a top-selling product from company computers onto his home PC and sent it to two Duracell competitors; he was convicted earlier this year.


  • A magazine publisher kept its entire pricing strategy, competitive intelligence, financing information and marketing plans for a new, unreleased magazine stored within a hidden file share on its public Web server. Due to a misconfiguration on its Web site, these trade secrets were exposed to the public through Google hacking.


  • A large technology company, as a normal part of its RFP process, sent detailed specifications, drawings and sub-assembly information to potential suppliers without obtaining signed NDAs or confidentiality agreements in advance.


  • Engineers working for a global technology organization moved between employee and contractor status as individual projects required. Although based out of offshore locations in countries without strong IP laws, they were not required to re-sign the NDA/confidentiality agreements at the onset of each new project.
--BY RUSSELL L. JONES & RENA MEARS

Technological Solutions
Essentially, a trade secret is just another piece of corporate information. Like all information, it has a lifecycle--it is created, used, shared, stored and eventually destroyed.

What makes protecting a trade secret challenging is how it changes form and proliferates through the organization during its lifecycle. It may start as a chemical process written in a lab notebook, at some point be recorded in an electronic document, become a set of discrete tasks in a manufacturing process and eventually be combined with other IP to form a product. Each of these forms--manual, digital, process, product--may have different lifecycles. At each point, the IP may face different risks that must be examined and, where appropriate, mitigated.

Various products can help protect trade secrets and IP data that exist in digital form, during certain points in the data's lifecycle. There are emerging technologies that monitor the movement of structured and unstructured data and enforce actions on the data based on custom policies. These products from vendors such as Orchestria and Vericept work at the network and desktop levels, and can monitor movement, prevent data from being copied from the originating application to external sources--for example, USB drives--and help classify data as requiring more or less protection.

EMC's Infoscape can help inventory unstructured data, such as Microsoft Word documents, Adobe PDF files and various spreadsheets, and also classify it based on a company's data classification scheme. Complementary EMC products offer secure storage and archival of data. Sun Microsystems' Identity Manager can provide a foundation for controlling what systems people are given access to and what roles they are given within an application based on company-defined policy. Sun also offers integrated solutions for secure data storage.

In addition, there are products from companies such as PGP and Entrust to protect mobile data with combinations of file-level encryption and access controls on physical interfaces to the mobile device. Finally, vendors such as Adobe have developed enterprise rights management (ERM) products designed to provide data protection--specifically IP--across business processes and organizational boundaries.

Adobe offers products designed to securely capture, process, transfer and archive information, both online and offline. John Landwehr, Adobe's director of security solutions and strategy, believes that the best protection of sensitive data happens at the document level: "Given the range of devices that IP can live on--from desktops, to laptops, to PDAs and mobile phones--we think that the only viable way to persistently protect that information is if the protection travels with the document."

However, a word of caution about some of these products designed to protect confidential data: Because the vast majority are based on rule-set driven engines, the number of false positives they generate can be significant.

This was first published in May 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: