Data breaches, compliance drive intellectual property protection

By Robert Westervelt, News Editor 10 Jul 2007 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Companies are bracing themselves for the next data breach, implementing technology and processes to protect intellectual property (IP) and other sensitive information in the wake of high profile data breaches.

The CEO is now reading about this stuff and is willing to fund initiatives to better protect data. Jon Olstik, analyst, Enterprise Strategy Group

Compliance is also driving adoption of data protection technologies, according to two studies conducted by the Milford, Mass.-based Enterprise Strategy Group (ESG).

The study on data leakage prevention found that more than one-third of organizations not using data loss prevention technology had information stolen from their databases within the last 12 months and that 30% of those data breaches impacted bottom-line revenues.

"The CEO is now reading about this stuff and is willing to fund initiatives to better protect data," said Jon Olstik, an ESG analyst.

Two research reports, "Intellectual Property and Security, the Elephant in the Room" and "The Case for Data Leakage Prevention,"concluded that enterprises need to improve the processes that define their intellectual property and put data leakage technologies in place to avoid a high profile data breach.

One area in need of improvement, according to the intellectual property study, is in the way data is classified by companies as intellectual property. One-third of the respondents said that they are ramping up attempts to protect their IP as a reaction to the high profile security breaches that have occurred in the last year.

Data security: Who's Had a Taste of Your Intellectual Property?: Here are the key ingredients to protecting your secret sauce. Hacker techniques use Google to unearth sensitive data: Those who know where to look could use Google to dig up all sorts of sensitive company information, including intellectual property and passwords, one security expert warns. PCI DSS auditors see lessons in TJX data breach: Following the recent TJX data breach, several PCI Data Security Standard auditors say the retailer violated basic requirements of the PCI DSS. But they say there are lessons to be learned from TJX's mistakes. Quiz: Preventing data leakage: A six-question multiple-choice quiz to test your understanding of the content presented by expert Richard Bejtlich in this lesson of SearchSecurity.com's Data Protection Security School.

In many cases defining intellectual property is a labor intensive and manual process, Olstik said. Many firms are conducting manual scans of file servers -- a process that could take up to 80 hours per quarter on IP discovery. It's so time consuming that it is becoming very costly, Olstik said.

The IP study found that 74% of respondents say their organization will spend more to secure electronic forms of intellectual property in 2007 than they did in 2006. While many organizations have a centralized process to classify information as intellectual property, more than 25% of respondents said their process needs improvement.

"Defining what is IP and what isn't IP is being done reactively and randomly in some cases," Olstik said. "A lot of enterprises lack a centralized process and many have inconsistencies and redundancies resulting in costs that aren't needed."

While high profile data breaches are a driver toward more spending to protect sensitive data, compliance and government regulations are also driving spending. The study found that 72% of respondents found government regulations and compliance the biggest motivators for protecting confidential data.

Connectivity between enterprises, their customers and their business partners also play factor in driving intellectual property concerns, Olstik said. Attackers are also getting more sophisticated and the threat from insiders is also raising concern about data protection, he said.

"Most people have to begin with a full risk assessment to discover what the risks are and develop a strategy to prevent data leakage," Olstik said. "Now it is clear that you have to spend money to protect yourself, because the cost of a breach is higher than the cost of the solution."

Tags: Identity Theft and Data Security Breaches,  Security Industry Market Trends, Predictions and Forecasts,  PCI Data Security Standard,  FISMA,  Enterprise Risk Management: Metrics and Assessments,  Business Management: Security Support and Executive Communications,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Identity Theft and Data Security Breaches Chip and PIN adoption serves lesson for U.S. payment industry Group to shed light on secure identity management threats Heartland CIO is critical of First Data's credit card tokenization plan Heartland CIO on end-to-end encryption, credit card tokenization Heartland CIO on PCI, E3 project Visa probes tokens, encryption for PCI card data protection University data breach exposes 163,000 women to identity theft TJX thrives following breach, bucks sour economy Security expert's PCI analysis misguided, says PCI Council GM External attacks start with unintentional mistakes, survey finds Security Industry Market Trends, Predictions and Forecasts M86 buys Web security gateway vendor Finjan Information Security Decisions 2009: Presentation downloads Bruce Schneier on outsourcing, awareness training Marcus Ranum on cyberwarfare, infosec careers McAfee survey finds faults in midmarket enterprise security Email archiving vendor sues Gartner over Magic Quadrant Information Security magazine October issue PDF Editor's Desk: Security 7 Winners Chronicle Trends That Shape The Industry Information Security magazine Security 7 Award winners Security Squad: Privacy gone awry Security Industry Market Trends, Predictions and Forecasts Research PCI Data Security Standard Chip and PIN adoption Chip and PIN adoption serves lesson for U.S. payment industry Heartland CIO is critical of First Data's credit card tokenization plan Heartland CIO on end-to-end encryption, credit card tokenization Heartland CIO on PCI, E3 project Wireless network guidelines for PCI DSS compliance Visa probes tokens, encryption for PCI card data protection Feds push cybersecurity jobs, PCI DSS changes ahead. Voltage, RSA spar over tokenization, data protection Experts, vendors search for PCI's holy grail

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) CISP-PCI  (SearchFinancialSecurity.com) cookie poisoning  (SearchSecurity.com) drive-by pharming  (SearchSecurity.com) extrusion prevention  (SearchSecurity.com) identity theft  (SearchSecurity.com) parameter tampering  (SearchSecurity.com) pretexting  (SearchCIO.com) Rock Phish  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary