I've read the recent news about intellectual property breaches at large companies and wondered if the need to protect this data is being blown out of proportion or if my company should be concerned about who has access to what on our network.
To those who say that protecting intellectual property (IP) isn't a high priority, I'd ask them where their organization would be without it. In today's competitive marketplace, IP sets companies apart from their competitors, giving them an edge in the marketplace. Recent breaches of intellectual property at large corporations demonstrate the value of IP and the need to know where IP is on the network and where it goes.
A recent survey by the Enterprise Strategy Group (ESG) found that one-third of enterprises surveyed acknowledge loss of sensitive data in the past 12 months and another 11 percent were unsure if such a breach had occurred.
Also, a new Ponemon study noted that nearly 60 percent of U.S.-based businesses and government agencies believe they are unable to effectively assess or quantify insider threat risks within their organizations, leaving them open to breaches of private data, failed audits, and potential fraud.
Clearly, companies need to define their IP, know where it is, and who has been accessing it. While this may seem like a daunting task, it's much better than the alternative of losing millions due to a breach. The ESG survey found that a portion of the problem with protecting IP lies in the way that companies secure and monitor sensitive data. Moreover, IP is still not treated with the same security precautions that are associated with personally identifiable information (PII), which falls more heavily under federal regulations.
While many people can easily define what falls under the PII umbrella (fixed formats like social security numbers and credit card information), defining IP leaves many, including security professionals, in the dark. Yet before an enterprise can protect its IP, it has to know what its IP is, where it is located, the ways in which it can leave the organization, and the best way to protect it. These steps seem easy enough, but dealing with them can be a challenge. Moreover, the ESG study found that IP can leave the network in many different ways. One-third of companies' sensitive data and IP exists in application databases where it can be centrally secured and managed. An additional one-third resides in file systems. This is contrary to past reports that indicated e-mail is the number one source of confidential data.
With company secrets unsecured on the network, it's no wonder that about 80 percent of companies identified the biggest threat to their data as internal, due either to malicious or negligent insiders or to faulty controls and oversight. What's surprising is that while nearly 60 percent believe IP is likely to leak out of their company via traffic such as email or the web, about 25 percent admit they are not inspecting such traffic.
The solution to this challenge is to define and detect IP by location and format. The best solutions should give organizations the chance to customize their own definitions of IP and identify it as it moves across the network. Clearly, random, manual inspections of IP, which is the method most used by those in the ESG survey, will not provide the level of protection needed. The ability to automate the detection of sensitive data in files, emails, databases, and shared portals is a critical step in protecting the data. When enterprises can automatically discover all their IP, when they can apply all their policies across all formats and all ports, they can do a better job of preventing data leaks.
John Peters has built a distinguished executive management career in Silicon Valley. As CEO of Reconnex, he is responsible for the leadership, strategic direction, and successful growth of the company and its employees. He has been CEO of several venture-capital backed companies including PocketThis, an application software provider to mobile carriers; Yipes Enterprise Services, an enterprise-focused provider of Ethernet network services within and between cities; Netli, a software-intensive network service business; and Sigma Networks, a provider of broadband metropolitan area services.