Running for IP Cover

By Lisa Vaas  |  Posted 2007-05-07 Print this article Print

In the wake of data breaches, a new survey notes plans to protect intellectual property.

In the wake of incidents such as the TJX Companies massive data breach, reported in January, it shouldnt come as a surprise to find that 90 percent of companies plan to plug in new technology to secure electronic copies of intellectual property in the coming year. That was one finding of a report issued on March 5 from Enterprise Strategy Group titled "Intellectual Property Rules." ESG surveyed 112 organizations, each with more than 1,000 employees, for the report.
The ESG survey—sponsored by information protection company Reconnex—is the first in a quarterly series on the topic.
One of the findings that surprised ESG was how big the IP problem is, according to Eric Ogren, a security analyst for ESG, in Milford, Mass. Top priorities Protecting PII(personally identifiable information) such as credit card numbers and Social Security numbers is not actually the top priority with most organizations, Ogren said. "We asked upfront, What do you consider to be intellectual property?" he said. "What they want to protect is financial information, contracts and agreements. Only after that is PII." Other IP that companies are looking to protect include—in order of reported priority—source code, competitive intelligence, internal research data, design specifications, customers PII, trade secrets, CRM (customer relationship management) databases and patent documents. Whats tough about protecting such data is that it comes in so many different forms. Much of it doesnt fit into a neat fixed format, as would Social Security numbers or credit card numbers, for example. Instead, it comes from all over the network). "If you think e-mail is your only issue, youre only solving 20 percent of the problem," Ogren said. Tremendous resources are being spent to search for networked IP, Ogren added, in terms of both manual and automated procedures. According to the report, 78 percent of those surveyed search for electronic versions of IP at least once per quarter. "[This] is a major investment of time and resources," Ogren said. "Its in many different forms, in many different places, communicated with many different protocols." As for the biggest perceived threat when it comes to data loss, malicious or sloppy insiders scare survey respondents the most. Twenty-four percent of respondents pointed to malicious insiders as the biggest threat to their IP falling into the wrong hands, while 34 percent feared that the problem lies with negligent insiders— Employees who just want to do their jobs but dont understand the risk of IP stored on their laptops, for example. Only 20 percent of respondents think that hackers are their biggest threat in this regard. The balance of threats is seen as coming from lack of security oversight (17 percent) or lack of distribution control (5 percent). The ESG report puts forth four best practices for leakage protection. First, ESG recommends enterprises define comprehensive requirements for IP and PII at the same time. Protecting against leakage of one protects against leakage of the other, the company maintains. Its also necessary to segregate IP protection duties, according to ESG. That means empowering security teams to provide independent oversight of operations, including monitoring insider use of information. ESG also suggests automating discovery of IP, to cut down on the time and money currently being devoted to discovery. Finally, ESG recommends network-based solutions over distributed endpoint software. "I dont think endpoint software is going to solve it—it cant reside in all the places IP resides," Ogren said. Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.
Lisa Vaas is News Editor/Operations for and also serves as editor of the Database topic center. Since 1995, she has also been a Webcast news show anchorperson and a reporter covering the IT industry. She has focused on customer relationship management technology, IT salaries and careers, effects of the H1-B visa on the technology workforce, wireless technology, security, and, most recently, databases and the technologies that touch upon them. Her articles have appeared in eWEEK's print edition, on, and in the startup IT magazine PC Connection. Prior to becoming a journalist, Vaas experienced an array of eye-opening careers, including driving a cab in Boston, photographing cranky babies in shopping malls, selling cameras, typography and computer training. She stopped a hair short of finishing an M.A. in English at the University of Massachusetts in Boston. She earned a B.S. in Communications from Emerson College. She runs two open-mic reading series in Boston and currently keeps bees in her home in Mashpee, Mass.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel