Manufacturing IP Securely

There’s just no way to sugarcoat it. Manufacturers aren’t yet very savvy when it comes to securing the intellectual property that is crucial to their continued existences.

The good news though is that research and anecdotal evidence shows they are becoming more and more concerned about the ramifications of IP theft, but experts still feel that businesses are not doing their utmost to combat it.

For manufacturers, protecting IP requires a complex weave of technologies, policies and governmental support.

Certainly the technologies are available. Encryption, enterprise rights management and data loss protection products are being promoted to the businesses. But a survey last year by Microsoft found that many manufacturers – this time in the high-tech sector − weren’t using the tools they already had, never mind investing in new ones.

“What we learned was a good majority of classified and sensitive documents are in Word or Excel, yet very few companies are fully exploiting the capabilities of using digital rights management to mitigate the free flow of that Excel document to non-trusted parties,” says Microsoft’s Industry Solutions director Drew Gude. With Microsoft Office 2007 platform you can lock, restrict and assign rights to documents.

The relatively simple task of encrypting email isn’t being done either, the survey revealed. A high majority of respondents blithely said they collaborated with supply chain partners through non-secure web-based e-mail and personal instant messaging.

However John Dasher, director of product management at encryption specialist PGP, says that manufacturers – particularly those with offshore subsidiaries or partners − generally face special challenges.

US executives can’t always assume there is a high degree of technical sophistication on the receiving end of the information. Therefore manufacturers are loath to try and change communication to increase security for fear that such moves would disrupt their manufacturing processes.

“Another speed bump to wider adoption is that if you are working with a third
party offshore manufacturing company, how do you transfer information to a company whose infrastructure you do not control or have influence over?” asks Dasher.

Those challenges notwithstanding, the use of encryption in email and the rights capabilities in Office are just “some very low hanging fruit” that can help mitigate a good portion of the risk that they face, without too much disruption to business users and information workers in a company, says Microsoft’s Gude.

Some of the world’s biggest manufacturers do not realize that there are these easily accessible risk mitigating tools at their finger tips, he adds.

Safeguarding Secrets

“We’re definitely seeing a trend to customers being more proactive in protecting IP.  The increased need to globalize their development organizations, and mounting competitive pressures have placed a higher importance on safeguarding trade secrets,”
John Amaral, Vericept

Also on the technology front, DLP (data loss prevention) is making its way to the endpoint as characterized by the joint announcement by Cisco and EMC subsidiary RSA earlier this spring. Such integration will make IP protection more appealing to smaller companies who don’t have large IT operations. “Endpoint security, which as we know it today is primarily threat protection, will over time include encryption, DLP and key management,” says Charlotte Dunlap, an analyst with Enterprise Security Group.

Enterprise Security Group has a survey which concludes that nowadays manufacturers do realize what is at stake if their IP is compromised. The survey revealed that only about half of the respondents realized that an IP breach would lead to a loss of product/market advantage, a direct loss of profitability, missed business opportunity, or direct loss of revenue. “Research shows that the consequences of a data breach of intellectual property would have a dreadful effect from a competitive, financial, and organizational perspective,” says Dunlap.

DLP company, Vericept, sees other dire consequences also, such as reputational damage; and for public companies a decline in stock price and possible fees, fines, and lawsuits. However, the company’s CTO, John Amaral, sees a light at the end of the tunnel. “We’re definitely seeing a trend to customers being more proactive in protecting IP.  The increased need to globalize their development organizations, and mounting competitive pressures have placed a higher importance on safeguarding trade secrets,” he says.

Back at Microsoft, as it has a large manufacturing business, the company has to practice what it preaches, particularly with Xbox360. “We went from a commercial off the shelf model in the original Xbox to an actual IP driven Xbox360 where we designed and owned the silicon, so it was a big shift to running a fabless semiconductor business where our IP is the differentiator and the driver against Nintendo and Sony,” says Gude.

Nowadays, manufacturers are under constant pressure to innovate and to extend existing lines of product, so protecting IP should be at the top of the list, not just to IT but also to CEOs, he says, a sentiment echoed by Dave Drab, a security principal at Xerox Global Services.

The first and most important component of protecting IP is to have corporate leaders who value innovation and ideas, says Drab. “In a global economy, if you don’t recognize the urgency of not only creating ideas but also taking them to market, protecting them, and owning them in a global way, then you are going to end up being road-kill along the way,” he added.

Don’t Know What You’ve Got Until It’s Gone

A big problem for many manufacturers though is that they do not realize what
they have within their businesses that should and could be classified as a
‘trade secret’ and consequently they haven’t developed the internal policies to protect them.
“Many companies say something like ‘well all we do is make hotdogs.’ They don’t seem to realize that marketing plans and all sort of strategies around their products should be protected as trade secrets,” says Drab.

“You don’t have to have the algorithms for Google or the technology behind Intel’s chips to have trade secrets and information that is valuable to the competition” he adds.
High tech innovations can be patented but there are many processes and practices within manufacturing environments that have been honed through years of trial and error and it is most important that organizations categorize their trade secrets so that all that information – be it technical, financial or business – can be evaluated.

“A lot of companies I speak with really do not know what their competitive advantage is” says Drab. “Some manufacturers have been in business for years and they haven’t gotten their arms around what makes them competitive and gives them an advantage over their competitors. That means those companies are not spending enough time looking at their critical assets and what is important.”

Government and Robbers

“Governments must recognize that they will greatly benefit from strong IP policies, through attracting outside investment and encouraging innovation by domestic companies”

The final thread in the IP weave concerns the role of governments and the need for new laws – and the enforcement of existing ones – to punish IP thieves.

In a recent white paper, Innovation at Risk - Intellectual Property Challenges and Opportunities, SEMI, an association representing high-tech manufacturers, called for more government action against IP infringement and while it was talking specifically to its industry, the sentiments really apply to all in manufacturing.

“Governments must recognize that they will greatly benefit from strong IP policies, through attracting outside investment and encouraging innovation by domestic companies” said the document.

Protection of IP rights in some parts of Asia remains a serious problem, even though increasingly there is general agreement among many governments on the need to protect them.

The ideal is for SEMI to work with various government and international entities towards establishing common global practices and standards for IP rights protection.
“Finally I think we really have to rely on and depend on legislation, and for various governments to enforce laws that infringe on IP and IP theft,” says Microsoft’s Gude.

What’s hot on Infosecurity Magazine?