Several years ago, Flextronics was struggling with a thorny security issue: figuring out how to prevent sensitive and proprietary information from going astray once it was in the hands of authorised users.
Like most large enterprises, the global manufacturing services firm had built strong defenses against attacks from the outside, according to Brian Bauer, who was vice president of global IT strategy at the time. Even so, the company's defenses didn't necessarily apply to employees, customers and contractors.
One of the sticking points was ensuring that customers and contractors gained access only to the parts of Flextronics databases that applied to their projects. The company designs and builds products for some of the world's leading router, video game and medical device companies, many of which are rivals.
Bauer's group also needed a way to prevent, or at least deter, design engineers from leaking valuable and sensitive information, says Bauer, who is currently managing partner at information services consulting firm Bauer & Associates. In his experience, about 70% of data losses are due to mistakes, not deliberate theft, he says.
Flextronics' IT group initially tried to "lock everything down" by prohibiting employees from including sensitive information in a wiki or blog post, bringing flash drives or cameras to work, or even using the Internet, says Bauer. Not surprisingly, this irritated engineers, who complained that they couldn't get the information they needed to do their jobs.
The company's ended up turning to an enterprise rights management (ERM) platform that combines a policy engine with data loss prevention and information rights management, NextLabs' Enterprise DLP.