No, I don't mean you should be able to write a blockbuster series of books - but that you should protect your critical intellectual property (IP). Rowling protected the story line and ending of her book. You should be able to protect your designs, source code, patents-in-process, contracts and other sensitive digital assets.
According to a recent survey of 102 information security professionals by Enterprise Strategy Group, 74% of those surveyed will spend more (and 44% will spend significantly more) to protect their IP in 2007 than they did in 2006.
This increase in spending is driven by the need to comply with government regulations such as Sarbanes Oxley, HIPPA, GLBA, FISMA, and others, as well as the need to protect IP in conjunction with outsourcing (37% of respondents) and increased collaboration with business partners, suppliers, and customers (34% of respondents).
In addition, the larger an organisation, the more likely it is to be increasing its spending on IP protection to avoid costly and embarrassing public breaches of information security.
However, the challenge facing organisations looking to improve their IP protection is that most lack any form of automated processes to identify and classify their IP. Manual processes don't scale, are costly, and can't adequately ensure critical IP is in fact protected. New automated tools are required.
These new tools must be able to discover, classify, index, and report on what IP is in an organisation's network of servers, PCs, and document repositories so that organisations can apply appropriate protection policies to the information.
These automated discovery and classification tools should meet the following minimum requirements:
1. Broad Reach
The ability to crawl and analyse stored content on the most common repositories, including Windows file shares, NFS, EMC/Documentum stores, and others.
2. Robust Classification
The ability to detect IP using a variety of techniques, such as:
- Exact Match - Finding an original or exact copy of a document.
- By Example - Finding a derivative work of a document. For example, finding snippets of IP that have been cut/pasted into another document, have had words added/deleted, have had tense changed, and maybe even have had some words re-arranged.
- Search: The ability to include words, phrases, expressions, and concepts in search strings, and include/exclude searches of certain document types (eg, Word, Powerpoint, Excel, and more).
3. Flexible Protection
Once IP has been detected, a tool should be able to provide comprehensive reports, move/delete documents, and register documents so that exact matches or derivative works can be detected leaking out of the corporate network.
Additionally, a tool should be able to detect sensitive information and prevent it from being communicated via wireless or wired networks from laptops/desktop that are not connected to the corporate network (eg - while at Starbucks, at the airport, or at home). And finally, a tool should prevent the storage of information on removable media such as USB devices.
Fortunately, Data Loss Prevention technology exists today that meets or exceeds these requirements. Now is the time to begin evaluating which vendors provide the best fit for your needs.
JK Rowling's new book sold 8.3 million copies worth approximately $250 million in its first 24 hours. How many millions of dollars might have been lost if the story's secrets had been divulged? How much is your IP worth? Are you willing to risk the economic and competitive loss that could result if it leaks out of your organisation?
Peters is CEO of Reconnex. He has been CEO of several venture-capital backed companies including PocketThis, an application software provider to mobile carriers; Yipes Enterprise Services, an enterprise-focused provider of Ethernet network services within and between cities; Netli, a software-intensive network service business; and Sigma Networks, a provider of broadband metropolitan area services.