By Andy Kellett -
How do you value the intellectual property of your organisation, and perhaps more importantly, how do you ensure that once data/information that has a commercial value has been generated, it is properly protected from unauthorised publication?
Earlier in the week I was watching a flurry of e-mails with an attached copy of what was suggested to be Jamie Oliver’s latest book of cooking recipes as they crossed between private individuals and corporate e-mail mailboxes, which highlighted some of the problems involved in keeping information that has a real commercial value adequately contained.
This also illustrated a worrying and continuing trend amongst company employees who fail to understand that once information is allowed to leave an organisation via the e-mail system, or any other electronic communications channel for that matter, then all control and influence over how that information is used in the future has gone up in smoke.
Much the same as could happen with any one of Jamie’s recipes if the instructions are not followed correctly, and indeed, in this case more appropriately, the same that could happen to future revenues from the sale of a book that retails at around UK£20 if e-mail recipients choose to make free copies of the book rather than pay for the hard copy version at the local bookshop or supermarket. In this case, if the material is genuine, intellectual property may well have been passed onto a colleague or friend without malicious intent and without giving any thought to the commercial implications, and here is the problem. It is very difficult to control the actions and decision-making processes of all the individuals within an organisation. We can do the background work and ensure that policies are in place to inform employees about what is and what is not allowed, but without aligning the rules to the use of technology protection systems it is always going to be difficult to stop such information breaches from occurring.
The numbers and percentage figures vary, but it is generally accepted that around 70% of security breaches come from insider activity, yet most of the protection systems that we put in place protect against external attacks.
However, the majority of good quality e-mail protection and management systems now include protection against outbound data leakage, using rules-based interrogation facilities to ensure that critical corporate data can be protected. This is now also the case with a number of the blended – protect against everything – solutions that are finding significant favour within the security arena. Having said that, most of the outbound protection services are reasonably new and immature and may not cover all communications channels. You can after all only block off those channels that you know about – e-mail etc. – but what about the use of Instant Messaging (IM) and Peer-to-Peer (P2P), most organisations do not have adequate management and protection systems in place.
So when you receive your unsolicited copy of the Jamie Oliver cookbook, will you:
a). Delete the e-mail, because the source was unknown and the attachment could have contained something more threatening and far less appetising than a cookbook.
b). Read it and then go out and pay the author his dues by buying the hardcopy.
c). Accept the free gift and save UK£20.
d.) Throw it away because you cannot cook and having the book would be a waste of time and effort.
If the source of this particular information leakage had had the latest outbound protection systems in place the authors intellectual property could possibly have remained protected. It is often difficult to measure the Return On Investment (ROI) from the purchase of security products. However, it is sometimes easier to look at the cost of not having protection systems in place. In this case loss of sales revenue could well be that measure.
Source: Butler Group Blog
Leave a comment