the loss of intellectual property in the digital age: what companies can d…
TRANSCRIPT
![Page 1: The Loss of Intellectual Property in the Digital Age: What Companies can d…](https://reader036.vdocuments.us/reader036/viewer/2022070521/58f0506d1a28ab8c5b8b45cd/html5/thumbnails/1.jpg)
The Loss of Intellectual Property in the Digital Age:What Companies can do to Protect Themselves
Christopher Kranich
![Page 2: The Loss of Intellectual Property in the Digital Age: What Companies can d…](https://reader036.vdocuments.us/reader036/viewer/2022070521/58f0506d1a28ab8c5b8b45cd/html5/thumbnails/2.jpg)
The Digital Revolution
• People are now more connected– More information in less time– More often– Greater distances– Many security challenges for business
![Page 3: The Loss of Intellectual Property in the Digital Age: What Companies can d…](https://reader036.vdocuments.us/reader036/viewer/2022070521/58f0506d1a28ab8c5b8b45cd/html5/thumbnails/3.jpg)
Cyber-based Threats to IP
• Sources evolving and growing rapidly– Competitors– Malicious employees– Well intentioned employees– Criminal groups– Hacktivists– Foreign governments
![Page 4: The Loss of Intellectual Property in the Digital Age: What Companies can d…](https://reader036.vdocuments.us/reader036/viewer/2022070521/58f0506d1a28ab8c5b8b45cd/html5/thumbnails/4.jpg)
IP is Valuable
• Cost to design new projects or services– Engineers– Designers
• Cost to manufacture– Proprietary processes– Material sourcing– Pricing information
• Marketing costs
![Page 5: The Loss of Intellectual Property in the Digital Age: What Companies can d…](https://reader036.vdocuments.us/reader036/viewer/2022070521/58f0506d1a28ab8c5b8b45cd/html5/thumbnails/5.jpg)
New Work Locations
• From home• On The road• Businesses/public places• Security– More chances for deletion, theft of compromise• WiFi networks• Device theft of damage• Over the Shoulder• Co-mingling of the personal and the private
![Page 6: The Loss of Intellectual Property in the Digital Age: What Companies can d…](https://reader036.vdocuments.us/reader036/viewer/2022070521/58f0506d1a28ab8c5b8b45cd/html5/thumbnails/6.jpg)
Types of Devices
• Laptops• Theft, Over-the-shoulder, WiFi
• Smart Phones• Theft, WiFi, unpatched
• Tablets• Theft, WiFi, unpatched
• Desktops• Not updated, no virus protections
![Page 7: The Loss of Intellectual Property in the Digital Age: What Companies can d…](https://reader036.vdocuments.us/reader036/viewer/2022070521/58f0506d1a28ab8c5b8b45cd/html5/thumbnails/7.jpg)
More Data
• Large capacity• Smaller storage medium• Cheap• More cloud-based storage
• User can download a large amount of IP quickly
• Malicious or innocent intentions
![Page 8: The Loss of Intellectual Property in the Digital Age: What Companies can d…](https://reader036.vdocuments.us/reader036/viewer/2022070521/58f0506d1a28ab8c5b8b45cd/html5/thumbnails/8.jpg)
Reasons IP is Compromised
• Innocent Reasons– Work outside of office– Curiosity– Recovered IP
• Malicious Reasons– Do not like job– Sell IP for profit– Hacktivism– For fun
![Page 9: The Loss of Intellectual Property in the Digital Age: What Companies can d…](https://reader036.vdocuments.us/reader036/viewer/2022070521/58f0506d1a28ab8c5b8b45cd/html5/thumbnails/9.jpg)
Employee Views of IP
• Attribute ownership to the person who created it
• Cheap, easily moved, copied, and manipulated
• Okay to take with them to their next job
Symantec Report
![Page 10: The Loss of Intellectual Property in the Digital Age: What Companies can d…](https://reader036.vdocuments.us/reader036/viewer/2022070521/58f0506d1a28ab8c5b8b45cd/html5/thumbnails/10.jpg)
VW vs. GM
• Executives took 1000’s of pages• Photocopied in physical from– Secretary– Other Witnesses
• Carried out in boxes of briefcases• Lots of witnesses to IP removal• 100 million Dollar settlement
![Page 11: The Loss of Intellectual Property in the Digital Age: What Companies can d…](https://reader036.vdocuments.us/reader036/viewer/2022070521/58f0506d1a28ab8c5b8b45cd/html5/thumbnails/11.jpg)
Starwood vs. Hilton
• Over 100,000 files stolen– Starwood luxury concept• Hilton came up with their own version
– Board presentations– Market research studies– Valued at 1 million Dollars
• Downloaded to laptop– Easy to steal data– Quick, behind closed doors, portable
![Page 12: The Loss of Intellectual Property in the Digital Age: What Companies can d…](https://reader036.vdocuments.us/reader036/viewer/2022070521/58f0506d1a28ab8c5b8b45cd/html5/thumbnails/12.jpg)
What Companies Can Do To Protect Themselves
![Page 13: The Loss of Intellectual Property in the Digital Age: What Companies can d…](https://reader036.vdocuments.us/reader036/viewer/2022070521/58f0506d1a28ab8c5b8b45cd/html5/thumbnails/13.jpg)
Encrypt Data
• VPN
• Full-disk encryption
• USB sticks
• Emails and attachments
![Page 14: The Loss of Intellectual Property in the Digital Age: What Companies can d…](https://reader036.vdocuments.us/reader036/viewer/2022070521/58f0506d1a28ab8c5b8b45cd/html5/thumbnails/14.jpg)
Mobile Device Management
• Common for employees to bring their own device (BYOD)
• Poses many security challenges– Corporate data vulnerable to theft, damage, or
deletion– Hard to keep track of– Corporate data and personal data on same device
![Page 15: The Loss of Intellectual Property in the Digital Age: What Companies can d…](https://reader036.vdocuments.us/reader036/viewer/2022070521/58f0506d1a28ab8c5b8b45cd/html5/thumbnails/15.jpg)
Software Solutions
• MobileNow• MobileIron• Zenprise• IBM• Symantec• Airwatch
![Page 16: The Loss of Intellectual Property in the Digital Age: What Companies can d…](https://reader036.vdocuments.us/reader036/viewer/2022070521/58f0506d1a28ab8c5b8b45cd/html5/thumbnails/16.jpg)
Customizable Device Policies
• Control which device features and built-in apps can be used
• Specify what the authentication requirements are
• Apply specific policy sets to specific groups of users– Time, roles, types of data, location
![Page 17: The Loss of Intellectual Property in the Digital Age: What Companies can d…](https://reader036.vdocuments.us/reader036/viewer/2022070521/58f0506d1a28ab8c5b8b45cd/html5/thumbnails/17.jpg)
Jailbroken or Rooted Devices
• Pose a big security risk– Unstable or not updated
• Detect these devices• Enforce greater controls for them– Lock or wipe– Ban from network– Approved apps– Vpn– Device kept up-to-date
![Page 18: The Loss of Intellectual Property in the Digital Age: What Companies can d…](https://reader036.vdocuments.us/reader036/viewer/2022070521/58f0506d1a28ab8c5b8b45cd/html5/thumbnails/18.jpg)
Centralized Updating
• Update OS and apps remotely– Convenient and easy
• All devices patched at the same time– All devices on same footing– Eliminates specific vulnerabilities
![Page 19: The Loss of Intellectual Property in the Digital Age: What Companies can d…](https://reader036.vdocuments.us/reader036/viewer/2022070521/58f0506d1a28ab8c5b8b45cd/html5/thumbnails/19.jpg)
Applications
• App blacklisting
• Block and revoke any apps from any user
• Track usage
• App-to-app encryption
![Page 20: The Loss of Intellectual Property in the Digital Age: What Companies can d…](https://reader036.vdocuments.us/reader036/viewer/2022070521/58f0506d1a28ab8c5b8b45cd/html5/thumbnails/20.jpg)
Email Features
• Ability to encrypt attachments
• Prevent unauthorized copying and forwarding
• Restrict sharing of attachments to certain apps
• Specify attachment file types to encrypt
![Page 21: The Loss of Intellectual Property in the Digital Age: What Companies can d…](https://reader036.vdocuments.us/reader036/viewer/2022070521/58f0506d1a28ab8c5b8b45cd/html5/thumbnails/21.jpg)
Data Storage
• Storage all data in a home directory– Persisitent and centralized location– Easy to set up automatic backups– Easy to selectively distribute data– Easy to track data and wipe if neccesary– Can have multiple clients• Different platforms accessing the same directory
![Page 22: The Loss of Intellectual Property in the Digital Age: What Companies can d…](https://reader036.vdocuments.us/reader036/viewer/2022070521/58f0506d1a28ab8c5b8b45cd/html5/thumbnails/22.jpg)
Data Access Restrictions
• Geofencing– Data only accessible in certain locations– Prevents data from being accessed off site or an
area of the office • Time-Based– Data only accessible at certain times• When employees are working• When a project is active
![Page 23: The Loss of Intellectual Property in the Digital Age: What Companies can d…](https://reader036.vdocuments.us/reader036/viewer/2022070521/58f0506d1a28ab8c5b8b45cd/html5/thumbnails/23.jpg)
Remote Lock, Locate, and Wipe
• Lost or stolen
• Infected with malware
• User leaves company
![Page 24: The Loss of Intellectual Property in the Digital Age: What Companies can d…](https://reader036.vdocuments.us/reader036/viewer/2022070521/58f0506d1a28ab8c5b8b45cd/html5/thumbnails/24.jpg)
Data Leakage Prevention
• Deep content inspection
• Reads data to find high value IP
• Does not prevent attacks
• Limits accidental deletion or moving
![Page 25: The Loss of Intellectual Property in the Digital Age: What Companies can d…](https://reader036.vdocuments.us/reader036/viewer/2022070521/58f0506d1a28ab8c5b8b45cd/html5/thumbnails/25.jpg)
Data Leakage Prevention
• System figures out sensitive data on it’s own
• Logs moving, copying, and deleting
• Prevents user from emailing data out by making it read only
• Requires fine tuning
![Page 26: The Loss of Intellectual Property in the Digital Age: What Companies can d…](https://reader036.vdocuments.us/reader036/viewer/2022070521/58f0506d1a28ab8c5b8b45cd/html5/thumbnails/26.jpg)
Attribute-Based Access Control
• Grants access based on attributes– Location– Authentication method– Deviation from the norm– Type of data– Time of access
![Page 27: The Loss of Intellectual Property in the Digital Age: What Companies can d…](https://reader036.vdocuments.us/reader036/viewer/2022070521/58f0506d1a28ab8c5b8b45cd/html5/thumbnails/27.jpg)
Cloud Storage Solutions
• Data integrity
• Access is controlled
• Data must be available when needed
![Page 28: The Loss of Intellectual Property in the Digital Age: What Companies can d…](https://reader036.vdocuments.us/reader036/viewer/2022070521/58f0506d1a28ab8c5b8b45cd/html5/thumbnails/28.jpg)
Cloud Storage Solutions
• Policy for backing up data• Data is encrypted in storage• Data is sent to facility securely• Data is backed up regularly• Data is kept in multiple locations
![Page 29: The Loss of Intellectual Property in the Digital Age: What Companies can d…](https://reader036.vdocuments.us/reader036/viewer/2022070521/58f0506d1a28ab8c5b8b45cd/html5/thumbnails/29.jpg)
Employee Training
• Protect credentials
• Good passwords or passphrases
• Social engineering
• Alerting IT
![Page 30: The Loss of Intellectual Property in the Digital Age: What Companies can d…](https://reader036.vdocuments.us/reader036/viewer/2022070521/58f0506d1a28ab8c5b8b45cd/html5/thumbnails/30.jpg)
Basic Security Principles
• Log activities• Set up alerts• Use IDS system• Set up firewalls on internet connections• Control physical access
![Page 31: The Loss of Intellectual Property in the Digital Age: What Companies can d…](https://reader036.vdocuments.us/reader036/viewer/2022070521/58f0506d1a28ab8c5b8b45cd/html5/thumbnails/31.jpg)
Basic Security Principles
• Set up user accounts
• Give users their own account
• Provide the minimum amount of access needed
![Page 32: The Loss of Intellectual Property in the Digital Age: What Companies can d…](https://reader036.vdocuments.us/reader036/viewer/2022070521/58f0506d1a28ab8c5b8b45cd/html5/thumbnails/32.jpg)
Questions and Comments