Protecting Intellectual Property with Data Loss Prevention
When talking about data protection, there is an increasing tendency to refer to personally identifiable information (PII), protected under the new wave of data protection legislation such and the California Consumer Privacy Act (CCPA) and the EU’s General Data Protection Regulation (GDPR). And while PII protection is paramount for company reputation and the avoidance of fines, there is another category of data that is just as important for organizations’ well-being: intellectual property.
Many companies nowadays have innovation and creativity at their core, and it is these intangible assets that allow them to profit and compete in their respective markets. Depending on the sector, intellectual property can mean different things. For tech companies, it can take the form of patents or proprietary source code. For businesses in the entertainment sector, it can be audio or video files.
Intellectual property is often interlinked with company profit. Taking the previous examples, an innovative product gives IT developers a competitive edge, whereas the lawful sale of audio and video content or being a trustworthy link in the production chain of that content is how many entertainment companies make their money. The theft or public release of intellectual property can, therefore, be fatal to not only an organization’s bottom line but its continued existence.
Because of its value, intellectual property is often targeted by malicious outsiders, competitors, or insiders looking to profit when they move on from a company. In some cases, the stolen data is publicly released for mass consumption or use. This can spell disaster for developers: once public, source code can be searched for vulnerabilities, and products can thus be copied, manipulated, and hacked more easily. For businesses in the entertainment industry, it means they can lose the trust of organizations such as the Motion Picture Association of America (MPAA) that are responsible for assessing vendors for the world’s biggest film studios.
Data Loss Preventions (DLP) solutions offer a way for companies to protect the information that is most important to them. And not just the PII they are obligated to protect as part of compliance efforts with data protection regulations, but also intellectual property.
Finding Intellectual Property
The best DLP solutions on the market do not come only with predefined policies for the most common types of protected data such as PIIs. Instead, they allow companies to define what sensitive data means to them, customizing policies so they can be applied to intellectual property.
Defining intellectual property as protected data in DLP solutions can be more difficult depending on the type of information involved. While keywords can work for certain types of documents and file types are often enough to identify audiovisual content, source code for example, which uses programming languages and can be copy-pasted into a number of file types, can be problematic. However, some DLP tools, such as Endpoint Protector, have developed new ways of detecting source code, by implementing N-gram-based text categorization which greatly improves the accuracy rate of source code detection, as much as 98% in the case of some programming languages.
Once these custom definitions are set up, DLP tools can search hundreds of file formats for the defined content, discovering intellectual property documents and files, monitoring, and controlling their transfer.
Monitoring Intellectual Property
For companies to effectively protect intellectual property, they must know where it is found on their network and how it is being accessed and transferred by employees. Using custom policies, organizations can monitor intellectual property, track how it travels in and out of their networks, and log its every movement.
Data monitoring allows companies to discover vulnerabilities in their handling of intellectual property as well as weak security practices among employees. In this way, they can make informed decisions, targeting specific areas for security improvements and, at the same time, saving money. They can also better train employees by addressing known issues they face on a daily basis.
Securing Intellectual Property
DLP tools’ primary purpose is to secure sensitive data. This means that through them, companies can not only discover and monitor intellectual property but also effectively limit or block its transfer and use. Powerful data at rest scanners allow organizations to search their entire network for intellectual property and take remediation actions to ensure the data is either deleted or encrypted when it is found in potentially vulnerable locations.
DLP solutions can block the transfer of files containing intellectual property entirely or limit it to whitelisted destinations such as other company email addresses or services. The opposite route can also be taken: to curb the persistent use of channels not considered secure, companies have the choice to blacklist them while allowing employees the freedom to transfer data through other services.
Removable devices are also problematic when it comes to intellectual property protection. If file transfers over the internet are blocked, nothing stops a user from locally transferring files onto portable devices such as USBs, external drives, or even phones. DLP tools can block USB and peripheral ports or allow only company-issued devices to connect to a computer.
For an added layer of protection, encryption can be enforced on all devices connected to endpoints before data is transferred to them. This means that any files copied onto removable devices will be automatically encrypted, allowing access only to those with a password. Intellectual property can thus be protected when data is copied onto USBs for legitimate reasons such as offsite presentations or remote work.
In many cases, intellectual property is what makes a company unique. It’s how it stands out among its competitors or cuts a new slice for itself in an existing market. It should, therefore, be protected just as adamantly as personally identifiable information, if not more. After all, while data breaches can be mitigated, although at a high financial cost, losing its competitive advantage can spell an organization’s downfall.
Download our free ebook on
Data Loss Prevention Best Practices
Helping IT Managers, IT Administrators and data security staff understand the concept and purpose of DLP and how to easily implement it.