April 11, 2017|
Taking Trade Secrets Home: Cyber Lessons from a Former Product Engineer
Before I joined the security world, I was a lead product engineer for one of the largest consumer product manufacturers in the country. Since manufacturers hold more than 80% of U.S. patents, confidentiality was everything. But here’s the reality: our core designs were never truly secure or confidential. Each new technical employee received carte-blanche access to critical designs and formulations, and these were then shared with multiple third-party suppliers and vendors to execute on the project. While my team was laser-focused on protecting trade secrets, it wasn’t that difficult for a bad actor to take confidential data home or for one of our suppliers to download formulations, forward to a competitor and undo years’ worth of proprietary research.
Luckily, I’m now in a position to help manufacturing security teams solve this problem every single day. And, the solution is simple: by taking a data-centric approach, R&D teams can protect data and IP throughout the entire life cycle — even after it travels across an extended enterprise or moves offline.
Here are the top security concerns I hear from manufacturers and why a data-centric strategy solves them:
1.“I’m worried departing employees will take trade secret information.”
It’s critical for new technical employees to access trade secret designs, formulations, and manufacturing specs to build new technology. But how do you prevent them from taking those trade secrets to a competitor in the future? Most manufacturing security teams focus on protecting the perimeter or the location of where trade secrets reside. But, when an employee takes trade secrets home, no one knows! With data-centric security, these protections can follow your trade secrets throughout their life cycle. Our manufacturing customers especially love the ability to instantly revoke access to information departing employees have downloaded or removed from systems — it’s an effective strategy that immediately eliminates insider threats and leaks.
2.“We have an NDA in place. And classification tags… But that’s not enough.”
External suppliers receive hundreds of trade secrets a day. It’s part of the process — manufacturers must collaborate to execute on their designs. Although an NDA legally protects against known misuse, it’s nearly impossible to prove if highly confidential data was sent to a competitor. With a data-centric strategy, manufacturers can not only secure their designs, they can also audit and track who is looking at their data and from where in the world it’s being accessed. My customers especially love the ability to see and visualize all access points on a map and detect whether competitor domains are trying to open and misuse their trade secrets.
3. “Taking IP from our company would be as simple as downloading it onto a USB stick. Help.”
Employees store and access business critical IP daily from personal desktops. But how do you keep IP secure if taking it is as simple as downloading it onto a USB stick? Once IP is downloaded, no one knows where it’s going or who is using it. With a data-centric approach, security can follow and restrict competitors from accessing your IP wherever it goes and is stored in the world. Our manufacturing customers love that they can keep control over their most prized information, even if a copy is made and downloaded onto a USB stick.
From the conversations I’ve been having, these security concerns are not unique to any one specific manufacturer. As an engine of innovation, taking a data-centric security approach is by far the best for protecting trade secrets and keeping IP safe — without changing how your team works. I encourage you to think about your current security solutions and take a look at this infographic for more information.