Posted on Thursday January 16, 2020

The Crown Jewels of Manufacturing Trade Secrets

Maintaining a competitive edge in manufacturing demands protecting R&D, product designs, specifications and supplier contracts. But like it or not, manufacturing trade secret intellectual property leaks.

The nature of manufacturing necessitates sharing highly confidential information throughout the supply chain and to employees who may not necessarily be with your company forever. In the course of doing their work, those who touch confidential data continually use email, collaboration platforms, managed and unmanaged mobile devices, Slack, and even USB drives, making virtually every manufacturing enterprise porous.

Unfortunately the rate at which employees share outpaces the security team’s ability to patch the perimeter, block or quarantine information, and stop confidential data from leaving a company’s control. Realistically, manufacturing security teams must often balance protecting intellectual property with enabling high-speed production efficiency.

Common Tools Fall Short

For help, they frequently rely on some common tools that, while offering some valuable benefits, all share the same limitation: locking data down.

Data Loss Prevention (DLP): Scans and quarantines confidential information traversing the network. Once it leaves that environment, security teams can’t see, audit or control what others are doing with mission-critical data.
Cloud Access Security Broker (CASB) – Enforces security policies and blocks information leaving cloud applications (e.g., Box, Salesforce). However, when data is downloaded or moved offline, security teams lose all control of what happens next.
Digital Rights Management (DRM): Attempts data-centric security, but cumbersome user experience prevents enterprise-wide adoption and scalability.
Classification: Tags and classifies sensitive information shared from your business. A classifier can’t prevent an employee from downloading trade secrets and taking them to his/her next job.

These tools rarely work at the most critical moment, when people are working with the information. They can’t prevent an external supplier in Europe from saving a copy of proprietary designs and forwarding it to a competitor. And, once data moves past the DLP fence and CASB proxy, it’s in the wild, exposed.

Digital Guardian Secure Collaboration Keeps Manufacturing Trade Secrets Secure

Truly protecting data crown jewels requires shifting the security strategy to protect the data itself ―through its entire life cycle, everywhere it travels, no matter who has it or where it’s stored. The ideal data-centric security solution is characterized by five capabilities:

Securing all forms of data
Providing 360-degree visibility
Supporting dynamic data protection
Integrating with the existing IT ecosystem
Providing an invisible user experience

At Digital Guardian, we see how manufacturing security teams are leveraging data-centric security to automate their jobs and become value-driven enablers to the core business, by:

Automating secure trade secrets emailed to third-party suppliers. One of the most common workflows our manufacturers leverage is automatically securing all trade secrets sent to third-party suppliers over email. Using the products smart rules engine, all attachments sent to a supplier are automatically secured without requiring employees to take any manual steps. If data is ever forwarded to a third party that doesn’t belong to the intended domain, they’ll never be able to access it.

Preventing leaks, even after IP is downloaded from a manufacturer’s systems. Manufacturers store sensitive patents, trademarks, customer information and processes across multiple storage platforms: local file shares, Box, Dropbox, SharePoint, OneDrive, and more. Our secure collaboration functionality has built out-of-the-box integrations to automatically secure any file uploaded or downloaded from those platforms. That way, employees work exactly as they normally would, and Digital Guardian Secure Collaboration works seamlessly behind the scenes to protect the IP everywhere it moves. If data ever leaks or is downloaded, our solution's security stays with the file, making sure only authorized parties can access it.

Tracking proprietary R&D throughout the supply chain. Manufacturers leverage the products audit capabilities to understand exactly who is accessing R&D throughout the supply chain, to track all access attempts (authorized or not), and to get granular metrics on usage and adoption. Even if the file is removed and duplicated, security controls always stick to the data.

Revoking access to data kept by departing employees. Employees come and go. Sometimes they’re tempted to take proprietary designs to their next venture. Manufacturers employ the products Dynamic Data Protection to revoke access to any data a departing employee has appropriated throughout his/her employment—even when it’s moved to a personal account. In one click, all copies of secured designs are shut off.

Securing IP generated from home-grown apps. The products SDK enables automatic securing of machine-generated files and custom designs that are uploaded and shared from home-grown systems or third-party apps. That provides manufacturers with a powerful data security fabric for their entire ecosystem and extended enterprise.

With the innumerable ways precious IP can leak, securing it at the data level is really the only path to ensuring that the heart of any manufacturer’s core value and competitive viability remain intact.