A common conversation I have with my technology clients touches on patent protection as a security countermeasure against abuse of intellectual property. The short answer is that if you’re not DuPont or Roche, then patent protection is not going to help you very much. If you develop software , you are probably infringing someone’s patents as we speak.
Outside the chemical and pharmaceutical industries, the cost of litigation far exceeds the benefits of patent protection. (See “Patent Failure, How judges, bureaucrats and lawyers put innovators at risk”, Bessen and Maurer, Princeton University Press, 2008 pages 130-156, “The cost of dispute”)
There are also many classes of assets not protected by patents: new products in R&D phases, manufacturing process recipes, internal financials and information such as board of directors.This data is typically shared by many people in the company as well as with outsiders: customers, ontractors and researchers. Typically protected by NDA (non-disclosure agreements), a company can sue a person who leaks information, seeking damages. Even though the direct legal costs are high, the business costs of litigation for the company can be much higher, not to mention that you first you have to apprehend the discloser. Information leaks require managers and researchers to spend their time producing documents, testifying, strategizing with lawyers and appearing in court.
In this respect – Data Loss Prevention (DLP) technologies are an ideal tool to monitor for abuse or theft of IP over the network by an employee or outside contractor/business partner. The ability to detect the information leak and produce the forensics not only mitigates the risk but also provides the data you will need if you do have a violation and have to go to court.
The reason that DLP is perfectly suited for the IP abuse monitoring role stems from the fact that DLP is a data-centric security control, independent of users and rights management. From this perspective – it doesn’t really matter if you implement a network DLP solution (like Fidelis Security Systems or Websense) or an agent DLP solution (like McAfee and Verdasys). Like they say at Nike – Just do it!
Read more on data loss prevention solutions and by all means drop me a line and tell me what you think.