Intellectual Property Protection: Part 2
In my previous blog entry I raised the issue that intellectual property is the “bread and butter” of most businesses and that many information security practices have could add considerable value to the organizations they serve by stepping in to better identify and safeguard such information. Despite the importance of intellectual property to businesses, information security practices’ strategies, policies and standards too often omit any specific mention of intellectual property and the need to safeguard it. Don’t get me wrong—terminology such as “proprietary,” “sensitive, and “confidential” information runs rampant, but such terminology misses something that is very important, namely that some kind of information (intellectual property) is the company’s life blood. I thus highly recommend that information security practices initiate concerted efforts to locate such information, wherever it exists, and to initiate efforts to create and assign special levels of protection for it. Creating a special “intellectual property” classification for such information would serve as an excellent start.
Additionally, the area of competitive business intelligence is a good example of a yet largely untapped opportunity for information security practices. Information that reveals critical aspects of virtually any company’s profit status as well as business direction is generally freely available on the Internet. This information unquestionably comprises intellectual property, but too often senior management is not aware not only of the nature of such information, let alone how easy it is for the public (competitors very much included) to access. Internet-accessible information about potential purchases of real estate can, for example, reveal intentions of a retail chain to expand its presence in certain geographical locations, something that can tip off competitors and allow them to adjust their business strategies accordingly. Similarly, a training organization’s announcements of training courses on the Web can reveal information such as course fees and the maximum enrollment allowed, thus enabling competitors to estimate the gross yearly income of that organization. The possibilities are almost endless.
Competitive intelligence is a game that has both an offensive and a defensive side. What I fail to understand is how little organizations understand concerning the kind of information freely available on the Internet that allows their competitors to gain a competitive advantage against them. Given that the goals of information security include the protection of the confidentiality of information, the fact that more information security practices are not involved in this side of competitive intelligence is simply amazing to me. Alignment with business drivers, something that should characterize every information security practice, is not always an easy task. Competitive business intelligence stands in stark contrast, however. Suppose that information security functions started to identify intellectual property related to their organization that is freely available on the Internet, communicate the findings to senior management, legal, and others, and offer recommendations for mitigating the business risk exposure that the intellectual property’s unrestricted availability poses. I predict that the results would be dramatic—information security managers who attempted to help the business in this regard would not have to struggle so hard to obtain the funding and high-level management support that they need to fulfill other mainstream information security-related functions.
I have just scratched the surface of issues related to intellectual property. Stay tuned—more will follow in the future.