Intellectual Property Protection: Part 1
Intellectual property in loose terms means the output of original thinking. Intellectual property thus (among many other things) includes inventions, engineering, industrial and other types of designs, research data, artistic and literary works, symbols, designs, images, and names that are used for business purposes, and patents, copyrights and trademarks. From a practical perspective, intellectual property is any type of information that may prove of benefit to a company, but that is also likely to attract the interest of and potentially prove of benefit to that company’s competitors.
Over time the worth of an organization has increasingly been measured in terms of the intellectual property that the organization owns. According to several recent estimates, up to 80 to 90 percent of an organization’s worth is based on the intellectual property that it possesses. At the same time, however, protecting intellectual property is one of the greatest challenges that organizations generally face. Bluntly put, counterfeiters, pirates, and industrial espionage perpetrators are running amok. Anyone who doubts this ought to travel to countries such as China to see the incredible amount of illegal copies of movies, music and software that are available there at public places for a fraction of the legitimate price.
Fortunately, organizations do not have to fight to preserve intellectual property alone. The World Intellectual Property Organization (WIPO), an international intergovernmental organization, was established to guard the rights of intellectual property owners. WIPO’s Trade Related aspects of Intellectual Property (TRIPs) provides minimum standards for intellectual property protection and enforcement. TRIPs requires that every nation provide a minimum level safeguarding of intellectual property based on standards that are for the most part aligned with current international agreements. Additionally, laws in various countries such as the Digital Millennium Copyright Act (DCMA) in the US provide certain protections to copyright holders. Unfortunately, WIPO, TRIPs, and national laws alone are not anywhere nearly sufficient to provide the level of legal protection that intellectual property owners generally require.
Please recall an earlier blog posting of mine in which I argued for the need for a broader view of information security, one that views information security transcending IT security. Information security must recognize and mitigate not only conventional IT security risk, but also risk related to an organization’s information, regardless of the particular form (electronic, printed, spoken, and so on) in which that information exists. As most organizations’ ability to create and suitably handle intellectual property goes, so goes the organization. Intellectual property needs to be recognized and protected, and no function within any organization is more suited to do both than is information security.
The bottom line is that recognition of and protection of intellectual property represents a great but, unfortunately, until now mostly unrecognized area of opportunity for information security. Senior management of organizations would very much value a systematic effort to identify and safeguard information that fuels the business. I suspect that the reason that most information security practices have not immersed themselves in this endeavor is the widespread perception both within and outside of the ranks of information security functions that information security deals only with passwords, firewalls, system audit output, and policy. Information security functions could not only break away from this stereotype, but also greatly endear themselves with senior management by squarely taking on the issue of intellectual property protection.