The top secret recipe for Heinz Tomato Ketchup is thought to be known by only eight to ten people in the world; KFC’s original recipe chicken is seasoned with a secret blend of eleven herbs and spices that is held in a vault in its Louisville, Kentucky HQ; and the ingredients used by Coca Cola is a closely held trade secret known only to a few employees.
Yet, it’s not just multinational behemoths that hold dear valuable intellectual property (IP). From large pharmaceutical organisations to small family-run businesses, all now operate with business critical IP at the core of their operations and need to protect it. In fact, in today’s digital age, up to 80 per cent of the value of UK companies are made up of intangible assets such as their IP.
The task of protecting company secrets has been made increasingly difficult with the emergence of cloud-based sharing apps such as Dropbox and YouSendIt, and the ease in which information – including valuable IP – can be transferred via cloud-based social apps such as Facebook, Twitter and Skype.
Not every cloud has a silver lining
Cloud adoption and cloud-based file sharing are becoming increasingly popular among the general public; and the unauthorised private use of them within organisations is causing concern among CIOs. However, due to the bulk of security products being designed for an on-premise world, IT organisations are having a hard time keeping up. According to a recent survey conducted by Fruition Partners of 100 UK CIOs, 84 per cent believe cloud adoption reduces their organisation’s control over IT as they are so difficult to monitor.
There is no co-incidence that at the same time, breaches – and the stealing of valuable IP – has increased. A recent UK Government survey estimated that in 2014 58 per cent of large organisations suffered staff-related security breaches and that they account for almost a third (31 per cent) of the worst security breaches in the year. The average cost of such a cyber-security breach is substantial, with recent figures estimating it to be between £600k-£1.15m for large businesses and £65k-115k for SMEs.
Businesses need to step up to the challenge of managing the rise of cloud applications. Only by gaining greater visibility, analysis and control over them can businesses truly protect the IP that could be leaving the safety of the organisation at risk.
Controlling the exits
The simple truth is that all of your employees have a price. Whilst a quarter of employees would sell critical business data for the sum of £5,000, three per cent would be prepared to sell data for just £100 and a further 18 per cent if they were offered just £1,000. Most worrying of all, over a third of those surveyed (35 per cent) would sell confidential IP if the “price was right” so the dangers are real.
Because of this, it is important to manage and control any potential exit channels, including cloud applications, for your data. Whether the IP is industrial design rights, a secret recipe, trademarks or customer data, it is paramount that businesses protect their valuable IP securely with the new breed of security solutions that go beyond simply protecting the web gateway against those on the outside from breaching the organisation’s network perimeter to monitoring all users interactions when they access the internet or applications..
Now more than ever, organisations need to be able to monitor an individual’s use of corporate assets at the most basic level, regardless of whether users are in-office or mobile. Solutions such as cloud application control (CAC) solutions can provide businesses with this visibility and the ability to discover, analyse and control the information staff are accessing or sharing.
Once security solutions extend beyond the web gateway, they can address the fundamental gap that resides between traditional web security and cloud application control, thus securing the way in which we use apps today by ‘following the user’ to ensure no valuable IP is leaving the organisation.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.