SOURCE: Reconnex

November 12, 2007 08:00 ET

Intellectual Property Being Lost Due to Undefined Business Processes

New Survey Reveals That Organizations Rely Heavily on Partners but Do Not Have Controls to Safeguard Information

MOUNTAIN VIEW, CA--(Marketwire - November 12, 2007) - Reconnex, the leader in data loss prevention appliances, today announced the findings of a new survey that reveals what large organizations are doing to ensure they securely share their Intellectual Property (IP) with external constituencies. The Enterprise Strategy Group (ESG) survey is detailed in a brief titled "Extending Intellectual Property Protection Beyond the Firewall," sponsored by Reconnex. The survey revealed that although 66 percent of respondents' organizations share a moderate to substantial amount of IP with business partners, 46 percent have no standard policies and procedures for classifying data as IP across the entire organization. Furthermore, even as organizations plan to expand their IP sharing practices over the next two years, they admit to seldom reviewing partner access policies, thus greatly increasing organizational and business risk.

"Expanding Intellectual Property Protection Beyond the Firewall" is based on responses from security professionals at North American-based organizations with 1,000 to more than 20,000 employees. Following are the survey's key findings:

--  Only 41 percent of respondents work at organizations that have a
    formal process to determine which IP can be shared.
--  IP sharing relationships are not reviewed very often.  Only 42 percent
    said their organization reviews the access and usages policies that apply
    to their business policies more than once per year.
--  64 percent are confident that their security department is aware of
    all business partners who have access to IP, but only 54 percent are
    confident that their organizations know the specific IP that business
    partners can access.
    

"Although more large organizations are sharing IP with business partners each day, secure sharing depends on tight controls for IP classification, access, and policy compliance, as well as on knowledge of who is allowed to access which IP," said Jon Oltsik, senior analyst at the Enterprise Strategy Group and the author of the brief. "The IP protection survey shows many organizations are deficient in these areas. Employees may unwittingly share private data, or may misclassify IP for financial gain. The fact is that without consistent definitions of IP and a standard set of policies and processes, there is simply too much room for abuse and human error."

Inconsistencies, Lack of Standards Lead to Problems

Many different groups within an organization are involved in classifying data as IP, including legal and line-of-business management (both mentioned by 51 percent of respondents), IT (46 percent), executive management (45 percent), and others. Each of these has a role to play, but the data suggests that with so many groups involved, each with limited oversight or accountability, IP classification can be lengthy, inefficient, and fraught with overlapping tasks and finger pointing. While the majority of respondents said their organization reviewed IP access and usage policies at least once a year, 27 percent said a review took place once a year or never -- or were not aware of any policy reviews.

Lacking unified tools or processes, security professionals monitor and enforce IP sharing policies any way they can. Organizations tend to monitor their access, usage, and other security policies in multiple ways, using old standby methodologies such as firewall, application, and network device logs, and security event/incident monitoring [SIEM] that only give a partial picture of what is happening. Only 17 percent of respondents said their organization uses network-based data leakage prevention (DLP) appliances to get a complete view of the movement of IP across the network.

Tips for Secure IP Sharing

ESG concludes the survey with practical recommendations for how organizations can improve the way they share IP with business partners:

--  Establish a standard enterprise process that takes the guesswork out
    of IP classification.  Develop institutional guidelines and formal review
    processes that consider both business and legal requirements of information
    sharing.
--  Tightly control IP access by tightly mapping IP access to a set of
    rules for business partners.  Institute a procedure for developing
    exceptions that may be required to meet dynamic business needs.
--  Monitor the access patterns of business partners to help spot abuses
    and lower risk, as well as to fine tune external communication based on the
    analysis of access patterns and partner feedback.
--  Centralize IP management with standard classification, access, and
    management tools to overcome lack of control.
    

To download "Extending Intellectual Property Protection Beyond the Firewall," please visit http://www.reconnex.net/docs/ESG_ExtendingIPProtection_Oct2007.pdf.

About Reconnex

Reconnex's award-winning data loss prevention appliances are designed for any organization -- including enterprises, government agencies, or educational institutions -- that wants to protect its brand, maintain compliance, or secure sensitive information. Reconnex delivers accurate protection against known data-loss threats and provides the only solution that automatically learns of and defends against new threats as they evolve. A privately held company based in Silicon Valley, Calif., Reconnex protects information for over one million users today.

For more information about Reconnex, please visit www.reconnex.net or call 866-940-4590.

Contact Information

  • Contact Information
    Kristin Kiltz
    Engage PR
    510-748-8200 ext. 204
    Email Contact