Data breaches, compliance drive intellectual property protection

Companies are bracing themselves for the next data breach, implementing technology and processes to protect intellectual property (IP) and other sensitive information in the wake of high profile data breaches.

The CEO is now reading about this stuff and is willing to fund initiatives to better protect data. Jon Olstik, analystEnterprise Strategy Group

Compliance is also driving adoption of data protection technologies, according to two studies conducted by the Milford, Mass.-based Enterprise Strategy Group (ESG).

The study on data leakage prevention found that more than one-third of organizations not using data loss prevention technology had information stolen from their databases within the last 12 months and that 30% of those data breaches impacted bottom-line revenues.

"The CEO is now reading about this stuff and is willing to fund initiatives to better protect data," said Jon Olstik, an ESG analyst.

Two research reports, "Intellectual Property and Security, the Elephant in the Room" and "The Case for Data Leakage Prevention,"concluded that enterprises need to improve the processes that define their intellectual property and put data leakage technologies in place to avoid a high profile data breach.

One area in need of improvement, according to the intellectual property study, is in the way data is classified by companies as intellectual property. One-third of the respondents said that they are ramping up attempts to protect their IP as a reaction to the high profile security breaches that have occurred in the last year.

Data security: Who's Had a Taste of Your Intellectual Property?: Here are the key ingredients to protecting your secret sauce. Hacker techniques use Google to unearth sensitive data: Those who know where to look could use Google to dig up all sorts of sensitive company information, including intellectual property and passwords, one security expert warns. PCI DSS auditors see lessons in TJX data breach: Following the recent TJX data breach, several PCI Data Security Standard auditors say the retailer violated basic requirements of the PCI DSS. But they say there are lessons to be learned from TJX's mistakes. Quiz: Preventing data leakage: A six-question multiple-choice quiz to test your understanding of the content presented by expert Richard Bejtlich in this lesson of SearchSecurity.com's Data Protection Security School.

In many cases defining intellectual property is a labor intensive and manual process, Olstik said. Many firms are conducting manual scans of file servers -- a process that could take up to 80 hours per quarter on IP discovery. It's so time consuming that it is becoming very costly, Olstik said.

The IP study found that 74% of respondents say their organization will spend more to secure electronic forms of intellectual property in 2007 than they did in 2006. While many organizations have a centralized process to classify information as intellectual property, more than 25% of respondents said their process needs improvement.

"Defining what is IP and what isn't IP is being done reactively and randomly in some cases," Olstik said. "A lot of enterprises lack a centralized process and many have inconsistencies and redundancies resulting in costs that aren't needed."

While high profile data breaches are a driver toward more spending to protect sensitive data, compliance and government regulations are also driving spending. The study found that 72% of respondents found government regulations and compliance the biggest motivators for protecting confidential data.

Connectivity between enterprises, their customers and their business partners also play factor in driving intellectual property concerns, Olstik said. Attackers are also getting more sophisticated and the threat from insiders is also raising concern about data protection, he said.

"Most people have to begin with a full risk assessment to discover what the risks are and develop a strategy to prevent data leakage," Olstik said. "Now it is clear that you have to spend money to protect yourself, because the cost of a breach is higher than the cost of the solution."