Manufacturers create competitive advantages by developing unique capabilities or processes. Naturally, these proprietary methods remain secret so they can’t be copied by competitors. As companies rely more on remote employees, contractors, and complex supply chains, their know-how and intellectual property (IP) becomes more distributed and exposed to risk. To mitigate this risk, organizations need consistent data protection across many different sources and a variety of data types, none of which are easily supported by legacy data loss protection (DLP) solutions.
Legacy solutions are based on architectures that were developed 15 years ago when content inspection was the only solution to classifying content and determining where it should, and, more importantly, should not, be. These products were also designed for an on-premise world with a rigidly defined and protected network perimeter, and the advent of the cloud has revealed the shortcomings of this outdated approach, leaving companies exposed to rapidly growing data security risks.
Intellectual Property Has Many Faces
IP can come in almost any form and can be as unique as the individual business. It can include product designs, plant schematics, a manufacturing process, drug trial data, or a paint formula. Proprietary business information might include a geological survey of shale oil deposits, merger plans, information about business negotiations and strategies, or copyrighted data, such as source code for data analytics.
These types of data and intellectual property are often in unique and abstracted formats that are not easily identified by typical text-based patterns, which is the primary means by which legacy DLP products identify sensitive data. For example, an image of a design element for a product can be expressed in numerous ways. Its original format might be in a computer-aided design (CAD) file, but after that, it could show up as a computer-aided manufacturing (CAM) file, then a PDF, and eventually a GIF or JPEG incorporated in an MS Office document. All these different versions of the file may represent the same sensitive asset and require recognition and protection in all its variations.
This list can easily expand to include other documents that have strategic value but often fail to be properly protected or tracked, such as:
- financial results
- board minutes
- legal documents
- partnership agreements
- strategic plans
- consulting reports
- business and pricing models.
Why Not DLP?
DLP was designed for recognizing text patterns, specifically in compliance scenarios such as preventing credit card and social security numbers from leaking. Since the content structure of intellectual property varies greatly from organization to organization, it becomes prohibitively difficult to establish rules to identify the sensitive data and block risky exfiltration events. DLP tools are typically unable to relate the necessary context to the blocking rules based on content inspection alone.
Blocking the Known Vs. the Unknown
DLP relies on establishing rules to block “known” sensitive data from being exfiltrated. But when it comes to IP, the “known” keeps changing as new ideas are developed and new collaboration apps and storage options are adopted. We are all sharing information while Zooming and leaving information where others can easily access it. As new IP is developed or modified, it is nearly impossible for DLP policies to keep up. DLP does not have the context to recognize intellectual property, and once IP has been successfully exfiltrated, DLP does not have any log records to track down what happened. Most implementations simply lack the capabilities necessary to truly protect intellectual property.
Policies Take Time
DLP products also require a significant initial investment in time by an organization’s staff and consultants. Then, it requires continuous tuning to react to the constant changes found in dynamic organizations today. In an era when many IT and security teams are already overwhelmed and drowning in too many tools, these additional demands make it almost impossible for manufacturers to deploy DLP solutions.
Building DLP policy around data movement is becoming even more challenging. While DLP works for compliance, it has never been designed for intellectual property. It may be completely unaware of evolving business practices and the ever-growing number of cloud apps that employees rely on.
DLP Fails to Detect and Prevent Insider Threats
Manufacturing businesses are a nexus of proprietary information from suppliers, partners, and customers. According to the 2020 Verizon Data Breach Investigations Report, internal errors and abuses now account for more breaches than malware.
Some breaches are malicious, for example:
- the communications manager who leaks early designs by bypassing secure file sharing and emailing files as attachments using personal webmail
- the developer who has taken a new job at a competitor and copy/pastes source code from a secure repository into an encrypted local file and then uploads it to cloud storage.
Others are due to carelessness, such as:
- the logistics manager who casually sends an email to the wrong person
- the product designer who feels she needs to share information just to get her job done by using unauthorized applications
- the developer who puts sensitive files on a USB stick so he can work on another device.
These actions put sensitive data at risk and could threaten a company’s future. Companies are rarely eager to publicize or report instances of IP theft due to the potential damage to their brand image and reputation. High-profile incidents of IP theft can significantly impact:
- credit ratings
- brand reputation
- first-market advantage
- entire business lines.
Dynamic Data Tracing—A New Approach to Data Protection
Other solutions that go far beyond traditional DLP solutions to leverage data lineage to reveal how data transforms through its life cycle across interactions with users and applications, providing visibility into how it was created and every time it was subsequently shared, copied, or modified. This ensures organizations can always protect any type of content without requiring manual classification or introducing friction into the supply chain.
With the right tools, teams can audit and control the flow of sensitive data and proactively identify risky data-sharing events and users to prevent leaks, mistakes, and industrial espionage, all without disrupting the flow of legitimate work.
Senior Sales Engineer, Cyberhaven