The manufacturing industry thrives on collaboration with third-party contractors, vendors, and other partners in the value chain. While collaboration is necessary, what happens to confidential information once it leaves the confines of an organization’s firewall and security infrastructure? The hope is that the recipients of the document — whether it be a blueprint, technical specification or proposal — have the proper security standards in place so documents don’t get in the hands of the wrong people. Hope, however, is no longer a viable strategy. When it comes to something as important as protecting intellectual property, a comprehensive approach must be taken to improve the security of sensitive information without hindering collaboration.
While financial and healthcare institutions seem to own the headlines as it relates to data breaches, manufacturers hold an incredible amount of intellectual property, making the industry a prime target. In fact, it has come to light that in early 2016 technical trade secrets were stolen from the steel production and manufacturing plant design divisions of ThyssenKrupp AG. The Stack reports that attackers conducted an exfiltration of "data records from multiple business units before [their activity] was discovered and stopped." The article goes on to say, according to a statement from Martin Hölze, CIO at ThyssenKrupp, the company had been the target of a “very professional hacker attack since February” and the breach was executed through hidden backdoors in the IT systems which were used to gain access to the steel giant’s valuable intellectual property. This is just one of many examples of why all companies — including those in the manufacturing space — need to be ready.
Going Beyond the Network and Protecting Information Wherever it Travels
Given industry regulations and the increased media attention on data breaches, most organizations are taking steps to increase their cybersecurity posture by protecting their network and devices. While this an important first step, it cannot be the only step taken. Protecting information that travels outside the corporation must also become a priority. However, the increased use of outsourcing, along with growing use of unmanaged devices and file sharing services, makes protecting information a very difficult feat.
In today’s landscape, it’s not if, but rather when the wrong person gets ahold of information that was not meant to be shared. It can be as simple as a disgruntled employee or a sales associate hitting forward mistakenly – and within moments differential pricing can get forwarded on to a competitor.
To avoid these disastrous data breaches, many leading manufacturing companies are taking a data-centric approach to security. In addition to data-loss prevention (DLP) solutions, organizations are now adding enterprise rights management (ERM) solutions to their information security framework. ERM enables the organization to ‘wrap’ a sensitive document with persistent, granular controls. Using ERM, document owners can control who can access the document, what that recipient can do with the document (view, print, cut/paste, screen share, etc.), from which location or device, and for how long.
How to Achieve a Data-Centric Approach to Security
A recent study from Enterprise Strategy Group (ESG) was undertaken in order to evaluate the challenges, best practices, and solution requirements for securing data that is shared externally. ESG spoke with 200 IT security professionals who hold purchase decision-making authority or influence for data security technology products and services.
The study found that the loss of intellectual property specifically is a top of mind concern, and is assumed to be happening. Not only did 98 percent of respondents cite the loss of sensitive data as a top or significant concern, but many also indicated it was very or somewhat likely that their organization has already lost data via a variety of ways in the last 12 months. Of note, participants cited data loss vectors such as files being inadvertently emailed to the wrong person (cited by 67 percent of respondents) and unauthorized access (66 percent) as top issues.
According to the report, the top data-centric solution requirements included:
- Permanent file security that remains effective wherever the file travels and while the file was being utilized
- Protection of all types of files including AutoCAD drawings
- Ability to control granular usage permissions including viewing, editing, printing, copying content, screen share and running macros
- Instant, remote document expiry from any location at any time
- Real-time logging and reporting of file usage details
Encouraging Collaboration, While Preventing Risk
The increase in outsourcing and collaboration with external partners and subcontractors is extending the flow of information outside of the secure confines of corporate controlled perimeters. While this collaboration is necessary and encourages innovation, it opens up companies to unnecessary risk. Data-centric solutions such as ERM, make it possible to have the best of both worlds — by enabling manufacturers to embrace the use of mobile devices, file sharing and outsourcing with complete confidence.
Vishal Gupta is CEO of Seclore.