As intellectual property occupies an increasingly central place in the global economy, collaboration becomes a crucial parameter.
For most businesses, research organisations and other institutions, this collaboration necessarily relies on cloud computing. In most cases, this solution facilitates remote working and distance collaboration, as it offers enormous advantages in terms of storing and synchronising information across a multitude of devices. The cloud makes information sharing seamless, boosts productivity and frees users from the need to be physically present in the office by enabling coordination across borders and easy access to files and the information they contain. According to RightScale's 2014 study on the evolution of cloud computing entitled 2014 State of the Cloud Report (www.rightscale.com), the cloud is already used by nearly 90% of businesses, and this figure is set to increase further. Cloud computing is therefore a well-established technology.
Yet this evolution can sometimes be a source of concern for those working in the field of intellectual property, for whom data protection is a necessity. After all, the unavoidable proliferation of data and its sharing among collaborators, using multiple devices, is part of the magic of the cloud. In return, it leads to a significant loss of control. However, when a lifetime of work requires preserving the confidentiality of designs and models, source codes, patents, or trade secrets, protecting against any risk of accidental leakage or malicious acts in the cloud is an absolute priority. Given the value of intellectual property assets, the stakes are already high. And the costs associated with settling patent disputes — particularly in the technology sector — can reach astronomical amounts.
Identifying and assessing risks
To use the cloud with confidence and harness its full potential in the service of intellectual property, the solution lies in taking responsibility for all elements over which you can retain control, which in practice means implementing appropriate protective and security measures. For in reality, cloud computing offers a means not only of sharing knowledge but also of protecting intellectual property assets.
In terms of intellectual property, the cloud represents a double-edged sword. This solution enables collaborative working, which is essential for any business, but at the same time presents a potential risk with regard to the dissemination of sensitive intellectual property information. No sector is immune to a data breach, and many companies fall victim to indiscriminate attacks launched by cybercriminals who penetrate their databases to seize large quantities of usernames, passwords, credit card numbers or other personal information for immediate financial gain. Intellectual property nevertheless remains a prime target. The 2014 Verizon Data Breach Investigations Report (www.verizonenterprise.com) that more than a quarter of cybercriminals are spies specialising in intellectual property. Malicious actors targeting intellectual property are looking for something far more specific than mere figures or login credentials, and they know how to go about achieving their ends.
In terms of data breaches, malware and phishing represent by far the two main threats facing companies, but these techniques do not allow cybercriminals to go further, most likely because they originate from a source external to the organisation. According to another Verizon study from 2012 entitled DBIR Snapshot: Intellectual Property Theft, spies specialising in intellectual property are far more sophisticated and indeed far more malicious. In reality, the study shows that nearly half of data breaches involving intellectual property assets are perpetrated by current or former employees, particularly in sectors such as manufacturing, finance, technology and government. Furthermore, in most cases, these breaches are attributable to the misuse of a privilege or access right to a system. In other words, leaks of confidential intellectual property information are often committed by individuals who have access to information they should not be authorised to consult, who have retained access to systems even though they are no longer part of the company or a given project, or who have associated with an external fraudster or hacker.
Errors can also occur without malicious intent. Employee negligence remains a major concern for some companies, all the more so as cloud computing gains ground. Take for example the question of file synchronisation: through the cloud, it is possible to match the contents of several distinct devices, allowing you to access your clients' patents or draft documents from your smartphone or tablet while travelling or working from home. In many respects, this is a boon: you can be more efficient and more responsive even when away from the office.
Now suppose you leave your tablet in a taxi and it contains a company's trade secrets accessible from your email or downloads folder. If the tablet falls into the wrong hands and its contents are transmitted to a competitor, your client's work will be rendered virtually worthless. A 2012 Microsoft study found that nationally, nearly 70% of executives use their personal mobile devices for professional purposes and connect to the cloud using these devices, whether or not authorised to do so by their company (http://blogs.microsoft.com/cybertrust/). In this context, there is a high probability that some devices may be misplaced, some messaging applications left open, and some attachments sent in error. However, if all files are encrypted – whether stored in a cloud-backed folder, under a secure link inside an email, or in a downloads folder – it does not matter who gets hold of the tablet left in the taxi. If the person is not authorised to access the files, they will not be able to do so.
How can cloud computing help protect against intellectual property theft?
While the cloud carries risks, it can also offer advantages in terms of security: it contains practical solutions to protect your information and can also prove to be more secure than other traditional network servers, which are very often targeted by cybercriminals.
According to Verizon, at least half of all intellectual property asset thefts involve corporate database servers or file servers. Of all a company's resources (documents, employees, emails, web applications, among others), these are the most frequently affected. Faced with this reality, the first instinct might simply be to strengthen the protection of these servers through larger and more powerful firewalls. Another solution would be to remove the protected data stored on these servers and migrate it to the cloud.
Using cloud storage to keep all your intellectual property information can in fact improve its protection. Your company can thus have the assurance that data is secure while being able to take advantage of all the benefits offered by cloud computing. Once the appropriate measures are in place, intellectual property data stored in the cloud will benefit from greater protection than on any other physical network. The key to secure storage: encryption.
Encrypting data at the file level ensures that the file will be permanently encrypted from the moment it is transferred to the cloud until the moment it is downloaded, meaning that only you and the users to whom you have granted access will be able to decrypt the file in question.
The cloud offers a way to share knowledge and protect intellectual property assets. To harness its full potential, the solution is to take charge of all the elements over which you can retain control by putting protective measures in place. (Photo: iStock photo © dolfyn)
By contrast, encrypting traditional databases generally proves to be impractical. These databases are constantly in use, and sensitive content is decrypted with every query, as the decryption key is always accessible. This is not the case in the cloud, where the solution implemented will allow you to store your intellectual property-related data and decryption keys in two separate locations. As a result, neither the cloud service provider nor the encryption service provider will be able to access your data. You will be the only one able to do so, thereby providing robust security guarantees.
File encryption not only provides security in the event of a breach, but also enables you, your colleagues, and your clients to share and synchronize files without compromising them, thus enabling seamless communication and collaboration. Imagine being able to share folders containing an entire range of sensitive files and keeping all the information your team needs safe in a secure location.
One of the key advantages of encryption, and the ability to control who is authorized to decrypt data, is that administrators can implement selective access. We have already discussed the harm that malicious use of data can cause. However, if an employee or team member is unable to browse a server because they cannot open encrypted files, the risk of theft is significantly reduced.
Finally, layering security solutions in the cloud also gives you the ability to conduct reliable retrospective auditing. Being able to monitor the use of encrypted files and know which users accessed them and when is an excellent way to guard against breaches and theft. In the event that an unauthorized user — whether acting from inside or outside your organization — gains access to intellectual property data they should not have been permitted to view, you will be notified and can quickly counter the attack. Being able to revoke a collaborator's access as soon as they are no longer part of a project, or to suspend access to a lost device, is also crucial. A former employee may still have access to files sent by email to a personal address or saved on a home computer, unless you take the necessary steps to prevent this.
Implementing file-level protection not only safeguards the data itself but also reduces overheads associated with cloud servers, enabling you to use encrypted files in a manner that is both simple and fast.
In summary, the cloud can provide a myriad of benefits in terms of storage, sharing, and collaboration on intellectual property-related projects. It also comes with vulnerabilities that must be addressed appropriately. However, with a suitable encryption method, it is straightforward to protect your files and restrict access to only those users who are intended to view them.
In many respects, intellectual property drives the world forward — a world in constant evolution. Yet only a simple and seamless collaborative system will stimulate the growth of the international economy and address the fundamental questions we face today. A secure cloud environment can facilitate cooperation and help the world move forward by contributing to the realization of innovative ideas.