Intellectual property theft is now a top concern for enterprises across the globe. So, security teams must regularly take appropriate measures to protect intellectual property- engineering designs, software, and marketing plans.
It’s a real challenge for organizations to protect IP, especially when it’s an algorithm and not a database or document. As companies are implementing digital transformation projects, proprietary analytics plays a vital role as a differentiator. Moreover, laws are constantly changing to incorporate algorithms among the IP that can be legitimately secured and protected.
As of February 2020, the FBI had about a thousand investigations involving China alone for attempted theft of US-based technology across just about every industry. Nation-states are not the only ones who want to steal IP; employees, competitors and partners are often culprits, too.
Algorithms are now considered trade secrets and even patent-worthy. Companies must take several steps to maintain privacy starting at conception. Hence, to prevent them from being stolen, businesses are advised to ensure the following.
Adopt a zero-trust approach
Once an algorithm is conceived, businesses should consider it a trade secret and take appropriate action to keep it under wraps. Meaning, information would be restricted to a few people, or perhaps employees who have access to it should be made to sign a confidentiality agreement. Businesses must ensure that no one takes the algorithm home overnight, and it must be well protected in a safe environment. It may sound ordinary, but these steps are essential if they are compelled to prove that something is a trade secret.
From an IT aspect, the most reliable practices for protecting algorithms are embedded in the rules of a zero-trust approach. Organizations are advised to store algorithms deemed trade secrets in a virtual vault with a limited number of people having access to them. Also, all access should be logged and monitored well.
According to Quince Market Insights, the Global Zero Trust Security Market was estimated at USD 20.2 billion in 2020 and is anticipated to grow at a CAGR of 19.7% during the forecast period till 2028.
According to Jamie Holcombe, CIO for the United States Patent and Trademark Office (USPTO), “Another theory we are trying to institute is called zero-trust. There is a lot of work that goes into zero-trust, it is not something that you buy and implement. The design architecture of zero-trust is key. So, I think zero-trust is the philosophy much like quality is the philosophy but you have to put that into the design of everything you do.”
Confidentiality agreements for all employees
Companies must ensure employees who have access to the project or algorithm sign a confidentiality agreement. Quite often, engineers and scientists enjoy having conversations on what they are working on with their peers. Therefore, it is critical to take signed confidentiality agreements seriously as there are high chances of sensitive information getting shared with competitors.
Employees should not be permitted to take algorithms with them
Businesses must have clear guidelines in place for employees as to what they can and can’t take with them when they switch their jobs. Employees working in a sensitive domain or having access to sensitive information must go through an exit interview. This will help them understand what they have and help them understand why they have these signed obligations. Also, this will prevent the misuse of sensitive information in their next job.
Furthermore, partnerships are no exception. If companies collaborate and end up moving on independently, there are possibilities of a dispute when one hits the market with confidential information.