Security has been and continues to be one of the top concerns for enterprises considering outsourcing some or all of their software development or IT functions. Within the sphere of security concerns, one risk especially stands out, which is the potential to lose control over your enterprise’s intellectual property.
Reputable outsourcing vendors would not remain in business long if it was suspected that they had compromised any of their clients’ IP, but regardless of that there are several steps and procedures you should undertake within your company to minimize the chances of such a damaging occurrence.
Create an IP Inventory
First and foremost, know what needs protecting within your company. If you do not already have one, create a thorough inventory of all potential IP material. It may include copyrights, trademarks, patents, specifications, proprietary code, databases, marketing material or customer information. In order to do this thoroughly, you will need the advice of legal counsel or an intellectual property specialist. Such experts can often identify potential IP, such as trade secrets, of which you were unaware but which may have commercial value.
The next step is to place a valuation on each piece of IP. This additional step helps prioritize your protection and segregation procedures. Additional benefits to establishing valuations include being able to accurately assess damages should your IP be stolen or infringed upon plus identifying its leverage potential in current or future business dealings.
Intellectual property and privacy policies lay out the ground rules for what is and what is not IP and how potential IP should be recorded and handled. It also specifies who retains rights to such property. It should be exhaustive in terms of all the types of IP it covers.
Managing Permissions and Access to Your IP
Your enterprise likely already has computer, networking and data security policies in effect, which can be applied to keeping your IP safe as well. These generally follow a hierarchy of permissions for everyone, certain groups of people and files or directories restricted to select individuals. Each of these permissions can be restricted by operations, such as read, write or execute.
Utilizing these policies to protect a company’s IP should employ the principle of least privilege. In short, this means that any internal or external user of your computing infrastructure, programs and data must only possess privileges that are essential to their work and no more.
Additionally, company systems must monitor and log file and program access in order to flag unauthorized accesses and provide an audit trail. There are many more steps you can take to improve your IP security in this are: [http://web.mit.edu/Saltzer/www/publications/protection/Basic.html].
Application and Network Audits
Audits of your computing infrastructure behavior and activities must be in place before engaging an outsourcing vendor. These should run frequently or continuously to detect unauthorized transactions, access control violations, compromised data integrity or data entry errors that might indicate a foiled access attempt or attack. Audits have an additional benefit by exposing processing inefficiencies or weak points in your security attack surface.
Choose a Reliable, Reputable and Trustworthy Development Vendor
Despite the many precautions you can take internally, the importance of choosing a trusted vendor cannot be overemphasized. Before contacting vendors, put together a well-researched set of criteria to evaluate their commitment to securing your data and communications.
Investigate if they are in compliance with applicable federal or provincial/state laws and industry standards with regard to computer security and consumer privacy. Evaluate how they practice security best practices in their operations. Also, examine their physical security their disaster recovery plan. Always check references from prior clients.
Additional practices that would indicate their commitment to client data security would be the existence of employee training with regard to IP rights and the handling of sensitive data, the use of prevention technologies and the monitoring of their outbound Internet traffic and email.
Intellectual property is an essential part of any high-tech business. What is IP in your enterprise may cover more ground than first imagined. Thus, it is critical to identify and value all potential IP within your company and develop a plan to protect it.
Effectively managing your IP internally and across the boundaries in your relationships with outsourcing partners is the only way to ensure you receive both maximum protections and benefits. You must evaluate if your vendor is equally serious about IP security and has taken steps to protect your assets also.
Rest assured that Optimus employs only the most up-to-date and innovative technologies, processes and policies to ensure your company’s IP is safe and secure. Their contractual obligations in this regard fall within a North American jurisdiction.
Optimus has a long and successful track record of working with over 100 high-tech companies to deliver world-class outsourcing services while safeguarding each company’s invaluable intellectual property.
Contact us if you have any questions regarding keeping your intellectual property secure. We’re always happy to answer any questions.