Online intellectual property theft is a big worry for businesses with data in the cloud.
This article does not serve as a substitute for professional advice on intellectual property theft.
From illegal movie downloads through to state-sponsored cyber-espionage, the scope of online intellectual property (IP) theft is huge.
And with an ever-growing quantity of data now digitised and stored online, the incentive for thieves to steal online IP has never been greater.
Yet few companies are doing enough to protect themselves. Most only start to build defences when they become aware that they are bring targeted.
“When we get called in to investigate breaches, it is rare for companies to have a good understanding of what their valuable digital IP is, or where it physically resides, let alone have effective access controls or logging,” says Benedict Hamilton, a managing director at global investigations firm Kroll.
While the threats to online IP are real, diverse and often highly sophisticated, an organisation can take some basic steps to minimise exposure.
The first is to ensure that your organisation’s IP is legally protected. Fail to do this and you may find your legal rights are already compromised.
Be sure to register trademarks, including business names, logos, product names, domain names and any other signs posted online which may be protected as trademarks.
“The virtual nature of cloud-based operations makes it far more difficult for companies to keep track of where their data is.”
People must be aware that your online IP is protected. Trademarks must be marked and all sensitive website content – from written material and images to music and videos – must be flagged as being copyrighted.
Those who end up in court trying to prove someone stole their online IP must show that the data was adequately labelled as protected.
Also take precautions to protect confidential information by making sure that employees, contractors, internet service providers (ISPs) and website hosts are bound by confidentiality clauses or non-disclosure agreements. You should also review your information technology (IT) providers and scrutinise their own suppliers.
Businesses can also patent online business methods in countries where such protection is available, and take out an IP insurance policy.
Understanding where the unique IP is located on a particular network is the key to applying targeted protection and, as always, the key is to anticipate a danger, rather than respond only after a breach has occurred.
“Don’t just pick the first provider that comes along. Move non-sensitive data to the cloud first to test the waters.” – Catherine Gannon
“Businesses must focus on detecting and profiling attackers and attacks early on, rather than at the point of intervention,” says Rebecca Lawson, senior director of product marketing at Juniper Networks in the US.
“Every organisation has a different defensive profile. The most relevant threats for one company might be completely different to the next, depending on the nature of the business and the company‘s ability to secure online infrastructure.”
Of course, nothing is completely foolproof, but a combination of several risk mitigation options will offer more protection than just using one alone.
A growing number of companies are shifting their operations to the cloud, and Forrester Research predicts that the value of the public cloud market will soar to US$191 billion by 2020, up from US$58 billion in 2013.
Although credible cloud providers are keen to spruik their security credentials, the virtual nature of cloud-based operations makes it far more difficult for companies to keep track of where their data is, who has access to it, and how it’s being used.
It is also important to bear in mind and understand which laws a company can rely on to protect or enforce their rights, when using a cloud-based provider.
It comes as little surprise that half of the respondents in last year’s KPMG Cloud Survey listed IP theft as the most significant challenge they face when doing business in the cloud.
“Companies moving to the cloud can take a number of measures to safeguard their IP.”
However, companies moving to the cloud can take a number of measures to safeguard their IP.
“Due diligence is essential,” says Catherine Gannon, specialist IP partner at London-based Gannons Commercial Law Limited.
“Don’t just pick the first provider that comes along. Move non-sensitive data to the cloud first to test the waters.
Consider adding your own layers of security and keep your eyes open for new threats. Last but not least, read the small print and never sign the cloud provider’s online contract.”
While VPNs have many legitimate uses, the fact that they allow users to interact securely over the internet by using encryption technologymakes them perfect for illegally downloading online IP such as music or movies.
Many young people already use VPNs for anonymous peer-to-peer sharing of such content.
New research from Sydney-based Essential Media shows that as many as 16 per cent of Australians currently use VPNs or similar software tools.
But some companies are getting wise to their use. Online media streaming outfit Netflix now not only blocks accounts that are using VPNs to circumvent geographical restrictions, but also terminates them completely.
“It may not be long before other services follow suit,” says Gannon.
There is a bit of confusion as to the legality of using VPNs in Australia, but some experts predict that the introduction of the Copyright Amendment (Online Infringement) Bill 2015 earlier this year could soon see many VPN services blocked in the country.
This, combined with a recent landmark ruling that saw an Australian ISP forced to hand over the names and home addresses of more than 4500 illegal downloaders, may see such low-level IP theft by the masses diminish rapidly.
Demystifying the cloud.