IRM: The Best Defense Against Industrial Espionage
Industrial espionage will never be eradicated, but information rights management (IRM) technology now exists to help mitigate internal and external threats.
30 September 2014
In spring 2009, DuPont research chemist Hong Meng accepted a faculty position in Peking University’s Department of Nanotechnology. While he did not inform his employer, he forged ahead in his new role as professor, even requesting funding from the Chinese government for a commercial Organic Light-Emitting Diode (OLED) factory — the very chemical process he was advancing at DuPont. On the eve of his newly intended transfer to DuPont’s Shanghai division, he copied the proprietary process for large-scale OLED displays into a Microsoft Word document and emailed it to his university account.
Hong Meng would eventually be tried and convicted for stealing trade secrets worth an estimated $400 million.
When intellectual property is at the very heart of a business, the last thing the organization can skimp on is Information Rights Management (IRM). IRM is document-level security that remains with a file no matter where it may travel — even if it ends up on the desktop of an employee’s personal laptop. Meng may have raised a red flag by emailing himself the proprietary information, but most cases involve an employee simply downloading files to another location.
Such was the modus operandi of Shanshan Du. To form a partnership with a competing manufacturer in China, the former General Motors engineer copied over 16,000 files detailing hybrid vehicle technology to an external hard drive. Du is now serving a six-year prison sentence.
In any organization whose entire business depends upon the protection of intellectual property and trade secrets, IRM is mission critical. IRM helps track where a file goes, how it is being used, and allows you to revoke permissions even after download. One no longer needs physical access to a document in order to steal, copy, or photograph it. There are numerous opportunities — internal and external — to exploit existing network and process vulnerabilities. A secure perimeter is no longer the best defense. Each file needs be armored in encryption, especially when daily operations connect employees across nations, devices, and networks.
Trade secrets are always maintained confidentially; unlike patents, they may endure indefinitely, as they present a clear commercial advantage. Trade secrets do not protect against independent discovery — hard evidence is needed to link the accused collector with an act of espionage. Because many organizations do not integrate IRM into their security systems, document distribution may only be managed within their immediate network. Most trade secret thefts are not immediately recognized, let alone prosecuted — leaving the enterprise with potentially unrecoverable material losses.
Industrial espionage will never be completely eradicated, but the technology now exists for organizations to mitigate internal and external threats. IRM gives the enterprise control over their documents beyond perimeter-based security, and enables swift removal or changes to a user’s privileges. Most employees who steal proprietary information do so within a month of resignation or termination — with proper IRM in play, stolen documents can be rendered useless even when accessed outside the company firewall.
So if someone runs off with a proprietary chemical process in a Word document uploaded to a flash drive, they certainly won’t be getting very far.
Melinda Green is a senior digital strategist who joined Intralinks from docTrackr, where she began developing the content strategy and awareness campaign for Information Rights Management — emphasizing the importance of end-to-end encryption in document-level security. She is also a registered yoga instructor and enjoys making random things with LEDs and electronics, and is fascinated by numbers stations and North Korea.