Psilva's Prophecies

Peter Silva

Subscribe to Peter Silva: eMailAlertsEmail Alerts
Get Peter Silva: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Related Topics: SSL Journal, Data Mining, Security Journal, IT Strategy, Secure Cloud Computing, F5 Networks

Security Journal: Blog Feed Post

Today’s Target: Corporate Secrets

Intellectual Property is a major target

Intellectual Property is one of a company’s most precious assets and includes things like patents, inventions, designs, source code, trademarks, trade secrets and more.  These formulas, processes, practices and other inside information can differentiate your brand and give a competitive edge in the marketplace.  An often cited example is Coca-Cola’s formula or KFC’s 11 herbs and spices.  For technology companies it can be their software, hardware design, development process, roadmaps, patents and others pertinent to the company.  In F5’s case, we own the patent for Cookie Persistence technology and have had to lawfully protect that valuable intellectual property.

A new study from Forrester in conjunction with RSA and Microsoft entitled The Value of Corporate Secrets (pdf) concludes that while companies do focus and invest in compliance driven data security programs like PCI-DSS, they miss the mark on protecting corporate secrets and valuable intellectual property.

"Nearly 90% of enterprises we surveyed agreed that compliance with PCI-DSS, data privacy laws, data breach regulations, and existing data security policies is the primary driver of their data security programs. Significant percentages of enterprise budgets (39%) are devoted to compliance-related data security programs," according to Forrester Consulting’s study. "But secrets comprise 62% of the overall information portfolio’s total value while compliance- related custodial data comprises just 38%, a much smaller proportion. This strongly suggests that investments are overweighed toward compliance."  (from the RSA press release)

Companies spend enormous amounts of time and money protecting the Custodial Data; things like medical & card payment information along with sensitive customer data, as they should and are required to do, yet losing Intellectual Property or Trade Secrets can have long lasting ramifications.  The study indicated that loss of sensitive information from employee theft is 10 times more costly to a company than a single accidental loss – ‘hundreds of thousands verses tens of thousands’, the study says.  Also, companies are targeted and attacked more frequently the more valuable their information.

From the study, the key findings are:

  • Secrets comprise two-thirds of the value of firms’ information portfolios.
  • Compliance, not security, drives security budgets.
  • Firms focus on preventing accidents, but theft is where the money is.
  • The more valuable a firm’s information, the more incidents it will have.
  • CISOs do not know how effective their security controls actually are.

The study’s Key Recommendations:

  • Identify the most valuable information assets in your portfolio.
  • Create a “risk register” of data security risks.
  • Assess your program’s balance between compliance and protecting secrets.

and

  • Reprioritize enterprise security investments.
  • Increase vigilance of external and third-party business relationships.
  • Measure effectiveness of your data security program.

ps

Related:

Technorati Tags: Pete Silva,F5,security,application security,network security, business, education, technology

var addthis_pub=”psilva”;Bookmark and Share

Digg This


More Stories By Peter Silva

Peter is an F5 evangelist for security, IoT, mobile and core. His background in theatre brings the slightly theatrical and fairly technical together to cover training, writing, speaking, along with overall product evangelism for F5. He's also produced over 350 videos and recorded over 50 audio whitepapers. After working in Professional Theatre for 10 years, Peter decided to change careers. Starting out with a small VAR selling Netopia routers and the Instant Internet box, he soon became one of the first six Internet Specialists for AT&T managing customers on the original ATT WorldNet network.

Now having his Telco background he moved to Verio to focus on access, IP security along with web hosting. After losing a deal to Exodus Communications (now Savvis) for technical reasons, the customer still wanted Peter as their local SE contact so Exodus made him an offer he couldn’t refuse. As only the third person hired in the Midwest, he helped Exodus grow from an executive suite to two enormous datacenters in the Chicago land area working with such customers as Ticketmaster, Rolling Stone, uBid, Orbitz, Best Buy and others.

Writer, speaker and Video Host, he's also been in such plays as The Glass Menagerie, All’s Well That Ends Well, Cinderella and others.