AmalfiCORE Blog

Protecting Corporate IP

The options to protect data, formulas, products, and documented ideas or concepts come in many forms. Government and big business seem to spend the most time and money focused on this protection as well as educating others about the risks and mitigation.

Government Actions:

The government creates entire departments focused on protecting intellectual property. Presidential directives are issued, methods are developed, and collaboration ensues in an effort to protect both public and private sector from disaster. Governments encourage businesses to take steps to protect IP, brand, and innovations. Internal threats to data center security have been a known exposure for decades.

As early as 1998, the United States government formally recognized the increasing risk of cyber threats when the President issued “…Presidential Decision Directive 63 (PDD-63), which called for the creation of a national plan to protect the services on which we depend daily.” [1] Our everyday essential services, i.e. energy, banking, finance transportation, vital human services, and telecommunications are all interdependent. Preservation of vital intellectual property would be impacted due to the ever-increasing interdependency of electronics on our way of life. With the unchecked growth of the internet-web, advanced electronics, and miniaturized telecommunications, our intellectual property would be vulnerable to a whole host of new threats.

The economy itself when in a down turn, can be considered a disruption requiring considerations be given to protecting Intellectual Property-IP. In the Philippines,  “…micro, small, and medium enterprises (MSMEs) account for 99.6 percent of the country’s economy” and are told to protect assets [2]. These type organizations are being encouraged to register the innovations, inventions, and brands in order to preserve their intellectual property rights.

Business:

I’m sure there are hundreds of examples of methods employed by businesses to protect IP, here are a few:

• Hardware, software and services vendors develop products to protect data and systems for all size of organization from the home pc to multi-national corporations- anti-spam, anti-virus, anti-phishing, etc.
• At Intellistore Design Consulting one of the many IT service vendors on the web, they encourage clients to develop and implement IT Best practices. Their ‘Six Tips’ [3] could be used by any business/data center:
  • Take ownership of your IP
  • Ensure access to source code
  • Prepare and IT disaster recovery plan
  • Incorporate the ability to upgrade or migrate to new technologies
  • Implement data compliance standards
  • Take control of your companies online accounts
• At Google, the data center boasts several backup options with an emphasis on redundancy as a primary tactic to protect and restore data and systems, with a solution called Perforce Disaster Recovery. [4]
• ATT focused some of their advertising, marketing, and educational material for citizens around Katrina events by providing advice on protecting value records. Among many things to do, ATT recommended protecting all resources, records, and data through both traditional off-site backups, as well as, using generators for backup power supply. The generators are focused on the most critical business functions. [5]

Burtles suggests that more than one backup method needs to be employed to ensure successful recovery, and for data centers, he places great emphasis on hot-sites, cold-sites, and redundancy. [6]

The concept of trust seems to be an important element of protective disaster recovery plan for intellectual property. At some point, a decision must be made to place a copy and the original innovation (IP) in a two different safe places. Determining a ‘safe place’ is an entire project in itself and would involve statistical theory along with a healthy dose of trust.

Summary

Redundancy of data systems, data centers, access methods, and protective software are all offer solidly proven methods to protect data and information. Governments clearly see the need and have taken steps across the globe to secure their data as well as educate business on best practices. Entire businesses exist in the data storage world, which provide hardware, software, and services to protect information.

In the end, I believe it comes down to taking a calculated risk, based on solid data, and implementing a proven method of intellectual property protection.

References:

[1] “Critical Infrastructure Protection”. Department of Justice, Computer Crime and Intellectual Property Section-CCIPS, USA.gov. Retrieved 10-04-09 from http://www.usdoj.gov/criminal/cybercrime/critinfr.htm

[2]  GMA NewsTV.com, Retrieved 10-04-09 from http://www.gmanews.tv/story/167997/Firms-told-to-protect-intellectual-property-assets

[3] Herrmann, Kathy. “6 Tips to Protect Your Intellectual Property“. 6-MAY09Retrieved 10-04-09 from http://community.intellicore-design.com/blog/2009/5/6/6-tips-to-protect-your-intellectual-property.html

[4] Wright, Rick. 2008.“Perforce Disaster Recovery at Google”. Retrieved 10-04-09 from http://www.perforce.com/perforce/conferences/us/2009/Presentations/Wright-Disaster_Recovery-paper.pdf

[5] “ATT Disaster Preparedness – 2008 Hurricane Season”. 2008. Retrieved 10-04-09 from http://www.att.com/Common/merger/files/pdf/att_emer_prepare_tips.pdf

[6] Burtles, Jim. 2007.  “Principles and Practice of Business Continuity: Tools and Techniques“, Rothstein Associates.

Reciprocal Agreements

Reciprocal agreements can be defined by as “An agreement by two parties, each allowing the other to use their site, resources, or facilities during a disaster”[Burtles 1]. There are many similar definitions [2] which all focus on ‘sharing’ during times of disruption.

There seems to be quite a bit of disagreement about the merits of using reciprocal agreements as viable alternatives during disasters. Some of the experts [4] caution about a number of difficulties that may occur including incompatibility of systems, software and methods, time delay on actually implementing the transfer, and the unavoidable concern of the receiving entity being impacted by work overload.

An article by Davis [3] in the Disaster Recovery Journal cautions that “Reciprocal agreements are economical but beware of systems incompatibility”. This can be particularly helpful when the equipment needing backup is very expensive or of a special or rare type. In such cases, it may be completely necessary to partner with the only other company or entity which has this resource capability. [5]

In my personal experience, reciprocal agreements can be beneficial. Some examples:
• Tornado interrupts power to fire station, neighboring fire station one town away has previously agreed to house trucks and personnel in makeshift building at their headquarters. This happens until power is restored in under one week.
• City prepares COOP plan and includes several mutual agreements to make use of neighboring cities services, i.e. utility billing, power, data center transfer. It has not been tested yet.
• Fire and police departments have mutual aid agreements, which have been used several times during the past decades and it works quite well.

In the emergency services world, reciprocal agreements are commonplace and are known as ‘mutual aid’ agreements according to FEMA. [6] In such cases, one agency agrees to share resources with another agency during times when:
• the size of the incident calls for more help than can be mustered by the one agency,
• when a resource is out of service for maintenance or due to damage
• when personnel are unavailable due to training, inability to continue performing their duties (overworked, exhaustion, sickness, other peril)

Another concept describes using internal resources as redundancy or as backup during times when one function experiences a disruption. The success of this transfer would depend on some of the same criteria as when agreeing with other entities, that is, does the receiving facility have the expertise, resources, and capability to actually take on the workload of the disrupted entity. I think the same cautions and concerns would apply, despite the fact that there would be more familiarity and consistency when creating an internal agreement,

Summary

There are mixes opinions regarding the merits of using a reciprocal agreement to provide secure backup during a disaster or major disruption. While there are a number of situations, which may prove difficult, and be an imposition to the receiving entity, it makes sense in my judgment that the establishment of a reciprocal agreement has merit.

References:

[1] Burtles, Jim. 2007. “Principles and Practice of Business Continuity: Tools and Techniques”, Rothstein Associates.

[2] “Online Business Dictionary”. Retrieved 10-04-09 from http://www.businessdictionary.com/definition/reciprocal-agreement.html
“Definition 1
General: Quid pro quo arrangement in which two or more parties agree to share their resources in an emergency or to achieve a common objective.
Definition 2
Data backup: Whereby two departments or organizations agree to store one another’s backup data on their computers.
Definition 3
Disaster planning: Whereby each party agrees to allow another to use its site, facilities, resources, etc., after a disaster.

[3] Davis, J.R. 2003. “Regulatory Scrutiny of Item Processing Increases Disaster Recovery Planning”. Disaster Recovery Journal. Retrieved 10-04-09 from http://www.drj.com/articles/spr03/1602-09p.html. Vol. 16 Issue 2.

[4] Snyder, Richard. “Reciprocal Agreements: Do the Work?”. Disaster Recovery Journal. Retrieve 10-04-09 from http://www.drj.com/drworld/content/w1_095.htm. Vol. 3 No. 4, p. 54

[5] Contesti, Diane-Lynn., Andre, Douglas., Waxvik, Eric., Henry, Paul A., Goins, Bonnie, A.“Official (ISC) 2 Guide to the SSCP CBK, Volumes 978-2272” 2008. Pg 228. Retrieved 10-04-09 from http://books.google.com/books?id=Jt1meI49yTwC&pg=PA229&lpg=PA229&dq=%22reciprocal+agreements%22+during+disasters&source=bl&ots=AyaIAFYkUF&sig=WodAfpgE13GExjh-eVA9RFwOsfg&hl=en&ei=vkLJSoKSFpWEMeXPnfMH&sa=X&oi=book_result&ct=result&resnum=8#v=onepage&q=%22reciprocal%20agreements%22%20during%20disasters&f=false

[6] “Mutual Aid Agreement for Public Assistance and Fire Management“ 13-AUG07. FEMA Disaster Assistance Policy 9523.6. Retrieved 10-04-09 from http://www.fema.gov/government/grant/pa/9523_6.shtm