The IP Protector

Sep 1, 2007 12:00 PM, By Randy Southerland

Protecting the people and assets of a worldwide technology company requires integration and coordination across both distances and departments. For Steven Davis, vice president for corporate security at Qualcomm, San Diego, that means developing new tools, and most important of all, adopting new ways of looking at security.

“It has gone from a typical security guard ‘bricks and mortar’ factory concept to a more technical adaptive environment,” explains Davis, a former Secret Service agent who has been with the company for 10 years. “You just can't rely upon the old way of doing things. I think that the intellectual property nowadays is not stolen the way it once was [by a competitor walking in and pocketing something]. It's now done remotely or through social engineering.”

Davis manages a security department of more than 355 employed and contracted professionals. In this position, he is ever mindful that his department protects a global corporation that develops innovative digital wireless communications products and services that often must be delivered to customers in emergency and critical situations. The security program must also provide effective services in the corporate environment while meeting government specifications and providing dependable services in what are sometimes remote locations.

Access control is one of the most vital areas for Davis and his team. The program is linked to Qualcomm locations around the world, and is controlled from the company's San Diego headquarters.

“We have the ability to track employee comings and goings in any of our buildings worldwide, which helps both from a workplace violence standpoint and with attendance issues as well,” Davis says.

One of the most important areas of security involves brand protection. This program is managed by a director and his staff and represents an area that is becoming more and more important for many enterprises today.

“And by that I mean we are identifying numerous companies in Asia that are primarily utilizing our technology either in a gray market or a counterfeit mode without authorization or payment to us or in direct violation of copyright and patent laws,” Davis says. “This applies to high-tech security just as it does to the manufacturers of Rolex watches or designer handbags.”

This kind of theft can include integrated circuit chips or chips powered by stolen software. Since much of activity is found overseas, tracking down the perpetrators and bringing them to justice can be a difficult and often time-consuming task. Laws may not be as strict as those in western countries, and local police may lack the resources and the motivation to tackle a complex case such as intellectual property (IP) theft.

“There is the World Trade Organization (WTO) regulation requirements of course,” Davis says. “Because these countries do want to integrate themselves into the world economic community, they have laws - some recently passed - against counterfeiting, against gray market issues, against patent infringement and against IP issues.”

Yet these steps often don't make it any easier to pursue cases because the level of proof is higher and requires a more substantial understanding of the violation. Charging someone with patent infringement requires drilling down to the technology involved and then presenting proof that is convincing to a law enforcement agency with limited resources.

“We do get action because we're careful and we follow all the steps, but it's not timely,” he explains. “So there is cooperation, but it takes time and we have to do a very in-depth presentation of the facts for the prosecution.”

That often translates into conducting many aspects of an investigation and then presenting evidence to authorities who can take an airtight case to authorities.

Davis' department also works closely with government agencies such as the U.S. Department of Defense (DoD). Operating at this classified level demands a secure technical infrastructure with closely monitored access control systems.

Security at the corporate level is much more than just providing guards for buildings, it's an integral part of the business process. Security processes can include assisting with due diligence during acquisitions of other companies.

“The business unit or legal department always does Dun & Bradstreet reports and other financials, and we have the capability of assisting in doing some more drill down,” Davis says.

One of the biggest challenges for this security program comes from the company's biggest success - its rapid growth. Seemingly every month, Qualcomm is hiring hundreds of engineers throughout the world. A challenge is to smoothly integrate them into the security culture. That means training each new worker in the best practices for protecting IP to ensure that confidential data isn't lost or stolen due to carelessness or failure to comply with company policies.

“Our job is to get them to be aware of how they manage our proprietary information - and by that I mean any mathematics or algorithms or anything they're working on is proprietary and confidential information,” he explains. “So just getting an engineer to be aware of the protection of what they're working on is always a challenge.”

To deal with the company's success, Davis emphasizes the recruiting of highly qualified staff who can function in a high-tech environment. That need for brains as opposed to brawn is another indication of just how much security has changed for Davis and his department. Today, the most important relationship is with those who manage the network and tend to the computer system.

“We've migrated to the concept that any good security department cannot function without a very strong relationship with their IT department,” Davis says.

All of their access control systems are managed by sub-servers in both San Diego and in Las Vegas for redundancy. In years past, his department served as the database administrator for those servers but soon found that because they were managing such a vast and complex access control system they needed the full-time assistance of the company's IT department.

“IT is the database administrator, but we are still the manager,” he says. “They run the backbone and the infrastructure, but we manage the systems. The same goes with the protection of intellectual property where IT plays an integral part because they are usually the first ones to discover the transmission of anything that shouldn't go out or any attempt for penetration to obtain information through the multiple firewalls that we have.”

That relationship has proven to be a valuable one in a world in which security and technology are vital partners.

Want to use this article? Click here for options!
© 2008 Penton Media Inc.

This month in Access Control

• Opening Up About Door Closers
• An Enterprise Approach
• The Framework For Open Systems
• On A Higher Plane
• More from April's issue