Intangible Assets

Jul 1, 2008 12:00 PM, By Sandra Kay Miller

Electronics, tools, vehicles and even office furniture can easily be inventoried and tracked. But today, a company's most valuable assets cannot be tagged, microchipped or barcoded — and yet they are increasingly targeted for theft. Those assets are data — intellectual property such as source code, customer information including credit card and Social Security numbers, marketing plans, research and sales figures.

“Trade secrets often are a business's most valuable assets, and protecting them from theft and betrayal is a high priority for law enforcement,” says Patrick J. Fitzgerald, U.S. Attorney for the Northern District of Illinois.

The U.S. Attorney General's Office has been busy prosecuting a number of high-profile digital asset thefts, many with an international flair. For example, earlier this year a former software engineer for a Chicago-based telecommunications company was indicted for allegedly pilfering both electronic and hard copy documents that detailed the proprietary communication features incorporated into the Chicago firm's telecommunications products, and then attempting to board a plane at O'Hare airport with a one-way ticket to China.

Additionally, copyright infringement and piracy represent another faction of digital assets commonly abused and stolen. Nowhere has the theft of intangible assets become more painful than in the software industry. According to a recent study commissioned by the Business Software Alliance (bsa.org) and conducted by research firm, IDC (idc.com), in 2007, the global software industry alone lost a whopping $48 billion to piracy, which only represents a fraction of overall data theft.

While the cases of intellectual property theft are mounting, Trent Henry, senior analyst for the Utah-based Burton Group (burtongroup.com) explains that currently, the focus of data protection is on customers' confidential data due to the growing problem of identity theft and consumer fraud.

Regulatory compliance legislation, such as the Payment Card Industry Data Security Standard (PCI DSS), has been developed specifically to protect consumer account information. The regulations are a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. PCI DSS was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc., to help facilitate an expansive adoption of consistent data security measures on a global basis.

Initially, organizations were more concerned with the security of their networks and their own data, but as high-profile consumer information breaches resulted in tangible financial losses, companies began realizing the overall value of protecting intangible assets, including their reputations.

Within the last year, TJX Co. reached settlements totaling $65 million with credit card-issuing banks after a data breach occurred, exposing millions of private customer records, including card numbers.

Compared to the 2002 data breach at Victoria's Secret, in which the lingerie retailer was fined $50,000, it's easy to see that the price of failing to protect intangible assets, such as customer information, can create huge losses — or worse, put a company out of business.

Now that a new generation of users are integrating emerging personal applications, such as social networking sites, with legitimate business tools, organizations are taking a proactive approach to data security by turning to a variety of tools, services and technologies such as encryption, network access control, data tracking and loss prevention as well as personnel policy enforcement.

Cryptography has existed since ancient Greece and has increased in power steadily over the ages so that practically everyone has access to the strongest encryption algorithms in the world. Today, everything from hard drives to portable media have the capacity to be encrypted. But large scale, enterprise encryption is only beginning to become widely accepted as a standard security practice because of reasons such as computing overhead and key management.

But just because data is encrypted doesn't necessarily guarantee its safety. Take the reported incidents in early 2008 when private contractors working for the U.S. Department of State inappropriately accessed Sen. Barack Obama's passport records. Thanks to technology that digitally “tags” specific data, administrators can be instantly alerted when sensitive information is touched, copied, erased or printed.

The Obama incident isn't isolated. Gov. Arnold Schwarzenegger issued a statement saying that “a breach of any patient's medical records is outrageous,” after his wife, Maria Shriver's medical records were accessed by a UCLA Medical Center employee who had been previously caught peeping into other celebrities' personal files.

Want to use this article? Click here for options!
© 2008 Penton Media Inc.

This month in Access Control

• Getting Management On Board
• The More Things Change
• Be Aware Of Emerging Issues
• Verifying Drivers
• More from June's issue