You Can’t Protect What You Can’t See



Protecting Data in a Global Manufacturing Environment

Early in my career I worked in manufacturing, and can attest that it’s a very different world from software. Aside from the fact that you could pay rush charges to get things built quicker (something we dream about in software), a big difference was in the way we needed to share proprietary information with partners and vendors.

In that environment, controlling IP can be a challenge. Sensitive design documents may be produced in CAD applications or software components written by offshore contractors. Board layouts are provided to manufacturing engineers who use them to build jigs and test harnesses, and to vendors who provide components for integration. Finally, sensitive information goes to the manufacturing floor (in many cases, in both the US and Asia).

While sharing data is a requirement in manufacturing, controlling use of the data is critical. Leaked IP allows competitors to react faster with similar products or discover critical design information, which swiftly erodes a manufacturer’s competitive advantage. When offshore employees move frequently between contract manufacturers and outsourced development shops, there is a high risk that IP could be moving with them.


Production floor of a surveillance camera factory, Shenzen, China

The production floor of a CCTV and surveillance camera factory in Shenzen, China, 2010

So how does a company share data with offshore partners, while restricting its use to legitimate purposes?

An old saying about achieving high quality in manufacturing is “You can’t manage what you can’t measure.” From an information security standpoint, a better expression would be “You can’t protect what you can’t see.”

Most importantly, you need visibility to where sensitive information is at all times. This requires an understanding of the sensitivity of each piece of data (classification) as it is created, then maintaining and updating that classification as data moves. Next, you need to understand the context of how data is being used by correlating data sensitivity, the users accessing the data, and the requested action. Finally, controls are needed on endpoints to enforce corporate data policies and block inappropriate access or use.

Focusing on data itself is simpler and more effective. It allows appropriate use to continue unimpeded, blocks use that could put data at risk, and provides visibility into where data resides at all times. In a manufacturing environment, this makes it possible to share more data, more fully and more securely.

Mike Pittenger

Customer Spotlight: Deploying a Data Protection Program in Less Than 120 Days

Michael Ring, IT Security Architect at Jabil Circuit shares how they deployed Digital Guardian to over 40,000 users in less than 120 days. Watch the webinar on demand now.

Watch Now

Related Articles
The Insider Threat: Work, Deception, Theft, Founding, Funding and Sale in the Valley

A new case filed by Alphabet accusing Uber of intellectual property theft could be a watershed event in bringing attention to the threat of industrial espionage by insiders.

Improve Your Ability to Detect Cyber-Attacks

Final in a Series from Former DuPont CISO on Trade Secret Protection for Manufacturers

“Insider” IP Theft Suit Ends in Prison Time, Hefty Fines

A man who stole half a million dollars’ worth of intellectual property from a former employer to use at a competitor has been sentenced to 18 months in prison as well as over $170,000 in restitution payments.

Mike Pittenger

Mike Pittenger is vice president, security strategy at Black Duck Software. Mike has over 30 years of technology business experience, including over 15 in application security. He was a co-founder of Veracode and led the product divisions of @stake and Cigital. He can be reached at mwpittenger [at] caddisadvisors.com.

Please post your comments here