So what can you do to protect your software-based Intellectual Property better? Fortunately, there are things you can to do to help overcome this problem – however in practice, what does that mean?
The following are 4 valuable tips for protecting your software-based IP assets better we got from Intellectual property attorney Feinberg Day.
- Determine where your software-based assets are located.
In many companies, data is stored in many different places and frequently in different formats as well. It might sound obvious, however the starting point needs to be knowing where all of your valuable or sensitive data is stored, along with how the assets are currently being protected.
One area that should be of special concern is code, since code might be stored within a management repository that is insecure or – in many cases – in multiple repositories. Your first step should be finding the code and consolidating it into one version management system that has audit trails and robust security options. For instance, are immutable history logs and file-level access control offered by the system? Who is allowed access and to what? When was the data last accessed?
- Place context around your risks
This is especially true of code assets, since typically traditional SIEM tools are not designed to offer understanding around processes, tool usage and file types that are used as part of the software development process.
According to intellectual property attorney Feinberg Day, vulnerability management system may require large amounts of continuous fine-tuning in order to detect real risks or flag a very high number of false positives. The answer to this problem is placing context around your risks, by most importantly, comparing it with whatever you have agreed constitutes normal as well as content type and user activity and behavior.
- Ignore the noise and focus on real risks
The software development environments of today invariably generate large volumes of data. That won’t be changing any time soon. A large corporation’s version management systems might very well be processing millions of transactions every day. The solution is again to have solid analysis and context. In order to achieve this, behavioral analytics is being adopted more and more, since it is able to narrow down thousands of different potential incidents then then identify those that most likely are the real risks.
When it comes to behavioral analytics, human behavior plays a significant role. ‘Wanderers’ might be developers who are checking large volume of code from a project that they don’t normally work on, and ‘horders’ may be downloading code that they don’t check back into its versioning repository. There could be reasons for those actions that are perfectly acceptable, but the organization will at least have a starting point for investigating them further.