"How does it get created, where does it get created, what happens to it? You have to look at all the stages of data formation and use all the way through to disposal, access, storage and transmission," says Lynch. Your IP data map then becomes your footprint for applying controls. (And, obviously, the data map itself will be a very sensitive document requiring excellent protection.)
Electronic protection of IP is different from protecting many other types of information. Often referred to as the "corporate jewels," IP is so precious it needs to be protected at a data and document level, as opposed to just at the level of the system on which it resides. Unfortunately, more draconian protections make it difficult to share the data, which is the order of the day in today's collaborative environments. "Public key infrastructure and general encryption are not very usable in an enterprise," says Ryan Kalember, who became chief marketing officer of WatchDox last month. "Users will find their way around the controls."
On the other hand, when you have a small amount of ultra-secret, non-shared information to protect from prying eyes, the task is fairly straightforward: encryption or data masking, two- or three-factor authentication and embedded access controls you get from a tool like WatchDox or Tripwire. The latter tools represent the future of electronic IP protection, says Kalember. "The protections must be embedded in the IP in a frictionless way for the users. Otherwise, it's just the whack-a-mole routine we've been doing for years."
These decisions—what to count as IP and how and to what degree to protect it—should flow from your business objectives, according to Evan Falchuk, chief strategy officer for Best Doctors.
"The way you focus those efforts has to fit into your business. Our business is to make sure people get the right medical care. We have to have a brand that people know and recognize and trust. They need to feel completely secure when they share information with us. We ask, 'What does it take for our business to win?' Our strategies flow from that," says Falchuk.
So, as mentioned above, Best Doctors focuses on supporting its brand name with its IP protection, though it uses comprehensive IT security technologies and practices, including requiring all new employees to sign a nondisclosure agreement. And everyone has to leave behind a clean desk when they go home for the night, part of Best Doctors' attention to seemingly minor details.