You may have heard Google's Source Code IP was compromised late last year. It was a big deal and there were lots of speculation on the consequences. Their China offices were closed, complaints were lodged with the Chinese government, there was a lot of activity.
Now six months later, you must be wondering what is Google doing to stop IP theft?
Suprisingly the proposed solution is pretty simple, stop using the software that was compromised to access the IP. In this case, there are rumors of Google ditching Windows. The FT article reports that "Employees wanting to stay on Windows required clearance from “quite senior levels”, one employee said. “Getting a new Windows machine now requires CIO approval,”
The article also says "Windows is known for being more vulnerable to attacks by hackers and more susceptible to computer viruses than other operating systems. The greater number of attacks on Windows has much to do with its prevalence, which has made it a bigger target for attackers.
Google has their own operation system (Chrome) to use, not an option for majority of software developers Windows remains the most popular operating system in the world by a large margin, with various versions accounting for more than 80 per cent of installations, according to research firm Net Applications.
So how do you plan to protect your IP? Follow Google's lead?
Or do you need to protect IP in your current environment or can you afford to change platforms to keep your IP safe.
What if this next platform gets compromised? Do you keep moving? Can you afford to?
Chaperon customers will now have the option to secure their digital IP with Iron Mountain Digital, the world's leading provider of information management services for data protection and recovery, archiving, eDiscovery and intellectual property management.
Chaperon’s initial offering will allow:
Companies that are outsourcing/off-shoring their software development to archive their source code to Iron Mountain Archival Service Platform via Chaperon Secure™ Vaulted Repositories for enhanced business continuity/disaster recovery.
Small businesses to use the Iron Mountain Archival Service Platform to archive sensitive email attachments and files transmitted via Chaperon Secure™ Managed File Transfer/Attachment for better compliancy, auditability and regulatory documentation.
Given Iron Mountain’s focus on security, privacy, scale, access and cost-savings, their Archive Services Platform goes beyond standard cloud computing by delivering:
Risk reduction through secure backup and archiving, information protection, simplified legal discovery and increased compliance
Cost reduction through the elimination of capital investments for storage
Rapid access to information for legal discovery, regulatory compliance, audits, business continuity and disaster recovery
Exceptional search, recovery, destruction of data and file restoration capabilities
The Iron Mountain IP Archival Option is now available directly from Chaperon and through Chaperon’s approved delivery partners.
For additional details, visit: http://www.prweb.com/releases/Chaperon/IronMountain/prweb3997064.htm
Stories of targeted attacks on IP continue to bombard the news.
“A hack attack that targeted Google in December also hit 33 other companies, including financial institutions and defense contractors, and was aimed at stealing source code from the companies, say security researchers at iDefense.”
More at: http://www.wired.com/threatlevel/2010/01/google-hack-attack/
“The scope of this is much larger than anybody has every conveyed,” says Kevin Mandia, CEO and president of Virginia-based computer security and forensic firm Mandiant. “There [are] not 50 companies compromised. There are thousands of companies compromised. Actively, right now.”
More at: http://www.wired.com/threatlevel/2010/02/apt-hacks/#ixzz0fAJeb0HD
“If you’re a law firm and you’re doing business in places like China, it’s so probable you’re compromised and it’s very probable there’s not much you can do about it,” Mandia says.
More at: http://www.wired.com/threatlevel/2010/02/apt-hacks/#ixzz0fAK1RdRX
And this is nothing new….
More than one-third (34 percent) of U.S. companies in a recent survey* said they had investigated a violation of data protection regulations or privacy in the past year. More than one-third also said customer data was exposed or stolen, and 28 percent said they had been hit by exposure or theft of their intellectual property.
Are you concerned about your exposure? Let us help you start the journey to make sure that you don’t becomes tomorrow’s headlines.
To learn more about how Chaperon solutions can help protect you or your clients, check out our website or Contact us for a free consultation.
* Proofpoint's "Outbound Email and Data Loss Prevention in Today's Enterprise" survey. http://www.proofpoint.com/id/outbound/index.php
The U.K.'s Pensions Regulator, the body that supervises the country's pension industry, has implemented Chaperon Secure(tm) Attachment to protect data transfers that are often legally, financially or personally sensitive. See full story.
Contact us for a free trial or demo.
There has never been a clearer example of Corporate Darwinism than today’s economy. And there is no end in sight. The winners in this evolutionary process are not necessarily the strongest or the fastest, but rather those that can most effectively adapt to new circumstances.
To adapt, businesses need to quickly figure out how to outsource, off-shore, and virtualize the workforce to cut costs and find top expertise and talent within the global resource pool. These same businesses need to find new ways to work with each other and customers via distributed tools like software as a service (SaaS) and cloud computing.
This “survival of the fittest” atmosphere is posing serious threats to digital security. Company-sensitive information is exposed, leading to more copying, piracy, and theft. And the risk of losing vital software Intellectual Property (IP) has never been higher. The loss of these vital digital assets can mean the loss of a competitive advantage or even the loss of their business.
More than one-third (34 percent) of U.S. companies in a recent survey said they had suffered from the leakage of sensitive or embarrassing data in the past 12 months. Forty-three percent said they had investigated a suspected leak of sensitive data via email, and 34 percent had investigated a violation of data protection regulations or privacy in the past year. More than one-third said customer data was exposed or stolen, and 28 percent said they had been hit by exposure or theft of their intellectual property(1).
In July 2009, a Former Goldman Sachs computer programmer was arrested and charged with stealing codes related to a high-speed trading program that he helped develop. In March 2008, a former Motorola software engineer was stopped at O'Hare airport before boarding a one-way flight to Beijing with more than 30 compact data storage devices containing stolen files with $600 million worth of corporate secrets. Those thefts are reminders that almost every modern organization has some IP subject to attack and theft.
A 2009 Purdue University Krannert School of Management study concluded that, “Business failures, mass layoffs, decimated markets and a poor economic outlook will lead to a vastly increased number of financially desperate current employees and laid-off staff stealing valuable corporate information, both for financial gain and to improve their job opportunities.” In fact, forty-two percent of the study respondents said that laid-off employees are the biggest threat to their companies during this economic crisis.
Companies are clamoring for a solution that will allow them to adapt to this new economic landscape. Today, businesses are foregoing critical opportunities, incurring significant costs for proprietary solutions OR they are exposing their software IP and company-critical information. Businesses need a solution that helps protect their IP when developing software, during due diligence, in M&A cycles, during IP litigation, and within software escrow.
Chaperon’s patent-pending software security solutions provide protection for IP (source code) – no matter where it travels or who is working on it. Chaperon encapsulates and isolates IP at all times with an audit trail so it cannot be compromised:
Any time – While it is being worked on (e.g., coding, de-bugging, testing, compiling, inspecting & QA).
Anywhere – No matter where it goes (i.e., in-house, outsourced, near-shore, off-shore, in escrow or archived).
Stop staff/developers from leaving with critical IP.
Lower costs by giving them the ability to safely tap into global expertise via outsourcing, off-shoring and/or distributing the workforce.
Avoid costs by protecting against expensive IP theft lawsuits, damages, and security breaches.
Comply with governmental source code import/export regulations.
Protect investments and shareholder equity.
(1) Proofpoint: "Outbound Email and Data Loss Prevention in Today's Enterprise" survey. http://www.proofpoint.com/id/outbound/index.php
During the discovery process, defendants must satisfy the court-prescribed discovery requirements while protecting their valuable IP. Plaintiffs, on the other hand, need easy and reasonable access to that same information in order to prepare their case. To satisfy these requirements in Intellectual Property (IP) litigation cases, parties use an escrow process that has some inherent inconveniences.
Currently, an escrow agent acting as a neutral third party provides and manages a secure, locked-down, and controlled physical “clean room” that allows plaintiffs the opportunity to access and examine all pertinent IP. This is normally a secure room in the escrow agent’s office -- or a trusted partner’s office if the escrow agent does not have presence in the city where the discovery is taking place. In that case, the locked-down system containing the IP has to be physically shipped via traditional means. This means:
• The expert witnesses currently have no option to securely inspect the IP from the comfort of their home or office.
• The expert witnesses might have to travel and work during the “office hours” of the host agent, incurring charges for flights, accommodations, local transportation, and meals – not to mention the inconvenience to witnesses.
• There is a risk of losing or damaging the system with the IP being shipped to and from the inspecting location.
• Modifying or adding additional materials for discovery at a later date is costly.
• The IP residing in the physical system used by the inspector could be compromised.
• Inspectors are only allowed access to IP via limited toolsets like basic editors or PDF viewers.
New technology is NOW available from Chaperon LLC that offers a better way to handle IP Litigation escrow -- allowing multiple parties to inspect source code or other IP remotely and simultaneously from multiple geographic locations.
Here’s how it works: A “golden” or master copy of the IP is first placed in Chaperon Secure™ Active Escrow -- making it virtually impossible to copy or pirate. The IP owner is allowed to add and/or update the source code at any time. Chaperon Secure™ Inspecting Station can then be used by multiple parties to browse, view, and inspect the contents simultaneously anytime, anywhere – eliminating expensive network connections and the cost of travel. Source code is fully protected during transport and only authorized parties can inspect the code.
Chaperon technology:
• Allows the choice of in-office or remote secure inspection of the source code.
• Eliminates need for dedicated, expensive network connections.
• Protects the rights of both the IP owner and inspecting parties.
• Eliminates the risk of shipping IP on systems via couriers.
• Eliminates the risk of having the IP on physical systems used by the inspectors.
• Allows expert teams to interact and inspect source code without being able to copy or compromise it.
• Enables code inspectors to navigate and search the files of the escrowed code using powerful, yet easy to use Graphical User Interfaces provided by the Chaperon Secure IDE.
• Protects escrowed code from third-party interaction while being reviewed by code inspectors.
To learn more about how this breakthrough technology can help protect your clients, check out our website [http://www.chaperon-secure.net/] or contact us today [mailto:CSAE-sales@chaperon-secure.com] for a free consultation.
Your clients may be unaware that they are in the path of the perfect storm. Today’s massive economic crisis has collided with the allure of new software delivery models, putting many businesses at risk.
Delivery models like cloud computing and Software as a Service (SaaS) are here to stay. In fact, Gartner says the SaaS market is expected to more than double, with revenue reaching $14.8 billion in 2012. These models’ promises of lower cost ownership and quicker time to deployment are certainly attractive to any business.
But, add today’s economic climate to the mix and those promises are quickly broken. Rampant vendor consolidation, mergers, business insolvencies, contractual issues, and business disagreements can result in the loss of application functionality and access to all of your client’s proprietary data. As we all know, this can happen whether you’re working with start-ups or industry leaders.
That’s why Forrester analyst Liz Herbert advises companies to make sure their legal team is “involved in SaaS negotiations as SaaS contracts today are more like marriages than experimental flings.”
Software escrow can protect your clients from this storm – as long as the escrow technology takes the cloud computing/SaaS paradigm into account. According to a recent ThinkStrategies white paper, “This means employing escrow services that can not only store and secure valuable source code, but also continuously track changes, allow inspection of the real-time version of the source code and ultimately ensure that the source code can be built into an up-to-date, working version of the software.”
Chaperon Secure Active Escrow technology can help protect your clients from today’s cloud computing pitfalls. This patent-pending technology allows your client and its software provider to set up a secure, central repository for source code and mission-critical data that can be updated regularly and in real time. Version control features keep track of changes and give your client the ability to roll forward or backward to the version of their choice. Plus, detailed content and activity reports give all parties an accurate view of repository functions.
To learn more about how this technology can help protect your clients, check out our website or contact us today [CSAE@chaperon-secure.com] for a free consultation. We look forward to explaining how our technology can help your clients weather the perfect storm.