Of all the information a company needs to secure, none is more important than the intellectual property (IP)—the written knowledge, information, and know-how a company possesses—used to drive the product innovation engine. The fact is companies that innovate effectively are more successful.
Jim Murphy believes that you have to collaborate more effectively to foster innovation for your business. You’ve got to create an environment that makes it easy for you and your partners to freely share ideas. At the same time, you have to protect your IP, and the pressure is higher with easier access to information for competitors and recent events that indicate you have little recourse once it’s exposed. This is where you can implement enterprise Digital Rights Management (EDRM) into your security and content management strategies.
According to Jeff Hojlo and Michael Burkett, the risk with these external sources is that they could take shared ideas and become the competition. 'So of course you need to protect your IP, right?' questions Jeff. According to him, it is not necessary in the case of outsourcing; you need to be open with your product ideas—to an extent—so that suppliers can help provide you the intellectual and technological capital you need to build your products.
Henry Chesbrough theorises in his book Open Innovation that being open with IP to engender more innovation can be a competitive advantage. However, you still need a strong security policy in place to manage that has access to what information, whether it is a contract or a CAD file. For example, just as you wouldn’t want employees accessing your HR files, you may want to limit a Chinese supplier’s access to certain product CAD files.
Policy and Technology Considerations
What are some best practices to secure supplier management? Consider SafeView, a manufacturer of holographic personnel scanning equipment (for airport screening, for example), which bases its IP management on the following tenets:
- Choose partners that complement the business strategy
- Foster partner collaboration by letting them build their own IP
- Provide information that is necessary to partners, but no more
- Define the keystone and guard it within company walls
- Limit the people that have access to the full information
To consistently achieve these points, it’s necessary to have a rigorous authorisation policy in place supported by technology. This may be a password protected, single-sign-on architecture, an Lightweight Directory Access Protocol (LDAP) integrated with your Product Lifecycle Management (PLM) system, or a more sophisticated authorisation system, like CA’s Netegrity or products from RSA Security. You should decide what information is most important. You don’t have to secure everything—not all information is top secret.
PLM application providers are well suited for managing and protecting IP. All have at least basic authorisation and authentication, and can integrate with other repositories like LDAP and security systems. There are specialty vendors that can help, as well, including MindMatters for managing the legal and business end of IP capture, documentation, and collaboration.
Partner Interaction Leads IP Security Considerations
It is important to evaluate how your organisation will interact with external partners when developing a security architecture or policy. Consider the following:
- Multilevel IP access: inside the firewall, include access security based on roles, IP lifecycle, and IP rules. Outside the firewall, add a secure collaboration environment with access management ideally synchronised with native data behind the firewall.
- File lifecycle: control the use of IP files once outside a protected environment. PTC recommends a skeleton approach to design to support future componentised sharing of CAD models. Adobe, Microsoft, and others support Enterprise Digital Rights Management (EDRM) to set rules on how a file can be used once beyond a managed environment. Lighter weight visual file formats, like UGS’s JT, also limit the knowledge embedded in a file.
- IP legal rights: establish control over the use of licensed IP where contracts may dictate use by product or other criteria. Dassault Systemes’ ENOVIA MatrixOne application allows setting rules around IP libraries to allow access, but ensures legal reuse.
Most manufacturers have some basic level of security (like passwords and a stated policy) in place to manage IP crown jewels internally. But as the world becomes more flat, you’ll need to outsource some of your product development and partner with other companies to expand product abilities or international presence. You’ll also need a stronger form of security management in place. In fact, the growth of your company depends on it.
An example is manufacturer Qualcomm, which uses Agile’s product collaboration module for global configuration management and IP protection internally and externally. Its old system allowed anyone to see any document, but the new system lets the different product development constituents (5,800 working off a single global instance of product data records), internally and externally, to collaborate more efficiently on product ideas and development.
IP must be protected, yet open collaboration with partners is considered a best practice for innovation. Consider the following as you develop a strategy for protecting IP:
- Not all IP is protected the same: IP has different security needs, and sharing IP with partners to improve product design or come up with new ideas is a competitive advantage
- IP is a source of revenue: Boeing and IBM have dedicated departments responsible for reselling IP
- Centralised and secure IP libraries: standardised management and legal reuse of IP provides valuable assets to drive your global product development process
Source |
