Balancing IP Security and Open Innovation
With more exchanges going on than ever with partners outside your company, how do you keep your own intellectual property secure? Here are some tips.
By Michael Burkett and Ian Finley -- Supply Chain Management Review, 9/1/2007
Of all the information a company needs to secure, most argue that nothing is more important than intellectual property (IP). Companies that innovate effectively are more successful—just look at how Procter & Gamble and Apple credit innovation for their strong financial performance recently. But these companies don’t do it alone. Now, more than ever, companies are feeding their innovation engine through relationships with external partners.
Henry Chesbrough theorizes in his book Open Innovation that being open with IP will engender more innovation and help companies gain a competitive advantage. This openness necessitates a strong security policy to manage who has access to what information—whether that information is a legal contract or a computer-aided-design (CAD) file. But this strong policy must be balanced with sufficient openness to foster partner collaboration and not stifle the innovation process.
Security: Part of a Greater Whole
Security is a foundational component of what AMR Research calls an Active Knowledge Framework. This is a comprehensive knowledge management strategy with the following elements.
Knowledge Frameworks
Portal framework for personalized access to structured and unstructured information sources that allow users to author and share content and to collaborate.
Content and document management systems that ensure what goes into a knowledge base is retrievable and cost-effective to manage.
Search and retrieval to aggregate and extract information from disparate structured and unstructured sources.
Collaboration that is real-time and asynchronous—giving people direct access to each other’s knowledge to generate, exchange, and capture reusable content.
Knowledge Applications
E-learning and learning management systems educate people and certify their understanding of subjects, from company policies and procedures to regulatory processes.
Expert location and knowledge networks, in lieu of published content, simply identify who knows about a given topic. These have been used most effectively in R&D and services organizations.
Knowledge management and collaboration suites intended to serve many or all of the above functions, often invoking the services for collaborative project management.
Foundation Technologies
Business process management, which is capable of dealing with transactional, event-driven, and human-dependent processes.
Records management, to address evermore encompassing compliance requirements.
Security infrastructure, which support knowledge management for the wide range of knowledge to be accessed and shared across a variety of roles.
Eye on Partner Interaction
It is important to evaluate how your organization will interact with external partners when developing a security architecture or policy. Consider the following:
• Multilevel IP access—Inside the firewall, include access security based on roles, IP lifecycle, and IP rules. Outside the firewall, add a secure collaboration environment with access management ideally synchronized with native data behind the firewall.
• File lifecycle—Control the use of IP files once outside a protected environment. PTC recommends a skeleton approach to design that will support future componentized sharing of CAD models. Adobe, Microsoft, and others support enterprise digital rights management (EDRM) to set rules on how a file can be used once beyond a managed environment. Lighter-weight visual file formats, like UGS’s JT, also limit the knowledge embedded in a file.
• IP legal rights—Establish control over the use of licensed IP where contracts may dictate use by product or other criteria. Dassault Systemes’ ENOVIA MatrixOne application allows companies to set rules around IP libraries to allow access while ensuring legal reuse.
As the world becomes more flat, you’ll need to outsource some of your product development to partners, which will require a secure collaboration environment. One company that already has this system in place is Qualcomm, which uses Agile Software (recently acquired by Oracle) for global configuration management and IP protection for 5,800 participants working off a single global instance of product data records.
IP must be protected, yet open collaboration with partners is considered a best practice for innovation. Consider the following as you develop a strategy for protecting IP:
• Not all IP is protected the same—IP has different security needs, and sharing IP with partners to improve product design or come up with new ideas is a competitive advantage.
• IP is a source of revenue—Boeing and IBM have dedicated departments responsible for reselling IP.
• Centralize and secure IP libraries—Standardized management and legal reuse of IP provides valuable assets to drive your global product development process.
Growing Networks Make for Growing Problems
Access for partners can become tricky as an increasingly global economy requires companies to look to outsiders more and more. As the number of B2B collaboration touch points grows, controlling user access becomes exponentially more difficult. B2B exchanges, or electronic hubs that connect trading partners in a value chain, encountered these problems early on and have developed hub-and-spoke security systems to enable trustworthy inter-enterprise collaboration.
Single sign-on (SSO), used to ease the burden of multiple passwords, is a common goal of corporate IT organizations today. SSO lets companies consolidate users’ identity and access rights in a single system and provide the user with a single set of credentials for all the applications they need access to.
Covisint and Exostar, B2B exchanges for the automotive and aerospace industries, faced an exponentially larger problem than the typical corporate security team. They needed to provide identity and access management for the thousands of companies and millions of potential users in their industries. And they needed to do it without creating another list of passwords for users to remember.
To solve this problem, both exchanges use federated security standards and a hub-and-spoke topology, where administration and the ultimate enforcement of security are decentralized to member companies and communication of identity and access rights is handled by the central B2B exchange. Users have an SSO to a whole network of companies, and administrators maintain a user’s identity and permission in a single system. Today, Covisint and Exostar act as the clearing houses for hundreds of thousands of users at more than 45,000 companies.
Exostar faced a special challenge in meeting the requirements of the defense industry: how to ensure that sensitive data didn’t reach enemy hands. It used public key infrastructure (PKI) technology to meet that challenge. In addition to providing a way to encrypt and decrypt messages, PKI establishes the identities of users through “certificate chains” where a person’s identity must be verified by someone whose identity was verified by someone whose identity was verified by...someone everyone trusts. This is a capability defense contractors need in order to protect trade secrets and comply with International Traffic in Arms Regulations (ITAR).
As manufacturers pursue open innovation to develop products in collaboration with an extended value chain, IP security policy and technology must be part of the strategy. There are options to choose from—from using an internal enterprise application to employing a B2B exchange. Manufacturers must consider the right path to suit their business processes and align with the capacity of their information technology capabilities.
Featured Company
Most Recent Resources
- Trade Agreement Management: Survey Results & Best Practice Research
- Supply Chain Risks: Barriers to Manufacturing in Emerging and...
- Demand Planning Maturity Model: Strategies for Demand-Driven...
- Special Report: Tips to Rapidly Implement and Generate ROI From a WMS
- Supply Chain Education: Opportunities Online and in the Classroom
View All On-Demand Webcasts
