Blog

Thwarting Intellectual Property Theft in Life Sciences

Posted by: Do Lee March 31, 2016 Cybersecurity, Life Sciences

The Issue

It’s happening everywhere. All the time. You just don’t see it. A thief, stealing your corporate secrets and selling them for prestige and money. This thief, your top scientist, has become your worst enemy. What do you do? That’s the billion dollar question.

Stealing intellectual property is an inexpensive crime to commit; and while the planning around the theft may be meticulous, the actual crime can be committed in less than a minute. Over the next days, months, years, your company can lose millions of dollars.

This affects more than your bottom line; the prevalence of counterfeit drugs in the market is increasingly dangerous to consumers. The U.S. Food and Drug Administration estimates 15 percent of the pharmaceuticals that enter the United States each year are fakes, with that number having increased 90 percent since 2005 (Counterfeit Drugs: Real Money, Real Risk, Wellescent.com).

For many this hits too close to home. Companies like GlaxoSmithKline (GSK) and Eli Lilly (Lilly) know all too well the effects of having a spy in their ranks.

Just recently, a highly recognized chemist for GSK, Yu Xue, also known as Joyce, was federally indicted on charges alleging that Xue worked with another scientist to steal secrets from GSK and take them to China. Although she denies the charges of intellectual property theft, Xue allegedly owned part of the umbrella company she was using to shelter and sell the trade secrets.

This rings eerily similar to a story on Lilly that circulated a few years ago. In 2013, a grand jury indicted two high-level scientists at Lilly, charging them with stealing $55 million in trade secrets from the pharmaceutical giant and transferring them to Chinese based competitors.

The Solution

So, how do companies thwart intellectual property theft?
Identity and access management, in addition to digital rights management.

What is identity and access management (IAM)?
Gartner’s definition: IAM is the security discipline that enables the right individuals to access the right resources at the right times for the right reasons.

What is digital rights management (DRM)?
Gartner’s definition: DRM is the trusted exchange of digital information over the Internet whereby the user is granted only the privileges that the document sender allows.

But what does it all mean?
The first step is to concurrently utilize identity and access management tools, such as identity proofing services, credentialing, and multi-factor authentication to provide a centralized secure environment at which the right people can access information.  Going further, applying digital rights management will protect intellectual property by following the document wherever it may go. For example, if GSK had implemented digital rights management, then when Xue downloaded the document the rights protection would have transferred to any device to which it was moved, IF it was even allowed to be copied. At this point, if the environment was not synchronized to appropriate specifications applied to the document for opening, then the document would not be readable. For instance, if the document was not allowed to be copied from the original server, the document would not have been downloaded. If the document was allowed to be copied, but was only able to be opened if it was in the company’s secure virtual portal, the document would not have been readable outside of that environment.

What does this mean for you?
Be careful. Exostar offers both IAM and DRM to help customers avoid pitfalls of corporate espionage. However, the main thing is to be vigilant; you never know who is just biding time.