Sunday, October 2, 2011
iPhone 5 type Product Launches and Six Other Secrets Companies Need to Keep
Apple is set to launch iPhone 5 shortly. The event is shrouded in absolutely secrecy keeping the customers guessing as to the products new look and features. Customers love a mystery, and the deliberate suspense augurs well for the brand and long lines at product stores. Apple ironclad security around Apple prototypes involves the use of private jets, windowless rooms, storage cases padlocked to tables whose wood grain signatures are photographed and much more. But, the launch of a new consumer product is just one of the seven reasons companies need to maintain secrets.
Safeguard New Product Development
One of the most common problems companies face is of copy cat products launched before their new product hits the market. This usually happens when competitors get a wind of the new product through suppliers, employees who crossed over or loose talk by employees. Some companies deliberately employ spies and agencies to continuously monitor the actions of competitors. The problem gets more acute in highly competitive industries like telecommunications where new product plans are frequently launched to churn customers or in the investment intensive pharmaceutical business.
Safeguarding new product development from concept to market requires the adoption of an information security process that analyses threats to information leakage at each step of the product lifecycle and enforces methods to obfuscate and restrict access to product data as well as ensures traceability to source.
Customer Data Privacy
Keeping customer data confidential is a compliance requirement mandated by law and industry regulation. Companies have to ensure customer personal data such as medical history, banking transaction, credit card information, mobile call details and information such as address, telephone numbers and social security numbers are kept confidential. Most of the recent breaches have targeted credit card and email details as hackers earn revenue through email scams and credit card misuse.
Companies need to invest in systems and processes to ensure data privacy by implementing security management systems such as ISO27001 as well as compliance to specific control frameworks such as PCI.
Keep Design Secrets under Wraps
Companies invest a lot of money in product and component designs and proof of concepts for future products and technologies which have long-term strategic interest. Access to such designs by competitors may help then shorted design cycles or patent ideas first. Some designs are protected through patents, but vast majority need to be kept confidential as they may not be cost effective to patent or be patentable.
Safeguarding these designs require investment in a secure product vault where access and modification to digitally stored designs are carefully controlled and monitored. Companies need to restrict the movement of data and images out of product development centers by preventing access to email, banning use of mobile phones and camera’s, removable data media and so forth. In addition care has to be taken to protect these secrets when shared with suppliers, using contractual clauses and mandates to ensure suppliers adherence to security best practices.
It is not uncommon for senior executives to paint the corporate business picture in a manner that obfuscates reality from stakeholders. Most balance sheets provided a glossed up view of a company’s performance and requires investors to read between the lines. Business information is similarly internally projected in reviews to the board.
The board plays a major role in deciphering the picture present and their deep involvement can temper the effects of misreporting. The extent of misreporting is proportional to the quality of corporate governance and ethics.
Defraud the Company
Deliberate manipulation of key data to defraud or to paint an unrealistic image of a company’s performance is one of the reasons that Sarbanes Oxley Act was brought in. Quarter on Quarter growth and incentives tied to an executive’s performance forced manipulation of key statistics misleading investors and financial institutions. Major and minor frauds where executives profiteer through decisions that favor them are not uncommon.
Audit firms bear the brunt of the responsibility to ensure that financial statements prepared are accurate and the firms has policies to minimize internal corruption.
Protect Business Interests
Many time business decisions are taken which though proper may have an impact on suppliers, customers or employees if widely known. Layoffs and product end of life decisions are some examples. Securing key business data relating to strategy, new products, bids, and costs is of prime importance to ensure that competitors do not gain an upper hand. Data which may affect share prices is legally mandated to be kept confidential under disclosure policies.
Safeguarding such information primarily rests on how executives in the know keep it confidential. Their actions and attitude determines the level secrecy. Commonsense in enforcing a need to know policy is all that is needed, it does not have to be taught and cannot be prescribed by security policy. Simple actions such a emailing on a need to know basis, conversing in closed rooms, not leaving documents unattended on desks are simple precautions. I am normally surprised at the information one picks up while waiting to board a flight, shared by individuals openly discussing confidential subjects on mobile phones or working on confidential business presentations.