As economies globalize and technology intensity increases, enterprise value shifts from physical assets to intangibles. The largest companies 100 years back were large conglomerates owning sizable factories and an army of workers and managers. In the new world, we see the rise of virtual companies and increasing power to brands, patents and customer ownership. In fact, intangible aspect of assets for corporates has increased from 20% to 80% over the last 30 years. Some of the intellectual property we consider here include patents and designs, trade secrets, marketing plans, customer and logistics etc.
Given the increased impact of intangibles relative to physical assets, any leakage of such information can impact organizations in a dramatic form - in terms of hit to reputation and competitive advantage, customer trust and regulatory burdens and so on. However, we hear multiple stories of data theft by disgruntled employees, like here and here. The gut reaction to this would be to increase the controls and approval layers to access information, but this will impact business efficiency. We believe the way to handle this is to allow for more open information access among teams (with some meaningful access controls), but have a strong vigilance layer that ensures that any improper action is identified quickly with rapid response to prevent a loss. Analytics and machine learning have a key role in this by correlating data feeds and looking for abnormal patterns that warrant intervention.
We recommend looking at access to intellectual property through multiple channels.
- Physical access: There is risk of data loss through loose sheets of paper or information that can be accessed only from restricted networks. It is critical to look at suspicious entry into secure areas and correlate physical access with other data feeds like employee profile & background, leave data, presence of other employees in the same area etc. It is important to look for time context - certain areas have increased sensitivity at specific periods - earnings, corporate deals, HR actions etc. The data captured can then be mapped backed to video analytics that could act as another source of corroboration
- Data loss via email: While most enterprises deploy data loss prevention (DLP) solutions, they tend to generate a high level of false alerts. As a result, the level of review on these alerts decline. It is vital to explore how pattern-based detection controls could be layered on top to ensure that sensitive information is not leaked out via email. In our experience, there is opportunity to reduce the false alert rate by over 90% and still retain control on data
- Enterprise knowledge repositories: Most organizations store critical IP on their intranets. This could include pricing details, customer artifacts, war-rooms for deals underway, strategy or architecture documents etc. While organizations track access details, the instruments used are blunt – such as looking for number of documents accessed within a period. This generates many false alerts, while missing actual cases of theft (identified through forensic investigations & whistleblower etc.). This can be better handled by profiling the documents accessed, to examine genuineness and timing. As an example, we have seen a simple control that correlates downloads by an individual on notice (or at-risk from a HR perspective), makes the results far more actionable
Doing the above calls for two broad capabilities - handling large data volumes at scale and then applying algorithms that can discern patterns to detect anomalies. That is the philosophy of the Apollo platform. For more details and case studies, refer to the impact made in one of our deployments.
Wipro has built the Apollo™ platform for Fraud Control using Big Data Analytics that has been deployed in various use cases in multiple industry domains. For details on the platform and underlying philosophy, please visit the Apollo™ webpage.