The government ruling that “code theft” does not constitute as actual criminal theft might not seem at first to be a huge deal. But in reality – at least to software companies that produce their own intellectual property – it does pose a significant challenge. How do you safeguard your IP in a meaningful way so as to allow developers to do their job, while at the same time protect your systems from a (potential) malicious insider? I mean, it’s no secret that engineers often change jobs. So how do you protect yourself if these folks take your IP home with them while the government won’t protect your rights to it.
As both an engineer and a people manager, this presents a duality. I love open-source software… I work with it every day. I love the ideals it represents and the freedom it offers. However, not all companies or individuals follow that mission, and I respect that. These folks work hard and are usually paid to do so.
But just walking out the door with intellectual property that the person has no right to possess (only the company does) and only be held civilly libel? That’s a slippery slope.
This issue cements the needs for organizations to put strong policies and systems in place to track where their IP is heading and protect who exactly has access to what. While it doesn’t mean that everyone should lock down and head for the hills, it highlights the need for a strong security policy – one that tells us exactly who is accessing what, and where, and for what reason. While we’re at it, we should make sure that our DLP and IAM systems are doing what they’re supposed to do.
- Ken Pickering, Development Manager, Security Intelligence