This paper provides an overview of the dual challenges involved in protecting intellectual property while distributing business information that will need to be readable/viewable at some point such that it can be acted upon by parties external to the organization. We describe the principles involved with developing such a system as a means to engender trust in such situations – as a deperimeterized supply chain likely acting through the Cloud – discuss the requirements for such a system, and demonstrate that such a system is feasible for written text by formulating the problem as one related to plagiarism detection. The core of the approach, developed previously, has been shown to be effective in finding similar content (precision: 0.88), and has some robustness to obfuscation, without needing to reveal the content being sought.
TopIntroduction
Document archives and systems of any organization, coherently managed or not, can contain a variety of high-value information relating to collaborating and competing businesses, business transactions, research and development plans, market analysis and strategy, and so on. Large organisations may have many such documents spread very widely across devices used by numerous siloed business units, with highly evolved but disparate systems, approaches, and practices. Careful curation across such a variety can be costly and difficult to implement, and enforced changes to practices which are geared towards making the business as productive as possible may be poorly received. Custodians may wish to impose constraints on the use of such systems for very sound business reasons, but where these actively impede everyday activities the organization will risk users exploring unconstrained workarounds, and so such impositions will encourage the emergence of new problems. Free-flowing communication, sometimes across geographical and legislative borders through a wide variety of mechanisms including email, also presents a risk to such businesses. Whilst free-flowing communication is essential when organizations are not self-sufficient – i.e. when they act in supply chains – communication, deliberate and accidental, can readily flow bi-directionally. Recipient recommendation, with a simple auto-completion mechanism when an email address begins to be typed, without checking on the suitability of the recommendation, is but one way in which accidents can happen (Carvalho and Cohen, 2007). Such accidents can also be quite difficult to recover from subsequently.
Of interest for this paper is that deperimeterization, the lack of a readily definable organizational boundary, is inherent in Supply Chains, in which companies must trust aspects of their work to others, and becomes amplified when Supply Chains act through the Cloud, and often through the most prevalent cloud service model of Software as a Service (SaaS) (Mell and Grance, 2011). This deperimeterization presents risks, and of key importance for us is the risk presented to high value Intellectual Property, by which we mean the expression of some novel aspect of a particular product. Costs of Intellectual Property risks have been reported, albeit with subsequent controversy regarding the difficulty in justifying such a figure, at £9.2bn annually for the UK with the notion that insider assistance is typical (OCSIA/Detica, 2011). A figure as high as $300bn annually has been mooted for the US with issues identified with protection when dealing with specific nations who “literally copy patents from any country and have them filed and granted”, but with similar difficulty in justifying any such value (The National Bureau of Asian Research, 2013).