Opinion

Olympic Security, China and Intellectual Property

CSO's publisher says you should think twice about employees (or family or friends) headed to China for the Olympics, and what data they might be bearing

By Bob Bragdon, Publisher, CSO

July 16, 2008 — Occasionally it's tough to write a column—not for a lack of topics, but because the topics all seem so old: browser vulnerabilities, more government regulations, the latest and greatest breaches, the Celtics' victory over the Lakers (apologies to Lakers fans, but I'm from Boston), and so on.

Then last month I had dinner with a group of security and technology folks in San Francisco, and Jason Hoffman from Kaiser Permanente handed me a topic on a silver platter. Jason asked what businesses are doing if their employees are attending the Summer Olympics in Beijing. Are organizations securing the corporate secrets that may be on the laptops employees carry into China?

Over the years I have heard many stories from CSOs about their encounters with state-sponsored IP theft and industrial espionage. Those stories, while including many countries, have usually focused on two nations in particular: France and China. It just so happens this year that the Summer Olympics are being held in Beijing, a nation noted for its accelerating economy, utter lack of intellectual property protections and talented intelligence services. This is a risky mix to encounter when you are trying to protect corporate secrets.

Nations around the globe have long focused on stealing corporate IP in order to give their native businesses an advantage. The former Soviet Union was very good at this during the Cold War, and even friendly states have been caught on occasion targeting their allies.

I don't want it to seem that I am China-bashing here, because that is not my point. The point is: What steps are you taking to protect your employees and the intellectual property that they may be carrying with them when they travel abroad? Remember that the Chinese government filters Internet access, preventing those within the borders of China from getting to certain domains that may be deemed contrary to the benefit of the state (think back on the whole Google issue a few years ago). It's not too much of a leap from there to imagining someone snooping around on your computer when you are online in your hotel room or at an Internet cafe.

My advice to you is that you think about these issues, and not just in terms of China. Protecting mobile data is one of the toughest challenges facing CSOs today. I know that most of you are struggling with it. However, a stolen or lost laptop usually just ends up being fenced with little regard for what's stored on the computer. When other nations are involved, they understand that there is a different type of gold in that same laptop that can reap them millions of dollars in benefits.

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Data Center Directions Virtual Conference

Data Center VCAttend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.

» Learn more and register here

WHITE PAPER
Maximizing Site Visitor Trust Using Extended Validation SSL

VeriSignNow with Extended Validation (EV) SSL available from VeriSign, you can show your customers that they can trust your site. Learn about EV SSL benefits in the free VeriSign white paper.

» Read the Paper

Featured Sponsors
Sponsored Links

E-LOAN Maintains Reputation as a Privacy Leader with Symantec

Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands

Prudential Financial Protects its Brand with Symantec

Efficient - Flexible - Compliant

Envision Identity-Based Access Control for the Datacenter

Using Likewise to Comply with PCI Data Security Standard

When Customer Relationship is Everything, Businesses Bank on SSL Solutions

The Case for Business Software Assurance ~ Securing Your Applications

Maximizing Site Visitor Trust Using Extended Validation SSL

Solving Online Credit Fraud Using Device Reputation

Understanding Data Location is Imperative for Data Loss Prevention

Secure your virtual and physical environments with the same software

Manage your IT more effectively

IDC Defines an Identity and Access Management Submarket

IDC Defines an Identity and Access Management Submarket for Managing Privileged User Accounts and Meeting GRC Requirements

Everything Today's CISO Needs to Know About Using SSO to Succeed in the Web 2.0 Era

7 Requirements of Data Loss Prevention

Information Security: Data Drains and How to Prevent Loss

CA's IT Security centralizes your identity management to turn security into a proactive, business-building tool

How Are Open Source Development Communities Embracing Security Best Practices?

Digital Identity Protection and Data Security Get Personal

Simplify your data center with Juniper Networks. View the webcast

Managing SSL Security in Multi-Server Environments

The Latest Advancements in SSL Technology

How to Offer the Strongest SSL Encryption

Forrester Total Economic Impact (TEI) report: Save Millions in Fraud Losses.

Get in Compliance With Government Data Regulations

Taking the Botnet Threat Seriously

Any company can promise identity protection. Only Debix can prove it

Welcome to the age of Service-Oriented Security (SOS)

Enabling Compliance with Converged Mainframe Security and Storage

5 Steps to Secure Outsourced Application Development