OT: Design security

Lately I've been wondering about what companies might do for design 
security.  The question/concern has to do with team-based design work within 
the context of today's world where the Internet, wired and wireless 
networks, recordable DVD/CDR, portable hard-drives and even keychain memory 
sticks make it possible to move and/or have access to huge amounts of 
information with significant ease.

The issue doesn't even have to assume maliciousness.  A typical scenario 
might include an engineer wanting to bring work home to put in a few more 
hours into a difficult problem.  This is not malicious, but it does move 
company IP out of a "secure" environment.

Of course, if you assume ill intent, the scenarios abound.

In general, are there simple approaches that are effective in controlling 
the potential exodous/migration of valuable project sources and data?  This, 
of course, does not apply to FPGA's alone, but rather a wide range of 
documents and files in a development group's systems.  What do companies 
that outsource to far-and-away places do about this?

Thanks,

-Martin

My approach to this problem where I do carry my current projects around
on a usb flash memory stick is to encrypt all the files with pgp which
basically means that if I do loose the thing or have it stolen at
anytime no data falls into the wrong hands and I simply use my back-up
data and carry on from before.

I think Nick Weaver recently suggested the best method. Sue anyone who 
steals your stuff. It's illegal.
Cheers, Syms. 

In article <3668t9F4u7e1rU1@individual.net>,
Symon <symon_brewer@hotmail.com> wrote:
>I think Nick Weaver recently suggested the best method. Sue anyone who 
>steals your stuff. It's illegal.
>Cheers, Syms. 

The original poster asked a different question.  The question is
maintaining confidentiality/security of the design process, not of the
resulting (sold) product.  This is often very annoying and very
difficult.



-- 
Nicholas C. Weaver.  to reply email to "nweaver" at the domain
icsi.berkeley.edu

OK, two different questions, but what I meant was that both have the same
answer.
Cheers, Syms.
"Nicholas Weaver" <nweaver@soda.csua.berkeley.edu> wrote in message
news:ctlpas$2cqe$1@agate.berkeley.edu...
> In article <3668t9F4u7e1rU1@individual.net>,
> Symon <symon_brewer@hotmail.com> wrote:
> >I think Nick Weaver recently suggested the best method. Sue anyone who
> >steals your stuff. It's illegal.
> >Cheers, Syms.
>
> The original poster asked a different question.  The question is
> maintaining confidentiality/security of the design process, not of the
> resulting (sold) product.  This is often very annoying and very
> difficult.
>

In article <36783tF4tc4pbU1@individual.net>,
Symon <symon_brewer@hotmail.com> wrote:
>OK, two different questions, but what I meant was that both have the same
>answer.
>Cheers, Syms.

Actually, tehy often have VASTLY different answers.

Physical/corporate security is a PITA, depending on one's level of
paranoia.

for the properly paranoid, working at home is definatly NOT allowed.
-- 
Nicholas C. Weaver.  to reply email to "nweaver" at the domain
icsi.berkeley.edu

"Nicholas Weaver" wrote:

> Physical/corporate security is a PITA, depending on one's level of
> paranoia.
>
> for the properly paranoid, working at home is definatly NOT allowed.

I'm not sure that paranoia is involved here, but rather, reality.  Yes, 
paranoia might be an element, but not an overwhelming one, at least in my 
opinion.  The question I posed might be considered a mental excercise rather 
than a quest for a full solution.  I know that the real solution would be 
horribly complex and constraining from just about every angle.  We are 
talking government-grade security with threat of prison...and even that 
doesn't work 100% of the time.

An example of reality might be hiring an offshore team for some design work. 
How can you even approach securing that design?  I don't think that it is 
possible.

As a small company, I must admit, from time to time there exists a concern 
about having valuable design data that should be private become exposed to 
"the elements".  Not necessarily maliciously, but rather, accidentally.

Example: You travel to a conference for a few days and take your laptop 
along to continue working on the project.  You forget that you have some 
shares enabled.  Upon plugging into the hotel's network your files are 
exposed to other industry folk staying at the same hotel.

The ONLY experience we've had with "data migration" did not involve design 
files but rather a $10K CAD system software that was stolen (CD duplication) 
by an engineer on his way out.  For a small company this is quite painful. 
Taking someone to court over this is both expensive and futile.  What are 
you going to do, make the guy erase all of his copies?  Impossible.

Anyhow, it would be interesting to find a simple methodology to enhance 
design security rather than to lock down all avenues of escape.  One such 
idea is to use a encrypted file system.  www.ntfs.com has a bit of 
information on Windope's EFS.  It seems to me that this might (and a big 
"might") serve to prevent simple copies of files onto various media (or 
transmission --hotel scenario--) from being of any use.  Of course, we have 
to remember that we are dealing with engineers here...

-Martin

Dont fall into the trap of thinking that just because you are working
with engineers they will be able to circumvent any security
system,certainly there is no easy way of stopping data walking out of
an office.or being e-mailed out of an office ,so you have to minimise
the cost of the loss of that data or the cost of that data being known
to a competitor.You could not allow your engineers to go home or use
the phone or use the internat and your design would remain secure.

Perhaps that's why one of them ripped him off in the past... ;-)
"Jezwold" <edad3000@yahoo.co.uk> wrote in message
news:1107208098.133369.227150@z14g2000cwz.googlegroups.com...
> You could not allow your engineers to go home or use
> the phone or use the internat

>> You could not allow your engineers to go home or use
>> the phone or use the internat

"Symon" wrote:
> Perhaps that's why one of them ripped him off in the past... ;-)

The only shackles and chains I had around were already chaining me to my 
desk, so that couldn't be it!  :-)


I gather from the responses that design work security either isn't a 
significant issue (BTW, it has NOT been for me) or that no sensible approach 
exists.  By "sensible" I mean anything that does not adversely affect work 
and creativity.

-Martin