How Can Better BOM Management Help Protect Your IP?
Intellectual property (IP) is the cornerstone of businesses of all types, and for manufacturers in particular, who depend on these unique packets of information as a competitive edge. IP can be defined as any type of information that can offer that competitive edge, such as new product introduction (NPI) plans, sales strategies, trade secrets, code, or even the bill of materials (BOM), as a whole or in parts. Unfortunately, according to a 2014 study from Kasper sky Lab, one in every five manufacturers have lost IP to security breaches within a year of the study.
23 percent of the companies cited malware as the most common cause of data loss incidents, followed by software vulnerabilities (8 percent), network intrusion (8 percent), information leaked on mobile devices (5 percent), and targeted attacks (3 percent). Given the enormous cost of designing and engineering the incredibly complex and sophisticated products that consumers—and regulatory bodies—demand, even a small IP loss can turn into a devastating setback. If a competitor can get innovative designs without having to put in the R&D work, they gain an immediate advantage.
Considering that, in this study, manufacturers ranked“internal operational information” and “intellectual property” as the two types of non-financial data they fear losing the most, it makes sense to look internally at what single document encompasses both those categories: the bill of materials.
There are three primary methods of managing the BOM: using homegrown systems (Excel included), installing traditional product lifecycle management (PLM) software on internal server infrastructure, and using a cloud-based PLM. In the first two cases, a company is using their own network in order to serve the BOM, and thus relies upon those internal security systems in order to protect IP. One might password-protect an Excel sheet, or rely on any security built into the traditional PLM, but the total infrastructure is most likely to be a weak point—not all businesses can afford to have high-level security experts on staff to write strong code and mitigate any security breaches. The technical overhead of maintaining that internal infrastructure is not only expensive, but full of potential security risks. Out-of-date software could open up vulnerabilities, or a firewall might be misconfigured.
Or, imagine this scenario: An engineer needs to catch up on some work over the weekend, so they copy a CAD file to a flash drive and bring it home, but their own computer is affected by malware, which hops onto the flash drive. On Monday morning, when copying their work back onto the network drive, they’ve opened up the whole infrastructure to that same malware.
That’s one of the reasons that more manufacturers are entrusting their IP to cloud-based, software-as-a-service (SaaS) PLM systems. Many fear sending the BOM to external servers, but the truth is that these companies are willing to spend the money on those security experts, and they often leverage the expertise of other cloud operators on top of their own particular service offering. Data centers are made to be incredibly resilient, with extensive video surveillance, mantraps that restrict access to a single person at a time, and electronic logging of all visits inside the data center. A piece
of malware on that same engineer’s computer might be able to capture small quantities of data via the web browser that they used to access the PLM, but it certainly wouldn’t have access to the entire BOM. Because your technical staff can spend more time ensuring the security of individual computers, it’s more likely they’ll catch that piece of malware before it does even minimal harm.
Most product development lifecycles involve a supply chain, contract manufacturers (CMs) or other third parties that need to have access to portions of the BOM. In an Excel-based BOM, every part and every assembly is given the same priority, and aren’t grouped together, meaning that a CM could have access to the entire BOM—a massive portion of a business’ IP. This might not be a risk that many companies are willing to take. Modern-day PLM systems also offer another form of IP protection,in the form of hierarchical BOMs,which allow stakeholders to group certain parts into a sub assembly, which can be shared individually with that same CM. This means each part of the supply chain has visibility into only the portion of the BOM that is relevant to their work, severely reducing the risk that they can extract meaningful information about your IP.
In an ideal world, companies wouldn’t have to worry about IP theft, but it seems as though the trend will only increase in severity and complexity in years to come. Manufacturers need to be proactive, in any way they can, to ensure their business isn’t one of the one-fifth that have to navigate around a significant IP loss. Protect the BOM, protect the business. It’s the logical place to stat—and maybe end—the journey toward IP security.