Using Information Security to Protect Intellectual Property

min read

Joanna Grama is director of Data, Research, and Analytics Operations and the IT Governance, Risk, and Compliance Program and Cybersecurity Programs at EDUCAUSE.

When the topic of information security comes up, we often think first how it can protect an institution's operational data and information technology services. However, it also has an important role in protecting an institution's intellectual property — a person or organization's creative ideas, innovations, and inventions.

Intellectual property rights encourage innovation and discovery. The purpose of such rights is to give the legal owner of an invention or creative idea the exclusive opportunity to profit from it for a specified length of time. This means that the legal owner has the right to use the invention for personal profit and control how (or if) others can use it.

Intellectual property rights arise from four basic sources. Each type has different requirements for acquiring the right in the first place, for protecting it over time, and for keeping others from infringing on it. The four basic sources of these rights are:

  • Patents: Used to protect inventions such as machines, processes, and designs for a stated length of time. A patent is an intellectual property right granted by U.S. federal law.
  • Copyrights: Used to protect art, music, videos, computer programs, books, and similar creative works for a stated length of time. A copyright is protected by U.S. federal law.
  • Trademarks: Used to protect words, symbols, and logos used to depict or identify a product or service, and protects them for as long as the mark is in use. Trademarks can be protected under both U.S. federal law and some state laws.
  • Trade secrets: Used to protect processes, methods, and formulas that must be kept secret to give an organization a competitive edge (think of the "Coca Cola secret formula"). Trade secrets can be protected under federal and state law. The most important concept for this type of intellectual property is that it remains secret.

Higher education institutions, in particular, have a lot of intellectual property to safeguard. Faculty members have research programs that yield inventions and scholarly works with the potential to benefit the public. Student entrepreneurs may pursue creative discoveries as part of their coursework. Staff researchers may work in institutional programs devoted to scientific discovery and economic development. All of these activities have the potential to produce intellectual property that could be a valuable commodity to both the individual innovator and the institution. To protect the underlying creative endeavor, the owner can use information security safeguards during all steps in the innovative process: discovery, evaluation, and execution.1

  • Discovery: During the discovery phase, common information security concepts such as access control, asset management, cryptography, and physical security are essential to ensure that only people with the requisite need to know have access to design and feasibility information — the information security concept of confidentiality.
  • Evaluation: Use of operational security controls can ensure the reliability of design methodologies and test results — the information security concept of integrity.
  • Execution: When an invention is ready for launch and commercialization, use of information security controls can ensure that any IT resources or data needed by the invention can be accessed in a reliable and predictable manner — the information security concept of availability.

Protecting an institution's intellectual property information is just as important as protecting institutional business and academic data. The consequences for not protecting intellectual property can include damage to institutional reputations and opportunities for non-tuition revenue.

EDUCAUSE has a number of resources that colleges and universities can consult for their information security activities, including protecting intellectual property and institutional data. The Higher Education Information Security Counsel Information Security Guide is the only resource developed by higher education information security practitioners for higher education information security practitioners. The guide features toolkits, case studies, best practices, and recommendations to help jumpstart campus information security initiatives.


  1. Holly Green, "Phases of Innovation," Forbes Magazine, December 14, 2011.


© 2014 Joanna Grama. The text of this EDUCAUSE Review online article is licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 license.