It’s all in the information.
The first recorded patent was issued to Filippo Brunelleschi in Florence in 1421, covering his invention of a barge and crane used to transport marble. Shortly afterward in 1449, John of Utynam was issued a patent in the UK to protect his method of producing stained glass.
Since then, the world has accumulated roughly 16.5 million active patents, creating a thriving legal market focused on defending and disputing intellectual property rights. Globally, an estimated $1.8 billion is spent annually on patents—showcasing just how critical patent protection is for individuals and organizations looking to prevent their ideas from being exploited. Beyond those direct costs, the legal fees associated with enforcing patents add another significant layer.
Despite best efforts, individuals and companies have always attempted to reverse-engineer patented ideas or obtain information before it’s formally protected. This is where intellectual property risk grows. A patent can’t be filed until an idea is proven feasible, which means there’s often a substantial window between the spark of innovation and the moment it’s legally secured.
The missing piece: information security
This leads to a core issue in technology. Historically, organizations prioritized platform security—protecting systems from outages and malicious actors. Data security was often just an add-on to databases, and true information security received even less attention. Documents were frequently transmitted in plain text or open file formats, and even enterprise document management systems (EDMS) failed to keep information secure once files were downloaded.
Users could print, forward, or share documents freely. And organizations often wondered why competitors were beating them to patents—despite thinking they held an early lead.
The root cause was simple: technical security was prioritized, but information security was overlooked.
How MSPs can close the gaps
This is an opportunity for MSPs to deliver business-level solutions. Capturing user input from word processors, spreadsheets, and other tools into a secure EDMS is only the starting point. Encrypting information as it moves through workflow systems is increasingly essential. Defining who can access specific information—and what they’re allowed to do with it—must become basic hygiene.
This requires an integrated approach. Piecemeal solutions create cracks that malicious actors, especially those using advanced AI, will increasingly exploit.
Document classification should be automated wherever possible. Even simple categories—Public, Commercial in Confidence, Secret—can be effective when tied into identity-based access controls.
Decision-making doesn’t have to be complex: Is a user allowed to access this document? If so, can they read, copy, edit, print, or forward it? Location matters, too. Someone cleared to handle confidential documents in the office may not be permitted to do so from home, a hotel, or a public café.
Traditional tools such as data loss prevention (DLP) and digital rights management (DRM) were historically challenging and expensive to manage. But AI is changing that. Prompt-driven systems make it easier to create and enforce rules across an organization’s information assets. Blocking sensitive content from crossing boundaries, preventing unauthorized printing, or automatically redacting text are now achievable with far less friction.
Redaction can even be applied in real time for specific users or roles, preventing unauthorized copying—even via screenshots or phone cameras.
Modern DRM solutions are also far easier to administer. They allow secure document sharing, full auditing, and remote locking or deletion of files across devices.
When information walks out the door
Consider the Waymo v. Uber intellectual property case from 2016. A departing Waymo engineer took 14,000 documents containing critical intellectual property. He launched his own company, which Uber later acquired for $680 million. Waymo sued and won, resulting in Uber paying $245 million—and the engineer receiving an 18‑month prison sentence.
All of that could have been avoided if Waymo had the ability to simply and securely delete those documents from the engineer’s devices.
And although that case is well-known, it’s not the largest intellectual property breach. That distinction increasingly belongs to AI companies that scraped massive amounts of public and non-public data to train their models. This widespread scraping bypassed intellectual property and patent protections, leading to a growing wave of lawsuits. A copyright notice may not stop scraping, but it does provide grounds for legal action once the breach is discovered.
As an MSP, it’s important to remember that while technical security matters—and zero trust principles remain essential—your customers ultimately care about the business value of their information. Protecting that information is where your focus should be.
Photo: HAKINMHAN / Shutterstock
