Community Research and Development Information Service - CORDIS

H2020

ASCEMA Report Summary

Project ID: 728499

Periodic Reporting for period 1 - ASCEMA (ASCEMA: Content Aware Technology for IP Protection in Supply Chains)

Reporting period: 2016-06-01 to 2016-11-30

Summary of the context and overall objectives of the project

Reducing negative economic impacts through loss of Intellectual Property (IP) is a global key challenge for economic growth through innovation. Businesses worldwide need to share valuable information and IP with collaboration partners and suppliers with confidence that their IP is protected and used in conformance with the contractual relationship they have in place. Tracking and controlling information in complex supply chains is a growing concern and finding a comprehensive and at the same time cost-efficient solution to protect shared data is vital for the Digital Single Market. This is also seen as a key enabler for advanced manufacturing industries including automotive and aerospace, as well as providing assurance in associated services, for example in Finance, PR and publishing.
IP theft only was cited as a £9.2bn problem for UK industry in the Detica & Office of Cyber Security and Information Assurance, 2011, The Cost of Cyber Crime. U.K. Cabinet Office , described as greatly assisted by an ‘insider’. In collaborations within supply chains, it is difficult to decide who is or is not considered an insider. Industry reports put the G20 figure for IP loss at in excess of $200bn per annum equating to $24 million lost every hour of every day , and this is at a similar level to the $300bn mooted by a study of the US conducted by the National Bureau of Asian Research. The new EU General Data Protection Regulation, coming into force in May 2018 exposes enterprises to hefty penalties, purported to be as much as 4% of annual global turnover, if personal data is lost both from within the enterprise and their supply chains.
In line with the progressively growing global need for IP protection, GeoLang Limited is developing the ASCEMA platform: a disruptive solution to track and protect high-value IP and sensitive data across supply chains. The SMEI Phase 1 project addressed the need and business opportunity to protect and manage controlled sharing of IP in complex supply chain situations by deploying content-aware techniques rather than, or in addition to, current Data Loss Protection (DLP) technology that is only partially effective, and is cumbersome and costly to use. As an innovative approach there was a need to assess optimum business models, the relationship with current and future regulation, and evolution of corporate approaches to information governance. The project looked at how this different approach may make it easier for SMEs to enter complex supply chains. Overall the objective was to provide the basis for scaling up ASCEMA to meet a global demand for improved protection of intellectual property and sensitive data in complex supply chains.

Work performed from the beginning of the project to the end of the period covered by the report and main results achieved so far

The ASCEMA Phase 1 work performed was in 4 consistent tasks within a 6-month period:
T1: Conduction of a market study incl. market size, volatility, trends and growth as the DLP market was used as a nearest competitor
T2: Stakeholder engagement at high level to provide better understanding of organisations' current approaches to protection of confidential data and IP
T3: Risk and technical feasibility study to determine specific size and type of services and resources to scale-up ASCEMA
T4: Detailed commercialization plan to reflect main technical and business challenges based on
- analysis of economic efficiency
- analysis of user needs and requirements
- market barriers and contingency plans

As a result of ASCEMA Phase 1, GeoLang Limited is equipped with a detailed business plan with defined target markets and business models. We obtained a positive result out of the feasibility assessment and a Phase 2 application was recommended.

Progress beyond the state of the art and expected potential impact (including the socio-economic impact and the wider societal implications of the project so far)

Potential impacts of projects results are seen in:
1. Economy: Reducing negative economic impacts through loss of IP is key.
Uptake and industrial development, with further related research, could longer term lead to: (i) new lines of business – initially for GeoLang with a direct follow-on through business partners' supply chains - and new business ventures in other countries whilst protecting corporate assets from accidental harm; (ii) opportunities from the above for exploitation of the product in new market sectors; (iii) reduction in downstream damage to corporate reputation and reduction in legal expenditure, allowing costs and goodwill to be put towards improving business productivity; (iv) reduction in likelihood of breach of confidence, retaining fair business competition; (v) improved corporate governance and awareness of protection schemes; (vi) improved quality of life for employees through creation of a trusting workplace. The market opportunity here is believed to be substantial. (Impact timeframe: 2-5 years following ASCEMA, and longer in retaining EU competitive advantage in foreign territories.)
2. People: A 2009 Proofpoint report claimed that 34% of US companies reported impacts from the exposure of sensitive or embarrassing information, and 33% of US companies employed specific staff just to monitor the content of outbound email. Price Waterhouse Cooper in their 2016 report now put the numbers at 90% of large enterprise and 74% of small enterprises suffering a data breach in the past 12 months. Helping to avoid the costs and other implications relating to such activities beyond the enterprise perimeter into the supply chain would also help to alleviate both financial and reputational implications (see: 1. Economy). Many such problems occur accidentally – this is suspected to be a reasonably sizable proportion – so in such instances the situation might be recoverable if discovered early through our approach.
3. Society: Systematic monitoring of document contents, albeit potentially controversial, may be helpful both to organizations and to employees in actively reinforcing provisions of information security/sharing policies, potentially avoiding the need for later interventions, disciplinary actions, or costly legal proceedings and potential costs through the welfare budget. Corrective actions would remove such costs from the parties involved. At minimum, ASCEMA will also contribute towards the debate on the potential benefits of appropriately formulated, automated, non-intrusive and preventive monitoring. (Impact timeframe: 3-5 years following ASCEMA)
4. Knowledge: Information growth continues to outpace our ability to deal with it. The existing research prototype can handle full-document matching, akin to plagiarism detection, at a speed suitable for large scale and real-time use – approaching the ‘speed of search’. ASCEMA will help us to understand whether there are specific boundaries to prevent scaling such an approach to the entire web, and will also improve our knowledge of techniques suitable at scale for addressing the problem of obfuscation when dealing with such matching. The industrial partners will provide both technical and business challenges to such a system and, with keen interest in a successful outcome, in shaping the opportunities for exploitation of such a system. Lessons learnt through ASCEMA will also help in formulating new research questions, expanding the extent of knowledge about the existing research and, potentially contributing resources to future activities outside ASCEMA. (Impact time-frame: During and immediately following ASCEMA)

Related information

Record Number: 195064 / Last updated on: 2017-02-20