• Français
  • English

Article | The 10 best practices to protect your intellectual property

Revolutionizing the existing way of doing things is what most technology companies are after when they innovate. So why do we spend so little time and attention protecting these innovations when they are what generates growth and revenue?

While noticeable ransomware attacks make headlines because they threaten to release millions of users’ data, another attack threatens your business’s very future: code theft.

Unfortunately, legislation, as it stands today, may provide some compensation in the event of code theft, but it will not prevent the damage. So, save time and money in the long run, acknowledge that this threat is real and identify from whom and what you need to protect your intellectual property. Here’s how.

Is your intellectual property at risk, and how can you protect it?

You have launched a successful application that gives you an edge over your competitors but also generates envy. Many people around you, competitors, technology providers, and customers, would like to understand what you do and how you do it. Attackers can try to access your source code and decompile it to get free access, reverse engineer it, modify it for another use, bypass security countermeasures or license checks, etc.

There are times when your code is more at risk than others, so although you should always protect your IP, a few situations require extra precaution. That’s when you:

  • export your application,
  • provide your application to a third party,
  • make your app available on a public platform (AppStore, Google Play, and others),
  • have invested a lot of time and effort in R&D to develop your app (highly valuable IP).

There are several technical solutions to prevent code theft, but only some work in some situations. Therefore, you should only go slow when deciding which one to implement. Wrong protection can powerfully impact your app’s performance, and you would end up with a highly protected solution that no one can use. Balance your risks and opportunities before deciding.

A variety of technical solutions to protect your source code in different situations:

  • Code encryption: Protects your source code at rest but does not entirely prevent reverse engineering as only the application will be executed in plaintext.
  • Secure enclaves: Your code is only allowed to run inside a secure enclave, which requires a dedicated hardware/software element. It may be challenging to guarantee that the code will only run on this dedicated hardware and for some of your customers, having a secure enclave is not an option. Obfuscation: Makes the code difficult to understand and thus to reverse engineer
  • Runtime App Self Protection (RASP): Prevents your app from being used, modified or executed in a non-secure environment.

Checklist of the 10 best practices to protect your intellectual property

Cybersecurity is not a topic to be handled in a try and learn mode, because once the source code is stolen, it’s too late. Here are the 10 best practices to ensure your IP is well protected:

  1. Organize your code, so you know which parts need to be protected (sensitive code, high-value code) and which parts do not contain sensitive features (User Interface, standard libraries, etc.),
  2. Define the type of attackers against which you want to protect yourself,
  3. Choose the correct/suitable countermeasures to apply against the attackers,
  4. Find the right compromise between app performance, size, and security,
  5. Apply protections against static analysis,
  6. Apply protections against runtime analysis,
  7. Protect data and cryptographic keys as well,
  8. Perform penetration tests (simulated cyber-attack) to ensure that the app does not have any other vulnerabilities and that you are not installing an armored door while leaving windows open,
  9. Update your application and upgrade the installed security measures,
  10. Monitor that your app is being used in legitimate environments.

How does QShield support these cyber-security best practices?

  1. QShield allows you to obfuscate the most sensitive parts of your code without impacting the performance of the parts that do not need to be protected
  2. Our teams help you define your potential attackers during the training phase of the solution implementation
  3. The solution embeds more than 30 different obfuscation passes, allowing you to choose the best for your type of attacker and specific source code
  4. A graphical user interface helps you understand the impact of each obfuscation pass on the size and security of your app
  5. QShield features highly customizable +30 obfuscation passes against static analysis
  6. QShield’s RASP covers the security requirements defined by OWASP and allows to define the desired response in case of a security breach
  7. The solution also embeds Data Protection and Keys Protection libraries to protect data at rest and keys at rest and during execution. This is possible via whitebox cryptography which does not require dedicated hardware and so can easily be implemented at the application level
  8. Quarklab’s teams help you ensure the security perimeter you’re implementing is sustainable
  9. QShield makes it easy to change all your countermeasures by defining a Seed. This facilitates continuous protection of your applications without having to change the protection passes
  10. QShield provides information about the environment in which applications are running and alerts you if it detects anything unusual

 

Work with a certified partner who will support you at every step to maximize IP protection. QShield by Quarkslab provides a technological answer to applications’ intellectual property protection issues. It protects your code against reverse engineering and privacy breaches by embedding advanced layers of protection and obfuscation into the core of your code. As a result, your source code, cryptographic keys, and sensitive data are protected against static and dynamic attacks, and you can respond locally and remotely without investing in expensive programs and devices. Want to know more? Request a demo!

Watch our webinar

Webinar:

Why is it essential to protect the Intellectual Property of your newly developed software?

Follow us