To date, controlling 3D printers and the digital blueprints for 3D printing has not received much attention. Certainly this is an IP issue, but, perhaps more importantly, it is an IT issue. Whether digital blueprints are stored inside a company’s servers or in the cloud, IP protection may depend on IT protection. Companies need to start assessing the IT risks related to 3D printing and take steps to secure their machines and digital blueprints.
According to Pam Baker, author of Data Divination: Big Data Strategies, 3D printers are “poised to create havoc when it comes to protecting intellectual property, and the fallout will land squarely at the feet of IT professionals.”[1] Once a company loses control of a digital blueprint, it may be gone forever, along with its IP. Such losses may have devastating effects on the company. Although legal recourse may be the last line of defense against such losses, IT is the first.
Why IT Controls are Needed
The Gartner market research firm predicts that by “2018, 3D printing will result in the loss of at least $100 billion per year in intellectual property globally.”[2] These losses will have several causes, all of which have IT implications.
Desktop 3D printers provide an invaluable advantage for expediting product design and development. Designers can instantly iterate with the click of a button. Desktop 3D printers are multiplying like rabbits in many companies, but they are often purchased with discretionary budgets. A company’s management may have no idea how many 3D printers it owns, who is using them, what they are being used for, or how or where the digital blueprints are being stored.
On the production side, industrial 3D printers can print final parts from almost any design. Which designs are being printed, who is printing them, and where in the world this is happening may be a management mystery.
For both desktop and production machines, anyone can print almost anything, without management knowing about it. IT can and should play a role in identifying and controlling the company’s 3D printers.
IT’s role does not end with controlling machines. A company’s product and part designs are its crown jewels. Because more and more designs have moved from the analog to the digital world, they are becoming as easy to share as music downloaded from the Internet. Like digital music files, 3D printable digital blueprints may be shared illegally by company insiders or hacked by outsiders. IT departments will become increasingly responsible for assuring that digital blueprints are safe and secure from bad actors.
Not all 3D printing-related IP losses will be caused by bad guys. Companies will sometimes accidentally lose control of digital blueprints. Because far less labor is required to 3D print a part than to make it with traditional methods, 3D printing facilities are expected to become increasingly regional and distributed all over the world. However, regional and distributed manufacturing result in digital blueprints being more widely dispersed than in a traditional manufacturing environment.[3] Employees may also disperse digital blueprints by downloading them to potentially unsecure desktops, laptops, or mobile devices. Further, employees may share digital blueprints electronically with other employees, or with contractors or customers. Digital blueprints are also often loaded onto USB drives or memory cards for loading into 3D printers for printing. Such dispersion of a company’s crown jewels means greater risks of losing control of them. IT needs to know where the crown jewels are at all times, and to make sure they remain in the company’s control.
But unlike real jewels, a company’s digital blueprints cannot be protected by safely locking them away. They must be available for use by research, design, and production personnel. So controlling use is the key, whether the blueprints are stored on company servers or in the cloud.
A company’s digital blueprints will become more important, and more vulnerable, as the company shifts from inventorying parts to 3D printing them on demand or farming out the printing. As Pam Baker observed, “Shipping [digital blueprints] to 3D printers, or making the files downloadable from websites, is the logical progression in product distribution, as it negates the costs involved in warehousing stockpiles of products and shipping them to customers.”[4] One way to control such blueprints is to keep them internal to the company, which is partly the role of IT. But 3D printing may also lead companies to have parts printed by independent fabricators or to share digital blueprints with customers, to allow them to 3D print their own parts. Without proper IT controls, sharing with one fabricator or customer could unintentionally morph into sharing with the world, with disastrous consequences for the blueprint owner.
Assuming such sharing is done securely and the 3D printing is done according to company specs, the company may stand behind fabricator-printed or customer-printed parts. Mass customization is also a great strength of 3D printing. The company may also stand behind parts whose designs are customized by customers, as long as proper controls are in place. Some of those relate to manufacturing. Others relate to controlling data, which is an IT function.
It may also become more difficult to secure digital blueprints within the supply chain and companies who believe they will never give their suppliers or customers digital blueprints may be living in a fool’s paradise. For example, companies may prefer that their customers 3D print parts from official digital blueprints, rather than scanning parts and 3D printing their own parts from the scans. Economics may also force companies to disclose their digital blueprints to suppliers. As a Dassault Systems whitepaper observed, cost “has forced prime contractors to place more responsibility for designing and integrating major subsystems in the hands of Tier 1 and Tier 2 suppliers. That means these suppliers now have access to the prime contractors’ most valuable data, and that data must not be allowed to leak into competitors’ hands.”[5] However, the company’s supplier in one situation may be its competitor in another. And once the company’s digital blueprints are in suppliers’ hands, the company’s ability to control further distribution and disclosure may be limited. IT controls can mitigate some of the risk that such data dispersion may cause.
Controls
This article is intended to continue the conversation about the role and responsibility of IT professionals in protecting and controlling 3D printable IP. Thus, we only scratch the surface of defining the problem and suggesting solutions. But as Pam Baker observed, “Now’s the time for IT to start investigating ways to protect IP in 3D printing. Testing the code, securing the files and their transit over the corporate network, plus limiting or blocking file sharing and the end user’s 3D printer use of the file, will all be tantamount to protecting company profits.”[6]
To secure both desktop and production 3D printers and the data they convert into physical objects, companies need to adopt strict physical and digital controls. Such controls need to protect the crown jewels and detect risks. They must identify the data and control who has access to it and how it can be used and transmitted. They should monitor and log such uses and maintain an audit trail.
File integrity must also be controlled. Companies need to be able to know if their digital blueprints have been modified internally, or by fabricators or customers. They need to be able to determine which blueprint is the master, the original, or the genuine file. If the company stands behind customized parts 3D printed by fabricators or customers, the integrity of such parts will partly be the responsibility of the blueprint supplier’s IT solution.
The digital blueprint may be only part of the data that needs to be controlled. Data related to making designs watertight and error free, slicing the design, and the GCode that instructs the printer how to print may be part of the company’s secret sauce, and should all be controlled.
Any IT solution for 3D printers and data needs to protect company IP while providing research, design, and production personnel with frictionless access to 3D printers, digital blueprints, and related data. Although the system will be managed by IT, the machines and data will be used by research, design, and production personnel.
Conclusion
Companies need to protect their IP with a solid IT strategy for securing and controlling 3D printers, digital blueprints, and related data. Such a strategy should strike a balance between IT controls and making the machines and data available to the people who use them to design, develop, and manufacture products.
[1] Pam Baker; “3D Printers: IT’s Next Great Data Challenge;” Information Week; August 27, 2015; http://www.informationweek.com/big-data/3d-printers-its-next-great-data-challenge/a/d-id/1321934.
[2] “Gartner Reveals Top Predictions for IT Organizations and Users for 2014 and Beyond;” Gartner Newsroom; October 8, 2013; http://www.gartner.com/newsroom/id/2603215.
[3] Intellectual Property Rights in an Additive Manufacturing Environment; Grow Software Limited; September 15, 2015; http://www.ien.eu/article/intellectual-property-rights-in-an-additive-manufacturing-environment/.
[4] Pam Baker; “3D Printers: IT’s Next Great Data Challenge;” Information Week; August 27, 2015; http://www.informationweek.com/big-data/3d-printers-its-next-great-data-challenge/a/d-id/1321934.
[5] “Take Control: Intellectual Property White Paper;” Dassault Systems; 2012; http://www.3ds.com/industries/aerospace-defense/resource-center/white-papers/take-control-protect-your-intellectual-property/.
[6] Pam Baker; “3D Printers: IT’s Next Great Data Challenge;” Information Week; August 27, 2015; http://www.informationweek.com/big-data/3d-printers-its-next-great-data-challenge/a/d-id/1321934.
