×
INTELLIGENT WORK FORUMS
FOR ENGINEERING PROFESSIONALS

Log In

Come Join Us!

Are you an
Engineering professional?
Join Eng-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Eng-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Jobs

keeping Spreadsheets within the office
5

keeping Spreadsheets within the office

keeping Spreadsheets within the office

(OP)
All -

It's apparent that we all use spreadsheets in our everyday work.  Some of us work in very competitive markets so let me ask how others keep spreadsheets within the workplace?

Do you have a method?
No method, just trust?
Leave it to the overall general policy about intellectual theft?
Passwords?  Are they enough?

thanks in advance for your thoughts.

Regards,
Qshake

Eng-Tips Forums:Real Solutions for Real Problems Really Quick.

RE: keeping Spreadsheets within the office

I do all my programming at home, including spreadsheets and don't use any of the firm's resources for them... so there's little question about ownership.  I use them at the office and let others use them for whatever and when I leave, I leave the programs... but still am the owner of them.

Dik

RE: keeping Spreadsheets within the office

Dik, if you do the programming on company time, they have a stake in the programs. If you decided to copyright and sell, you'd have to list them as at least part-owner of the copyright.

     "...students of traffic are beginning to realize the false economy of mechanically controlled traffic, and hand work by trained officers will again prevail." - Wm. Phelps Eno, ca. 1928

"I'm searching for the questions, so my answers will make sense." - Stephen Brust

RE: keeping Spreadsheets within the office

Excel passwords can be hacked.  Just do a search for "office password recovery".  If I recall correctly there are lots of programs available for $20-$50 to retrieve passwords out of Office documents.

RE: keeping Spreadsheets within the office

That's why I do the spreadsheets at home and only use them for design at the office.  No programming at the office.

Dik

RE: keeping Spreadsheets within the office

(OP)
Posters - Lets not steer to far from the OP please.

Thanks,

Regards,
Qshake

Eng-Tips Forums:Real Solutions for Real Problems Really Quick.

RE: keeping Spreadsheets within the office

As noted above there are no really good ways to protect worksheets.  My workplace uses policy + trust.  

IMO the right strategy to use depends on how much is invested in a particular worksheet tool.  It is also like home security, if someone really wants in they can find a way but you want to make it so difficult that they will likely find an easier target.

That said, I've used passwords anytime it makes sense.  I realize that someone can crack or workaround, but it eliminates blatant reuse or unauthorized access by anyone less than a programmer type who is willing to research/work-around the password.

Another strategy is to structure worksheets so that critical information to use them is needed from office staff/documents.  For example, spreadsheet inputs labeled generically as "dimension 1" or "cost category A" require additional definitions to effectively use the spreadsheet.  Less user friendly = less attractive to steal

I've always thought a Mission Impossible expiration function - "this file will self destruct after x days" - would be nice to have for sensitive documents.... who cares about a password if the file is wiped

RE: keeping Spreadsheets within the office

Ah Qshake, you had me going for a moment there and I was about to blast our hosts for losing my last posts (or worse, they'd been red flagged for some reason) and then I discovered I had wandered into the Engineering Ethics forum.... 5-6 years a member and you double posted!

JMW
www.ViscoAnalyser.com

RE: keeping Spreadsheets within the office

Sorry QShake... I'll try not to do this again...

I often protect the sheet without using a password and freeing up the cells to be edited.  Less likely that someone will accidentally mess with the sheet.

I don't mind if anyone uses the sheet...

Dik

RE: keeping Spreadsheets within the office

(OP)
JMW -

I was on the fence as to putting this into the ethics but the spreadsheet was a no brainer as they say.

I apologize for the inconvenience but am definitely grateful for the increase in opinions.

Thanks,

Regards,
Qshake

Eng-Tips Forums:Real Solutions for Real Problems Really Quick.

RE: keeping Spreadsheets within the office

I don't really understand what you mean by "keep."  What exactly are you trying to protect?

If I want to present results, then I simply PDF the spreadsheet.

If I want to pass a spreadsheet on to someone else, then it depends on the relationship.  Coworkers get the spreadsheet as is.  Customers may get the spreadsheet wrapped with a VBA UI that hides the spreadsheet.

TTFN



RE: keeping Spreadsheets within the office

(OP)
IRstuff -

I work for one of many consulting engineering firms and have over the years developed spreadsheets to do just about everything so as to be more efficient.  So have my colleagues.  Many years ago, spreadsheets were evaluated for single applications and all structurals in the company used them.  Every now and then we see the same spreadsheets being used by our competitors.

What I would like to know is the best way to keep those spreadsheets in house and not with our competitors.

I am only interested in replies that are specific to the software or passwords or IT policies.  In other words I don't wish to hear the trivial solutions; that the best way to keep software from walking out the door is to keep the developer from walking out the door.

TIA

Regards,
Qshake

Eng-Tips Forums:Real Solutions for Real Problems Really Quick.

RE: keeping Spreadsheets within the office

Use all server side applications and workstations without floppy or CDRW.  Disallow XLS attachments to email and I think you almost have it.

RE: keeping Spreadsheets within the office

You could then glue everyone's USB ports, rendering them inoperable.  2thumbsup

Robert

RE: keeping Spreadsheets within the office

IFRS in which case the badman would zip the file, with a password, rename it as a .txt and then zip it again.  Then email it.



Cheers

Greg Locock

Please see FAQ731-376 for tips on how to make the best use of Eng-Tips.

RE: keeping Spreadsheets within the office

It would seem impossible to stop the most determined thieves.

In the case in which a significant percentage of a spreadsheet's programming has been constructed offline, not charged to any contract in a person's free time, who owns it?

RE: keeping Spreadsheets within the office

If, on my own time I use software I own to write an application (whether screensaver or tool to make my job easier) I would certainly argue that I own it. Of course I would have to double check all the paperwork I signed with my employer as there may be some fine print that says otherwise.

Now back to the original question: if the spreadsheet is business critical I would password protect it even if it is deemed inconvenient and easily hacked. Reason being if it ever went to court you could argue that the offender had to deliberately get around the protection to use the software. It would obviously not be something that they just wandered upon and thought was public domain. Whether such an argument would stand up in court I don't know (I'm not a lawyer) but looking at the example of CSS encryption on DVD's, I'd say it stands a chance.

RE: keeping Spreadsheets within the office

Qshake,
As it was said, the passwords are worthless if somebody really wants your spreadsheet. From time to time I get email solicitations to purchase for $30 the most expensive structural software around... Anyways, a few suggestions:
1. Place an "FBI warning" about unauthorized use of teh spreadsheet in the front page. It will make official business to think twice before including it into design.
2. Place a special file in the network that spreadsheet will read and verify at the startup. If file is not found or not the right one the VBA code will close the file. Offcourse, it's not a bulletproof solution since person with sufficient VBA knowledge will be able to disable this method.

Just some ideas...

RE: keeping Spreadsheets within the office

2
I have been told, but have not been able to confirm, that passwords protecting VBA code are harder to crack than passwords protecting worksheets.  If this is actually true, it suggests that putting some of your key algorithms in VBA rather than in standard cell formulae might make it your intellectual property a bit harder for a thief to extract.

However even if that is correct it does not prevent your thief from USING the stolen spreadsheet even if (s)he cannot see how it works.

For this second problem, I have used approaches along the following lines.

(1)  Get some core part of your spreadsheet to execute in VBA rather than in spreadsheet formulae, as recommended above.  Call this the core VBA.
(2)  Make the execution of this core VBA conditional upon some other VBA-based operation, in such a way that the default condition is for the core VBA to not run.  Call this the qualifying VBA.
(3)  Set things up so that the qualifying VBA is automatically run when the spreadsheet is first opened.
(4)  Embellish the core VBA so that it will print out an appropriate message if it is run without the qualifying VBA having been satisfactorily run, and will then set some key answers to #NA() or something similar.  Resist the temptation to have it give wrong-but-feasible answers, as this might land you at the wrong end of the legal system.
(5)  Password-protect both the VBA and the spreadsheet.

The simplest form for getting a pass/fail message from the qualifying VBA to the core VBA is to use a global public integer variable.  The qualifying VBA sets this variable to a positive value if the test(s) are passed, or to zero if the test(s) are failed.  Since variables are implicitly initialised to zero in VBA, the default condition is "fail" as required.  The core VBA then merely has to examine this variable to decide whether to run correctly.

What sort of qualifying tests can the qualifying VBA perform?  If you want to impose expiry dates on the spreadsheet, it can examine the system date.  If you want to restrict execution to certain computers, it can examine the computer's MAC address.  If you want to restrict execution to computers attached to the company's network, it can look for a file on some particular network server.  If you want to restrict to certain network users, there are probably appropriate environment variables set by your network login processes, or you can have Registry entries set.  And so on.

Any method that restricts execution to nominated MAC addresses or nominated users requires that a list be maintained somewhere.  For small, relatively static, lists, this can be in the VBA code itself.  For longer or more dynamic lists, it would need to be in some network file.

A couple of other comments.  Whatever you implement you should ensure that you do not tell people what you have done:  the method relies in part on your thief not knowing what needs to be cracked.  Also, it is not a bad idea to put some sort of expiry date on software even if you are using MAC addresses as your principal test:  firstly a thief who half-cracks your system will hit a later disappointment;  secondly your valid users will eventually be forced to ask for refreshed versions, thereby enabling you to ensure they all upgrade to your new improved version.

None of this is perfect.  But you can use it to give your thief a run for his/her money.

Did it work in my case?  I'll never know.

RE: keeping Spreadsheets within the office

My agreements with my previous employers all included joint ownership of all intellectual property developed while in their employ on their time in their office on their hardware with their software.  Anything I did at home was either mine unless I chose to share it in which case specific agreements were drafted.

RE: keeping Spreadsheets within the office

2
I agree with making the spreadsheet user unfriendly. My methods are thus:

1. The main spreadsheet is used as a template which derives information from three other spreadsheets. This means that if all 4 spreadsheets are not used together the user will lose all or partial functionality.

2. The main spreadsheet uses 2 functions which reside on a custom add-in so if the add-in is not copied and installed the user has no functionality.

3. Due to poor programming practices and a 3 year evolution the code will crash if the folder/file structure is changed. I have little or no error handling depending on the specific function and redundant coding so if a bad line is remodelled there is probably a dupicate lurking around somewhere to trip them up later.

4. The main sheet has about 40 dynamic named ranges. If a user cracks the password and then deletes what appears to be unimportant text then the named ranges will point to a different cell because the text was acting as a place holder.

5. The main spreadsheet is designed to remove a specific set of formulae upon completion of calculations, if the spreadsheet is not installed as a template then functionality is lost after 1 use. There is no "Undo" after running VBA and most people won't realise what has happened until after they have saved the changes.

Most of these methods I have stumbled upon and I am now actively trying to eliminate. Some can be purposely put in place. I favor the dynamic named range, the place holder can be text noting ownership or an empty cell which must have somthing typed in.


RE: keeping Spreadsheets within the office

(bpeirson, I especially like your #3 tactic)

Since my earlier post I've found that Excel 2003 and later offers what MS calls Information Rights Management that on the surface appears it could address this issue through use of permissions.

Here is the MS info about this approach:
http://office.microsoft.com/en-us/workessentials/HP062208591033.aspx
http://office.microsoft.com/en-us/excel/HA011098061033.aspx

Has anyone tried using permissions and/or expiring files ala this built-in functionality?

RE: keeping Spreadsheets within the office

bpeirson:
Hilarious!  1/2 star for the "user unfriendliness" tips and 1/2 for the ability to put positive spin on the things you "stumbled upon" and are now trying to eliminate...

winky smile

RE: keeping Spreadsheets within the office

Qshake,

Your basic premise seems off.  If your competitors are getting your sheets, then it's an inside job.  That means that whoever is passing on the sheets already has access to them and most likely, will have the need to have the passwords that unlock the sheets.  

So who are you willing to trust with whatever you come up with?  How do you know that your own principals aren't selling the stuff out for some pocket change, or are simply giving them away for some unpublicized quid pro quo?

Rather than going with a single centralized program, for which you have no traceability to the person that is stealing the intellectual property (IP), you might consider some means of individuallizing the code with some sort of digital signature that will allow you to determine who passed the sheet to the outside.  You might consider digitally signing each copy of the code assigned to each engineer.  There may be ways of watermarking the sheets directly or through some apparently innocuous digits tacked onto results that are specific to a particular user.

TTFN



RE: keeping Spreadsheets within the office

Here are a few more suggestions that you may want to consider:

1) Move a core piece of functionality into a separate DLL and call that from VBA. This will make it harder for your competition to crack your code.

2) Big copyright notice on the spreadsheet and even more in the code. Slip in some deliberate errors (never called) and spelling mistakes into the code so that if someone does steal it and claim ownership you can easily spot what originally came from you. Doesn't stop them from taking it, but might get you some money if you are willing to take them to court.

3) Look at obfuscating some of the VBA source - probably cheaper and easier just to compile as DLL though.

4) In the compiled or obfuscated section, check for software license or connect to an internet server to authenticate. This may just alienate your users though.

If someone wants to steal it they can and will, you just need to put something in the way to slow them down.

On the subject of IP ownership, you may find that your company legally owns these spreadsheets. I can't find the link now, but I read of a similar case where a guy developed  code at home, on his own machine, with his own software to help him at work. When he left his job the company claimed ownership. The courts sided with the company saying that the software was an essential tool for the job and so belonged to the company.

Don't take legal advise from us, consult with an expert if you want to be sure.

 

RE: keeping Spreadsheets within the office

(OP)
IRstuff -

Not an inside job, we watch carefully what we send out.  The incident that has created this concern follows:

Unbeknownst to me another competing firm was working on the same stretch of highway with a number of structures.  After having an employee leave us for that other firm, we received a note from our client who while reviewing plans noted that xyz company had the same error in the plans we did, isn't that something they remarked.  The error came from one of our spreadsheets that failed to put output in a cell that would ultimately transfer to the plans.  The spreadsheet is very elaborate and saves much time from old hand calculations.  

It irks me that someone is dishonest and would take what is not rightfully theirs.  

Since that incident I've been searching for ways to impede such a incident again.

Regards,
Qshake

Eng-Tips Forums:Real Solutions for Real Problems Really Quick.

RE: keeping Spreadsheets within the office

Based on your description, it was technically an inside job.  The person was a former employee who stole it during his employment.

Then you need to write the VBA or VB or other macros that isolate the sheet itself and make it completely inaccessible to ANY user.  That also means that no one can check the calculations independently.  It also means that you have to assign someone to do the maintenance on the sheet that you can absolutely trust, and that same someone will now need to be the tech support for the entire company when people use that sheet.

Frankly, I think it's more trouble than it's worth.  IP is not something that can be placed under lock and key.  Its very nature requires free exchange.  Preventing that free exchange makes the IP more difficult to use and less useful.  Think how much harder it would be to track down your known bug had the sheet been buried under layers of indirection, macros, and locks.

TTFN



RE: keeping Spreadsheets within the office

How about a direct approach which will penalize the offender and make others wary?

- inform the client directly with your observations, offer supporting evidence of your firms legitimate ownership and encourage them to speak to the competitors upper management about it.

- speak with your attorney about this, but don't ask for his/her permission.

- directly contact your competitors upper management and tell them of your observations and objections.

Alternately, consider sharing of other resources or at least another specific resource as a sort of compensation.  Is it impossible to have "friendly competitors"?  If competition has produced animosity from its intensity somebody needs to do some soul-searching.

This may be more appropriately posted in the ethics section, but these methods must also be considered as part of a technical solution to what is in fact a social/moral problem.

RE: keeping Spreadsheets within the office


Interesting stuff.

Several years ago we did not worry about mobility of information from ones office too much, althiough it was aconcern. With more advanced computing machines and the need to have all stff on board etc the problem has increased so much that one has to live with it to some extent.

To be specific if an employee develops a spreadsheet on comopany's time that is beneficial to the company, I see no reason why on leaving that employee cannot use the spreadsheet at another employer. Even if he goes out without anything in his hand etc you cannot deprogram the brain unless you give him a pill to forget. He can create the spreadsheet again.

If an employee is provided a spreadsheet by the company to undertake work, then it is a matter of trust when he/she leaves, but it is virtually impossible to prevent him/her to use it someplace else. I am sure that half the time the company's spreadsheets were developed by employees within the system or those who were within and left. If otherwise then there would be a commercial licence and this could pose a problem. Most people would not want to use this spreadsheet.

Sometimes you can have all the info and are not able to use it as there are other factors that are responsible for you being ahead of your competitor, which are often beyond a spreadsheet.

My approach is if an employee is leaving, I would ensure that he/she has copies of all his work that he has done for me either in hard copy or electronic format. Sometimes that alone makes him/her realize that it is not correct to use the information in the employ of others.

Many professionals have posted spreadshets on the web for the use by colleagues free of charge or for a small charge. One can get sheets on a variety of engineering topics. From these ideas come to others who my modify etc.

I would quit worrying too much about this issue as it would only make you paranoid.

RE: keeping Spreadsheets within the office

I agree with IRstuff that most work that we engineers do benefits from free exchange of ideas and knowledge, just as we do in these forums. A company would very likely benefit from  information sharing as much or even more than it suffers from information "leaks", because it can obtain information which would otherwise be protected, so it can do a better job. Ultimately, it will depend on how good the company's engineers are, not how well a company can steal someone's spreadsheet.

Cheers,
Joerd

Please see FAQ731-376 for tips on how to make the best use of Eng-Tips.

RE: keeping Spreadsheets within the office

VAD
I disagree, but maybe it is an issue of scale.  Yes, a spreadsheet the takes 2 hrs can be easily reprogrammed and to worry about that is to breed paranoia.  But if an employee takes a spreadsheet to a competitor that took 100s of hours to setup, of paid work time, that is theft, and warrants preventative measures to protect the investment.  

RE: keeping Spreadsheets within the office

(OP)
Yes, I agree with bltseattle.  

1.  This was no small spreadsheet by any means.
2.  I have no objection to anyone who wants to develop a similar application....go ahead, just use your resources to to it.
3.  To have a company's work show up at another company is not means of flatter, but theft.
4.  If the application is available on line at some excel outlet good.  Let the competition go there and download it.

Regards,
Qshake

Eng-Tips Forums:Real Solutions for Real Problems Really Quick.

RE: keeping Spreadsheets within the office

bltseattle:

I can agree with the scale. However, I am curious to know how many times employees take home work assignments and complete them on their own time,as part of their support to companies. Sometimes we tend to forget that. Granted that such goodwill does not warrant them moving someone else's info to a competitor. However, the extras that may be brought by such goodwill in far exceeds in my opinion, the 100 hours.

Do not tell me that all employees are compensated adequately for their extra time, as this does not always happen in the private sector.  

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Eng-Tips Forums free from inappropriate posts.
The Eng-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Eng-Tips forums is a member-only feature.

Click Here to join Eng-Tips and talk with other members!


Resources