Israeli Software

My guess is that the value of software patents is on the decline, taking value as the net of the economic upside of the software patent less the cost of  patent development, application and enforcement.

The dynamic is that the benefit from patent protection in the software industry is less than the cost of the patent development, application and enforcement.   (See Bessen and Maurer – “Patent Failure”). The key area today where IP protection has a positive ROI is chemical formulations, i.e. the bio-pharma industry,    Since most of the patents applied for/issued in the past 10 years have been related to software / algorithms it follows that the adage ‘ You can fool some of the people some of the time but not all the people all the time ” is taking effect.

Protecting software-related intellectual property  is extremely difficult – the boundaries are unclear, the algorithms are similar and people are mobile.

The patent application and registered patents are publicly available for perusal by anyone.  So it is not a privacy/compliance/data security issue at all.  The information is out there.

What is not out there – is the implementation. In the bio-pharma industry, that means the recipe for making the vaccine and in the software industry, it’s writing the software that will be secure, reliable and scalable and friendly to users.

Writing secure, reliable, scalable and maintainable software is a non-trivial exercise.

There is a huge gap between a software  patent and the software implementation.   On one hand, from the perspective of a patent as a digital asset –  the vulnerability of patent disclosure is zero  (since it’s disclosed already by the patent offices) but on the other hand, a company’s actual implementation source code and techniques may be worth a lot of money – the value of the time, know-how and software management invested and the potential downside if a competitor got a copy of the source and implementation technique and jump-started his development process.

My first recommendation to a technology company doing cutting edge software development is to   use DLP to protect your source code  since  this is one of the easiest DLP implementations to do. The prices of DLP  products are going down and $150k of DLP implementation and operations/year is cost-effective when you have a few million invested in the implementation.

There are other security countermeasures against leakage of source code and implementation – methods such as – false flags and changing your source code very quickly through agile implementation. Source code that was stolen 6 months ago is not worth much when a company cycles every day and builds a new release every morning at 830.

One of the biggest challenges in global multi-center clinical trials (after enrollment of patients) is collaboration between multi-center clinical trial teams: CRAs, investigators, regulatory, marketing, manufacturing, market research, data managers, statisticians and site administrators.

In a complex global environment, pharma do not have control of computer platforms that local sites use – yet there is an expectation that file and information sharing should be easy yet there are three areas where current systems break down:

1. People forget what files had been shared and with whom they have been shared

2. People have difficulty sharing files with colleagues in a way that is accessible to everyone – firewalls, VPNs, enterprise content management, DRM, corporate data security policy, end point security, file size – these are all daunting challenges when all you want to do is share a file with a colleague in Berlin when you are working in a hospital in Washington.

3. Notifications – how do you know when new information has been added or updated? Not having timely notifications on updates can be a big source of frustration resulting in team members pinging other members over and over again with emails.

Over the past 10 years a generation of complex enterprise content management software systems have grown up – they are bloated, expensive, difficult to implement, not available to the entire multi-center team and in many cases written by English speaking software vendors who cannot conceive that there are people in the world who feel more comfortable communicating in their native tongue of French, German, Hebrew or Finnish!

We are developing (currently in beta with a Tier 1 bio-pharma in EMEA)  a Web-based, agile collaboration system with a light-weight, easy to use, simple architecture, that saves time and reduces IT and travel costs – and literally gets everyone on the same page.

The system resolves the 3 breakdowns above while recording all user activities in a detailed audit trail in order to meet internal control and FDA regulatory requirements.

The system also provides significant cost benefits in addition to improving information collaboration:

• Reduces travel costs: Using online events, integrated media and file sharing and discussions, the clinical trial team and investigators can conduct program reviews, education activities and special events.

• Eliminates proprietary IT: No proprietary software or hardware and no IT integration. No extra investments in information technologies, CRM, sales force integration and data mining.

If this interests you – drop me a line!

After a discussion with a client today about privacy and data security in social networking, I started looking at physician portals and came across a fascinating post from Dr. Scott Shreve – Knowledge Prostitution enabling Aggregated Voyeurism: Is this a Business Model?

Voyeurism (voi-yûr’ ĭz‘əm) n.

1. The practice in which an individual derives pleasure from surreptitiously observing people.

2. Derives from the French verb voir (to see); literal translation is “seer” but with pejorative connotations.

The client told me that they were considering using a closed physicians’ portal to help market their products.  The business model used by closed, advertising-free, doctors portals (Sermo.com in the US or Konsylium24.pl in Poland) involves paying for market intelligence data collected from the “user generated content” in the community.   The tacit assumption is that physicians will talk freely inside a gated, advertising-free community.

Sermo.com kicks some of the revenue back to the users but the precision and recall of this market intelligence is not clear to me, considering the amount of noise in vertical social communities like Sermo and Konsylium24.pl and open social media like Facebook, Twitter and LinkedIn.

What is clear to me – is that there are data security and privacy implications when the community operator data-mines user-generated content for profit.  As a concrete example – a recent thread on Konsylium24.pl went something like this:

Doctor Number 1:

You know – Professor X is the KOL (key opinion leader) for company Y’s drug Z.  He says that drug Z is extremely effective for treating the indications of infectious disease Alpha.

Doctor Number 2:

Of course – Professor X is an acknowledged expert on infectious diseases, but he is also an expert on cash and knows how to do the math and add up the numbers…

I asked my client – “and for this kind of data, your parents sent you to medical school?

This took me back to the days of Firefly, Alexa, Hotbar and use of personal information as currency – collected with “collaborative filtering” and “automated inference” from people browsing the web.

Web 2.0 and social media seems to be going through a similar evolution as Web 1.0 – trying to monetize content by  data aggregation and analysis using “collaborative filtering” techniques.  This may have been a sexy looking business model for Venture Capitalists during the dot.com era, but in 2009 (5 years after Sermo.com launched) and a few months after their well-publicized breakup with the AMA; automated inference, knowledge prostitution and aggregated voyeurism may be  yielding to direct communications between people in B2B communities, social and professional networks.

Why peep through a window when you can just knock on the front door and ask?

It just occurred to me – as our partner in Poland was getting ready to drive from Warsaw to Łęczyca for a sales call – that novel H1N1 (swine flu) and seasonal influenza is a great reason to use social media and Web conferencing for customer contacts, sales and support and reduce physical contact and risk of exposure.

Don’t ask me why, but I was invited (and joined) the Pakistan Networkers group on LinkedIn.  I see all kinds of cool job opportunities in the Emirates which I can’t really take but the traffic is interesting.

I saw this picture in a post today from the Pakistan Networkers group. It graphically describes the complexity of ObamaCare:  the Obama health care reform bill.   I then sat down and started to learn more about this proposed solution to the US health care system that will cost over a trillion dollars in the next 10 years.

The Obama Health plan and the problems the administration is currently facing getting it through Congress is second page news here in Israel (front pages this weekend in Israeli papers are how Obama and Rahm are throwing their weight around and dictating to the Jews where they can live and not live….)

I started reading about the House Tri-committee Health Care bill and my eyes started popping at the cost and complexity of the proposal. I then read the response of the Mayo Clinic – Mayo Clinic’s reaction to House Tri-Committee bill and I finally realized that just like in Cyber Security and data loss prevention – the Obama administration is more interested in compliance and big government than customers and health, safety and security.

I’ve been arguing for basing data security product purchasing decisions on value at risk and cost-effectiveness of the DLP product in reducing the value at risk of a data breach. Therefore, it is  obvious to me that the notion of a value-based decision is an important cornerstone in redefining health care – see a discussion on pay for value in health care in the open letter to congress

Counterfeiting is a hot issue not only because it hits vendors in the pocket but because of the public health/safety implications.

Product counterfeiting ranges from fashion, such as Dolce & Gabbana handbags,  high performance bike frames such as Specialized Bikes to faking innovative drugs such as Viagra.

The Israeli onlline business daily “The Marker” recently ran an item on drug counterfeiting,  pegging the volume of drug counterfeiting in Israel at 80-100 million sheqels/year.  The source for the number is the Israeli Ministry of Health, the World Health Organization and an  organisation called “The Center for Pharmaceutical Security” (המכון לביטחון פרמצבטי)  I could not find any reference to this organization online – but from the name it sounds like a pharmaceutical industry lobby.

The core issue is public health and safety. This is why I personally believe that anti-counterfeiting supply chain initiatives such as ePedigree are well-intentioned but ineffective countermeasures to this threat.  I believe that the interest of public health and safety (you can be killed on a defective road bike frame…) requires involving consumers at the point of sale.
Read more…

We had a discussion with a prospect for a DLP (data loss prevention) system) that started with discussing the pros and cons of various DLP solutions (Verdasys, Mcafee DLP, Websense, Fidelis Security) and finished with a drill-down into how they can build a business case to acquire and implement data security technology. After a very interesting session – the CIO asked me – “So why did you start with technology? we should have started with the business case?”  I replied – “Got your attention, didn’t I!”

Talking with clients we stress threat modeling and analysis and doing quantitative risk analysis but I believe that psychology may be more important than the technology. This is for several reasons:

Read more…

If you understand how pharmaceuticals are sold, this is not surprising.

What is surprising is that a lot of people seem to think it’s just a question of time before pharmaceutical companies like GSK get into social media.  I claim that a fashion trend doesn’t make a business case. The buzz of social media and Twitter in 2009 reminds me of the buzz on virtual worlds in 2008.

There are 3 fundamental reasons why  consumer-side social media is not a good fit for pharmas and they all relate to how prescription drugs are sold:

Read more…

I was talking to some folks at a  big global pharma last week and I discovered that pharma doesn’t like social networking.    (Give me a break – I’m a software security guy, I think about these things in terms of threats to intellectual property and I thought everyone “gets” social networking). If you understand how pharmaceuticals are sold, this is not surprising but it seemed worthwhile to take some time and learn more about the great pharma-social networking divide before diving into a more detailed discussion of why pharmas have a problem with social media (mostly regulation but not just).

Read more…

Poland is leading the way in Europe with a new law enacted as of December 1, 2008 that prohibits medical representatives from visiting doctors during business hours.  Reps are a good source of spoon-fed science for docs, not to mention the free samples and perks at conferences.  However – over 90,000 doctors in Poland have quickly adjusted to a new reality and the big pharmas like GSK, Roche, Schering-Plough / Merck have accepted that times are a changing.

Current sales indicators of how many face to face visits a rep made are not going to cut it anymore. The question is – what next?