Cybersecurity
Article | March 23, 2022
It can be challenging to connect government services to Californians who need them most. With a population of nearly 40 million people, the state’s residents have a wide range of experiences, abilities, education, and technical literacy. The California Design System is a collaborative effort between the California Department of Technology and the Office of Digital Innovation to help web developers and designers address common needs to make digital information and services easier to use.
The Design System is an open source project and is in early beta status. Currently in use on websites for the Department of Cannabis Control, California Drought Action, California’s COVID-19 website, and the Broadband for All portal, we invite collaboration and feedback so we can incorporate new design system components into the existing state template.
The California Design System will help build websites and products that put people first and also look great. Whether you’re an individual developer, product owner, web designer or a public employee, we invite you to get involved and help us make improvements. Reach out to the Design System team through our contact form on the home page, or work through the GitHub repository.
This collaborative effort is another example of how state government is innovating to improve state websites and better serve the people of California.
Read More
Government Business, Government Finance
Article | July 12, 2022
“Belonging to the essential nature of a thing; originating and included wholly within an organ or part.” That is the definition of “Intrinsic.” When we were developing the “IT Manhattan Project” framework, we were doing so in direct response to some of the most significant hacks in U.S. Federal history, which piled on to the already unprecedented push to expedite the modernizing of federal IT because of the COVID-19 response. The COVID-19 response shifted the way that the U.S. federal government operated, where our workforce worked from, the immediate need for mobile ‘available from anywhere’ workloads, and how to both secure and support that new way of doing federal business. A new, vigorous push towards rapidly modernizing federal IT environments was underway. Ultimately, it laid the groundwork for producing transformational federal memos and oversight by way of some of the following:
Executive Order 14028: “Improving The Nation’s Cybersecurity”
M-22-09: OMB’s Zero Trust Strategy M-22-09
NIST 800-53rev5: Fulfilling an expedited realization of the overall intent of NIST 800-53r5 through the emphasis on things like conditional access, TIC 3.0 frameworks, Secure Orchestration/Automation/Remediation, and modernized, agile approaches to secure micro-segmentation from Hybrid Environments up to Federal Cloud instances
Overall mandates like these carry with them a consistent anthem driving at rapid IT modernization with rigorous proof of performance schedules attached. Piling on top of those Herculean efforts, the urgency was drastically increased by several of the highest profile cyber compromises in U.S. federal history. Rapid modernization had to happen right away. The time for IT transformation was here, backed by promises of significant funding and a high level of political visibility.
The Shift to Zero Trust
At their core intent, Zero Trust architectures are expected to provide a centralized policy structure that dictates how every individual flow in our IT environments are permitted to talk. No user, host, or flow is permitted without being subjected to rigorous authentication and authorization policy. This shifts our previous understanding of North-South, East-West traffic and how we police it. The foundational intent of Zero Trust architectures centers around applying unified policy to every transaction that occurs between enterprise resources, and doing so in ways that are agnostic to the IT Silo that they reside in.
Zero Trust assumes there is no implicit trust granted to assets or user accounts based solely on their physical or network location.”
NIST 800-207 aptly
They go on to explain that the scope of this posture includes all assets, workflows, network accounts, and the like. In summary, police everything, abstract production traffic intent from the underlying infrastructure that supports it, and institute a unified security posture to execute the policing at every network entry point. Regardless of the domain. We all know that this is a tectonic but much-needed shift in our industry. I’d go so far as to say that the successful instantiation of this approach across Federal IT environments is critical to our national security going forward.
Management Complexities
Enterprise IT domains contain varied mixtures of OEM solutions, home-grown tools, and utilize a wide variety of protocols to intercommunicate that aren’t necessarily standardize. Each of these domains is normally managed by separate IT teams who specialize in maintaining those environments. In the federal landscape, each of these domains aren’t just managed by separate enterprise IT teams, but are commonly managed by different contractors. Therefore, IT security organizations have a difficult time achieving and maintaining the necessary operational awareness required to enforce centralized policy. These cultural complexities exacerbated by budgeting concerns have created a fatalistic mentality when it comes to far-reaching mandates. This is where the tectonic shift in architectural and administrative approach is so necessary. This is where multidomain architectures shine.
Let’s define a common baseline of enterprise domains seen across traditional IT environments:
Cloud
Data Center
Enterprise Networking
Extended Enterprise (IoT, OT/ICS)
Remote Access
But to deliver a successful Zero Trust across the enterprise, it is first necessary to understand some foundational building blocks on which to construct our architectural approach:
We can’t have MULTIDOMAIN POLICY without first achieving fuller
We can’t deliver macro and micro-segmentation without first having robust MULTIDOMAIN
We can’t have multi-vendor MULTIDOMAIN Zero Trust POLICY without sensical INTEGRATIONS to stitch each enterprise domain together.
Let’s face it, enterprise IT environments don’t simply include infrastructure from a single manufacturer, or even a few key manufacturers. Rather, our Enterprise IT environments are represented by a plethora of IT manufacturers specializing in different niches of IT and the domains they are commonly found in. These environments are managed by different Federal IT organizations, different contractors who support these Federal IT organizations, and many different teams that support each common IT silo. Different teams that support oft-compartmentalized areas like Network Security Operations, Network Operations, Data Center Operations, Institutional Services, Wide Area Networking contracts, Operational Technologies, and dotted lines to different leadership oversight like CIO Programs, CTO Architecture, the Cyber Security Office, and the audit oversight bodies that they are subjected to. Each of these make up a complex support structure that isn’t necessarily streamlined for efficiency.
Summary and Overarching Goals
In articles to follow, you’ll see us referencing the IT Manhattan Project framework several times. Though many details of the framework can’t be discussed due to their sensitivity, the foundational principles are relevant across the board when pursuing intrinsic multidomain Zero Trust.
Establish Visibility (Administration, Telemetry, Assurance)
Define Straightforward Policy Structure and Hierarchy (Auth Chains)
Perform Multidomain Integrations (API Integrations)
Deploy Software-Defined Framework (Day-0, Programmable Fabrics, Multi-OEM Fabric Integrations)
Establish Sensical Automation Runbooks (Day-2 Operations)
We will also explore some areas that deliver unexpected value to the agency business in immediate ways. All of this will help create a cohesive story that helps CIOs, CISOs, and enterprise architects alike communicate the criticality of this multidomain Zero Trust approach to agency leaders across the federal spectrum.
Read More
Article | May 27, 2021
As federal agencies continue to support large numbers of remote workers, IT leaders have started to evolve their thinking on zero-trust security architectures. Increasingly, they are becoming more comfortable with the concept and are seeking to lay the foundation for deployments. Zero trust represents a mindset shift in cybersecurity in which every transaction is verified before access is granted to users and devices. In the federal government, it is still a relatively nascent approach, with some pilot programs here and there. However, IT leaders seem to recognize that cybersecurity models are increasingly going to be defined by a zero-trust architecture.
Read More
Article | June 29, 2020
The United States Patent and Trademark Office (USPTO) issued its 10 millionth patent number in June 2018 and continues to go strong. In fact, according to a PatentlyO.com-published report, “We are about three-fourths of the way through fiscal year 2019 (ends September 30, 2019) and the USPTO is on-track to issue the most patents ever in a single year period,” with the author forecasting, “330,000 issued utility patents, which is up about five percent from the prior one-year high in 2017.” While these kinds of milestones have created much ado about patents that have changed the world, including a number of popular culture pieces, the unfortunate truth remains that a great number of organizations don’t really understand how powerfully advantageous a tool patents can be.
As the pace of patent filings quicken—noting that it took fully 121 years to issue the first million patents but only three years to move from nine to ten million—businesses that understand how to analyze, identify and capitalize on various intellectual property (IP) trends can dramatically hasten and increase value creation, and valuation, within their companies. This is according to patent attorney and IP authority JiNan Glasgow George, a former USPTO patent examiner and engineer turned entrepreneur who launched the Magic Number Patent Forecast software —a comprehensive intelligence tool leveraging machine learning to uncover silent trends sweeping the business landscape, revealing who is filing patents, when and in what sectors. With this kind of AI-driven data, organizations can easily detect early-stage shifts and pinpoint other trends and marketplace insights to give companies a tremendous competitive edge.
“Intellectual property is not just an idea, concept or invention, but rather a financial asset that can render tangible results,” JiNan notes. “Organizations need to shift their mentality away from patents being seen as merely a way to protect their own idea and, instead, regard them as a means to grow a business and create wealth through intellectual property-driven analytics and key business assets that drive revenue. This can include analyzing the competition through a uniquely telling lens, deciding which products to build next, identifying 'white space' industry opportunity and more.”
After more than two decades managing legal matters pertaining to patents and trademarks, JiNan has helped hundreds of entrepreneurs and innovation-based companies understand how to parlay patents into assets that give them an edge. Below are three of her key reasons why analyzing patent trends can pay off in a big way:
1. Enhanced Competitive Intelligence. Did you know that large banking institutions like Bank of America and payment card companies like Mastercard and Visa hold large amounts of patents in cryptocurrency? Or that a pharmaceutical company is the leading patent owner in the cannabis sector? Or that consumer sleep is among the newest IP-heavy categories, with Apple emerging as a primary player? Or that early stage companies such as Luminar may be outpacing automotive giants?
“Because investment in patents always leads market activity, we can see investment trends before they’re visible in market activity,” JiNan explains. “Every sector contains strategic insights that can translate into mission critical assets. We also find evidence of investment that might seem contradictory—like a major bank investing heavily in its supposed competitor: cryptocurrrency. It’s data science that allows companies to predict the next waves of innovation within their particular industries and markets.”
2. Drastically Increased Valuation. IP isn’t just for tech and consumer product companies, as even service businesses can pursue IP protection through patents, trademarks, copyrights and trade secrets. Unfortunately, many businesses are highly undervalued because the owner or executive has not created any IP or cultivated what they have. This is a grave error given that IP plays a huge role in an entity’s valuation. In fact, IP is the one thing that impacts the valuation multiple beyond the profitable business, itself. As such, using trend data to determine with greater accuracy how and where to allocate IP-related resources is key, as “getting it right” can be a significant boon to the bottom line.
“Some start-up companies I’ve worked with have IP portfolios that are more efficient and valuable than large corporations in the same markets,” JiNan notes. “That gives them a high valuation—a vital factor also making these companies attractive targets for investors, mergers and acquisitions. Some companies invest a lot in patents that ultimately are not very valuable, while other companies file for inventions that yield significant returns. The profitable ones can produce impact that multiplies their IP investment—even early stage companies can have IP valuations that are $10 million, $50 million, even $100 million or more. A data-driven IP strategy that considers present inventions in market context can create a five times or more increase in valuation.”
3. Maximized First Mover Advantage. Prior to 2013, the first to invent was entitled to patent rights. The current system—established through the Leahy-Smith America Invents Act—is a “first-to-file” system, meaning that patent rights are given to the first person or entity to file an application whether or not they were the first inventor of the technology, product or service. With access to patent trends and other IP-driven data, companies can not only make smarter investments and develop better strategies to target emerging markets, but also aptly identify underserved or even entirely unexploited facets within those markets.
“Patent data offers huge insight into who is investing in what kind of technology and where and how those funds and efforts are being allocated, long before commercial activity,” JiNan says. “Any company preparing to enter a new market will leave evidence of their intentions in areas that represent opportunity. If you are looking to capitalize on gaps in the market, it’s important to remember there’s no second place in patents—you need trend data to be continuously updated and analyzed. The companies and individuals who profit most from intellectual property are often not the ones who initially created it. ”
According to JiNan, one of the most significant areas of opportunity loss for entrepreneurs and corporate executives is a lack of understanding of patent strategy and undervaluing the pursuit thereof. Because p atents are often the highest value intellectual property assets, she asserts that having an inside track on this kind of activity—and taking proactive measures to interpret and capitalize on that data—can be a real game-changer for an organization.
Ways to gain that “inside track” as well as other ways to maximize patent ROI and profit from your IP endeavors will be explored at the annual Eclipse IP Conference this October in Cary/RTP, North Carolina. Founded in 2013, Eclipse brings together global thought leaders in IP to discuss best practices in patent investment, with this year’s theme being “Own Your Zone, Leveraging IP to Increase Marketshare.” These days, it’s not just about procuring the data. It’s what you strategically do with that data that really counts. The conference includes the likes of New Orleans Saints all-time yardage leading wide receiver Marques Colston, supply chain expert Irfan Khan, Eugene Gold (who grew his business by a staggering 4,400%) and bestselling author Randy Nelson.
With patents among the most important and valuable assets a business can hold, said to serve as “the lifeblood of innovation,” when employed well they can proffer a remarkable return on investment—especially when facilitating market, category or process exclusivity. With JiNan’s insights above, it’s clear that deciphering and mapping early-stage patents and market data can be a powerfully effective means toward this end.
Read More