Tech Update SummaryJuly 2016

Blue Mountain Data Systems

For CTOs, CIOs & CISOs

Visit Blue Mountain Data Systems https://www.bluemt.com

For CTOs, CIOs & CISOs

Every business day, we publish a Daily Tech Update for Federal & State CTOs ,CIOs & CISOs on the

Blue Mountain Data Systems Blog. We hope you will visit our blog for the latest information.

You can also receive these updates via email. Click here to subscribe.

Here’s the summary of the Daily Tech Updates for July 2016. Hope the information and ideas prove

useful.

Best,Paul VeselyPresident and Principal ArchitectBlue Mountain Data Systems Inc.

Network Security

Network SecurityMICROSOFT: Microsoft Issues Windows 10 Preview Build, Patches Critical Flaws. With less than a month to go until the release of the Windows 10 Anniversary Update, Microsoft put out a new build that fixes a number of bugs in Windows, Office, Edge and other applications. In addition, Microsoft’s Patch Tuesday release featured 11 updates for vulnerabilities, including six rated as “critical.” Read the rest[TOPTECHNEWS.COM]

CISCO: Unveils Three DNA Network Security Technologies. Cisco has announced three new technologies for its Digital Network Architecture (DNA) solution to enable network engineers, application developers, channel partners, and IT customers to embed improved and simplified security within their network infrastructure layer: Umbrella Branch, Stealthwatch Learning Network License, and Meraki MX Security Appliances with Advanced Malware Protection (AMP) and Threat Grid. Find out more [ZDNET.COM]

Network Security

SWIFT: Seeks Stronger Network Security. Swift is turning to outside help as it looks to improve security on its network following a number of hacking incidents. It has engaged cyber security firms BAE Systems and Fox-IT, and created a Forensics and Customer Security Intelligence team, as it wants to investigate security incidents “within customer environments”. Read more[BANKINGTECH.COM]

MICRO-SEGMENTATION: Tempered Networks Simplifies Network Security. Tempered Networks’ Marc Kaplan explains how micro-segmentation simplifies the network, makes firewalls easier to manage and improves network security. Read the rest[NETWORKWORLD.COM]

Encryption

Encyption

FEDERAL GOVERNMENT: John McCain Threatens to Subpoena Apple CEO Tim Cook to Talk Encryption with Feds. “We now find ourselves at what is a complete impasse [in the encryption debate], and it is time I urge for congress to step in and break that impasse,” said one former assistant attorney general. Read the rest[FEDSCOOP.COM]

GOOGLE: Testing a Chrome Browser that Adds Post-Quantum Encryption. In a truly forward-thinking move, Google is getting serious about the effort to future-proof internet security: users of the tech giant’s test-phase browser, Chrome Canary, can start testing a so-called post-quantum cryptographic technology aimed at making users immune from next-next-generation cryptographic attacks. Find out more[EXTREMETECH.COM]

Encyption

EMAIL: Simple Security – How Gmail, Mailvelope, and Virtru Make Encrypted Email Easier. Encrypting your email is a great step towards more secure communication. Gmail, Mailvelope, and Virtru can help streamline your encrypted email efforts. Read more[TECHREPUBLIC.COM]

OPINION: An Encryption Commission Is A Waste Of Time. Members of Congress are looking to create an encryption commission that would “get the answers we need” on the issue of encryption and digital security. Will this really help? Read the rest[GIZMODO.COM]

Databases

Databases

MICROSOFT: SQL Server Data Tools (SSDT) Now Supports Developing Databases Using Always Encrypted. Microsoft recently announced that SQL Server Data Tools (SSDT) now supports developing databases using Always Encrypted. Always Encrypted is a feature designed to protect sensitive data, such as credit card numbers or national identification numbers (e.g. U.S. social security numbers), stored in Azure SQL Database or SQL Server databases. Always Encrypted allows clients to encrypt sensitive data inside client applications and never reveal the encryption keys to the Database Engine (SQL Database or SQL Server). Read the rest[MSPOWERUSER.COM]

Databases

SPECIALIZED: Terabyte Terror: It Takes Special Databases to Lasso the Internet of Things. Non-relational databases can help take the pain out of corralling swarms of sensor data. IoT sensors produce a massive amount of data. This volume and variety of formats can often defy being corralled by standard relational databases. As such, a slew of nontraditional, NoSQL databases have popped up to help companies tackle that mountain of information. Find out more[ARSTECHNICA.COM]

MySQL: Building a Web UI for MySQL Databases in Plain Java. Learn how to connect MySQL databases from Java web applications, from creating classes, implementing the UI, and running the application. Read more[DZONE.COM]

Databases

NIST: NIST Database Goes Ballistic. The ability to match a bullet with the gun that fired it has been a forensic staple for law enforcement for almost 150 years, but the National Institute of Standards and Technology is hoping to juice the old capability with 21st century big data. Read more[FCW.COM]

More About Blue Mountain

BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S. Dept. of Labor, Employee Benefits Security Administration. Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support. Read more.

Security Patches

Security Patches

MICROSOFT: July 2016 Patch Tuesday: Microsoft Releases 11 Security Updates, 6 Rated Critical. For July, Microsoft released 11 security bulletins, six of which were rated critical due to remote code execution (RCE) vulnerabilities. Read the rest[NETWORKWORLD.COM]

ANDROID: Android Security Bulletin Features Two Patch Levels. The frail world of the Android ecosystem has taken some hits in the past week with the disclosure of a full disk encryption bypass vulnerability and the arrival of the HummingBad malware. Find out more[THREATPOST.COM]

Security Patches

ADOBE: Adobe Deploys Security Update to Fix 52 Vulnerabilities in Flash. Some of the critical flaws could lead to remote code execution on your PC. The update includes Flash security fixes across the Microsoft Windows, Apple Mac, Linux, and ChromeOS operating systems, as well as the Google Chrome, Microsoft Edge, and Internet Explorer 11 browsers. Read more[ZDNET.COM]

INTEL: Intel Patches Local EoP Vulnerability Impacting Windows 7. Intel issued an important security patch Monday for a vulnerability that could allow hackers to execute arbitrary code on targeted systems running Windows 7. The bug, located in Intel’s HD graphics Windows kernel driver, leaves affected systems open to a local privilege escalation attacks that could give criminals the ability take control of targeted systems. Read more[THREATPOST.COM]

CIO, CTO & CISO

For the CIO, CTO & CISO

CTO: Census Seeks CTO. The Census Bureau is looking for a new chief technology officer. In the midst of the bureau’s 2020 technology push — an ambitious overhaul that watchdogs are monitoring closely — the agency posted its official CTO job listing on July 11. The posting comes three weeks after Avi Bender, who had served as Census CTO since 2010, moved to the National Technical Information Service. The next CTO will serve under another newly arrived leader — CIO Kevin Smith, who joined the bureau in June. Read the rest[FCW.COM]

THREE THINGS: Every CISO Should Know. To reduce their organisation’s attack surface – and improve their team’s ability to detect, react, respond and recover – CISOs should keep three things in mind. Read the rest[INFORMATION-AGE.COM]

CIO, CTO & CISO

CIO: Execs From Outside IT Win Key CIO Jobs. Pressure to fulfill business goals forces companies to look for different breed of IT leaders. Eli Lilly & Co. this week reverses a long history of naming chief information officers with deep enterprise technology experience as Aarti Shah, a 22-year veteran at the drug company, takes the helm. But her appointment barely ranks as an outlier as Lilly and other companies look outside the traditional technology ranks for executive talent that boards and chief executives can hold accountable for business objectives. Read the rest[BLOGS.WSJ.COM]

CIO, CTO & CISO

CTO: IRS’s Top Techie Leaves Citing Lapsed Critical Pay Authority. The IRS is losing its chief technology officer, Terry Milholland, due to a lapse in a 1998 statute that allowed for a higher pay band for select positions at the tax agency, according to Commissioner John Koskinen. In a June 29 email to staff, Koskinen said Milholland is the latest IT executive to leave since the Streamlined Critical Pay Authority — part of the IRS Restructuring and Reform Act of 1998 — expired in 2013 without a congressional vote to renew. Find out more[FEDERALTIMES.COM]

For the CIO, CTO & CISO

CIO: FDIC Was Hacked by China, and CIO Covered It Up. Problems uncovered after employees walk off job with thousands of SSNs on flash drives. A report published by the House Committee on Science, Space and Technology today found that hackers purported to be from China had compromised computers at the Federal Deposit Insurance Corporation repeatedly between 2010 and 2013. Backdoor malware was installed on 12 workstations and 10 servers by attackers—including the workstations of the chairman, chief of staff, and general counsel of the FDIC. But the incidents were never reported to the US Computer Emergency Response Team (US-CERT) or other authorities and were only brought to light after an Inspector General investigation into another serious data breach at the FDIC in October of 2015. Read more[ARSTECHNICA.COM]

CIO, CTO & CISO

CISO: Brown University Offers Ivy League CISO Creds. Freshly minted CISOs as well as other mid-career professionals with a need for a broad grounding in cybersecurity can get an advanced degree in the topic through a new program at Brown University. The Executive Master in Cybersecurity, set to launch in October, is a 16-month program to instruct students in technology, law and policy, human behavior, and leadership-skills development. “What the industry is crying out for is interdisciplinary training,” says Alan Usas, the program director. Read more[NETWORKWORLD.COM]

CIO, CTO & CISO

FEDERAL CIO: 4 Ways Government Agencies Can Improve Their Cybersecurity Fundamentals. Responding to the OPM breaches, Federal CIO Tony Scott initiated a month-long Cybersecurity Sprint calling on all agencies to evaluate and address security problems. This program yielded some positive results, including immediate improvements in authentication practices. Federal civilian agencies increased their use of strong authentication practices for privileged and unprivileged users by 30 percent during the sprint. Read more[ABOUT.BGOV.COM]

For the CIO, CTO & CISO

CISO: What Is IDaaS? A CISO Clears Up Confusion Around the Definition of Cloud IAM. Identity and access management-as-a-service, also known as IDaaS or cloud identity and access management (IAM), has become a hot topic among CISOs over the past few years. Alas, confusion about the cloud-based service still exists; even the most basic question is left unanswered or answered incorrectly. With so much uncertainty and inaccuracy existing around the definition of IDaaS, it seemed fitting to tap into the expertise of a security thought leader and early adopter of IAM-as-a-service. Joseph Burkard, a CISO for a global health care organization, delivers a complete definition of IDaaS and discusses how his choice of a cloud IAM vendor reflects this definition. Read more[SECURITYINTELLIGENCE.COM]

Penetration Testing

Penetration Testing

RISK STRATEGY: 8 Reasons You Need A Security Penetration Test. One of the biggest challenges in IT security is determining whether the tools and configurations you have in place are giving your organization the level of security you require. Here’s how penetration testing can help. Read the rest[INFORMATIONWEEK.COM]

VULNERABILITIES: Hacking A Penetration Tester. How even a pen test conducted by a security pro can be hacked by a determined attacker looking for a way to its target. Find out more[DARKREADING.COM]

Penetration TestingCYBERWAR: The DNC Hack and Dump Is What Cyberwar Looks Like. Elections are critical infrastructure that should be hands-off for governments. What occurred with the recently disclosed breach of the Democratic National Committee servers, and the dumping of stolen data on a WordPress site, is more than an act of cyber espionage or harmless mischief. It meets the definition of an act of cyberwar, and the US government should respond as such. Read more[ARSTECHNICA.COM]

SECURITY FLAWS: Necessity is the Mother of the ‘Rugged DevOps’ Movement. No matter how good your perimeter security is, experts agree: Your system has been breached, whether you know it or not. The costs of security flaws – cybersecurity expert Joe Franscella calls them “The Five Horsemen of the Internet Apocalypse: Scam, Extortion, Embarrassment, Theft and Death” – are enormous. So why don’t we consider security a first-class citizen in DevOps? Read more [SDTIMES.COM]

Open Source

Open SourceRED HAT: Red Hat Wants To Repeat The Magic of Linux With Containers. With enterprise workloads slowly moving to the public cloud, and containers becoming first class citizens of the datacenter, the battleground is quickly shifting to the cloud and containers. Traditional infrastructure players are facing a huge challenge. The changing dynamics of the market are forcing Red Hat to relook at its strategy. Read the rest[FORBES.COM]

MICROSOFT: Project Malmo AI Platform Goes Open Source. The system, now available to all, uses Minecraft to test artificial intelligence protocols. Formerly referred to as Project AIX, the platform has been developed in order to give startups a cheap, effective way to test out artificial intelligence programming without the need to build robots to test commands and comprehension with physical subjects. Find out more [ZDNET.COM]

Open Source

STORAGE: Why Object Storage Is Eating the World. Traditionally, web applications use file systems and databases to store user data. This is simple to manage, as web applications generate structured data by accepting text input in forms, and saving the input to a database. However, times are changing; with the advent of social media, cloud storage, and data analytics platforms, increasing quantities of unstructured data are being pushed onto the Internet. Read more[OPENSOURCE.COM]

Open Source

SECURITY: What IoT Can Learn From Open Source. In 2014, a study by Hewlett-Packard found that seven out of ten IoT devices tested contained serious security vulnerabilities, an average of twenty-five per device. In particular, the vulnerabilities included a lack of encryption for local and Internet transfer of data, no enforcement of secure passwords, and security for downloaded updates. The devices test included some of the most common IoT devices currently in use, including TVs, thermostats, fire alarms and door locks. Given that Gartner predicts that 25 billion smart devices will be in use by 2020, no one needs to be a prophet to foresee a major security problem that will make even the security problems of the basic Internet seem insignificant. Read more[DATAMATION.COM]

Incident Response

Incident Response

VIDEO: Incident Response: Trade-offs Under Pressure. John Allspaw provides a glimpse into how other fields handle incident response, including active steps companies can take to support engineers in those uncertain and ambiguous scenarios. Examples include fields such as military, surgical trauma units, space transportation, aviation and air traffic control, and wildland firefighting. Read more[INFOQ.COM]

LISTEN: HSAC Wants DHS Cross-Sector Cybersecurity Plan. The Homeland Security Department and Homeland Security Advisory Council are exchanging summer homework, respectively asking for recommendations for the presidential transition and a plan for coordinating cross-sector cybersecurity responses. Read the rest[FEDERALNEWSRADIO.COM]

Incident Response

COLLABORATION: Technology Gives Police and Public Safety Agencies the Upper Hand. Cities put common IT infrastructure to work in the ongoing effort to prevent and reduce criminal activity. When a suspicious person or activity happens at Newburgh, N.Y.’s City Hall, police are notified directly. City employees can push a button to silently page the nearby police department in an emergency, one of many new features available since the city upgraded its communications infrastructure, adding new IP phones, paging and emergency notification software on top of a new Cisco Systems phone system. Read more[STATETECHMAGAZINE.COM]

Incident Response

HAVE A PLAN: The Importance of a Cyber Incident Response Plan and the Steps Needed to Avoid Disaster. With two-thirds of the UK’s big businesses being hit with a cyber-attack in the past year, it’s absolutely crucial for businesses to know how to respond and deal with the aftermath. A study conducted last year revealed that more than half of organizations lack the capability to gather data from across their environment, or coordinate centralized alerts to the business about suspicious activity. Read the rest[INFO-SECURITY.COM]

Program Management

Program Management

MICROSOFT: Microsoft Launches Planner, a Project-Management Tool Part of Office 365. Microsoft has launched Office 365 Planner, a new project-management tool for teams. The company will be rolling out Planner worldwide to Office 365 users, including Office 365 Enterprise E1–E5, Business Essentials, Premium, and Education subscription plans. The Planner tile will appear in your Office 365 app launcher, meaning Office 365 admins don’t need to take any action. Read more[VENTUREBEAT.COM]

Program ManagementNASA: When Project Management Really is Rocket Science: A Lesson from NASA. A recent GAO assessment of major NASA projects shows that 18 of the organization’s biggest projects received very positive reviews – with project management receiving credit for some of that success. What has proven to be extremely effective for NASA is utilizing standards and adapting tools and processes to the needs of the agency, while satisfying considerations of such leading practices as EVM, project costing, baseline establishment and blending of engineering disciplines into projects. Read the rest[FEDERALTIMES.COM]

Program Management

ADVICE: 6 Ways to Be a Better Project Manager. Project management is a complex — and critical — function. Here are six pieces of advice to help project managers improve their craft. Find out more[CIO.COM]

IT CAREERS: What’s Going On with IT Hiring? Analysts have been generally cautious this year about IT hiring trends. Although the unemployment rate for IT professionals is about half the national average of 4.7%, said CompTIA, some analysts use terms ranging from “modest” to “pre-recession” to describe IT hiring. Read more[COMPUTERWORLD.COM]

Search Technology

Search Technology

SOLR: Solr 6.0 and Graph Traversal Support. One of the new features that are present in the recently released Solr 6.0 is the graph traversal query that allows you to work with graphs. Having a root set and relations between documents (like parent identifier of the document) you can use a single query to get multiple levels of joins in the same request. Here's how this new feature works both in old fashioned Solr master/slave as well as in SolrCloud. Read more[DZONE.COM]

OPEN SOURCE: Has Open Source Become the Default Business Model for Enterprise Software? SpliceMachine's decision to open-source its product has become the latest reminder that -- in emerging technology markets -- open source is increasingly the rule, not the exception. Read the rest[ZDNET.COM]

Search Technology

GOOGLE: Releases Search Tools to Simplify the Voter Registration Process. Google is continuing its efforts to encourage people to vote in this November’s presidential election in the United States. With Google’s most recent update, it will provide information directly in the search results about how you can register to vote in your state. The update can be triggered by typing “register to vote” in the search bar. Google will then return detailed state-by-state information about how to vote, including the general requirements and voter registration guidelines. Read more[SEARCHENGINEJOURNAL.COM]

Search Technology

CONNECTOR FRAMEWORKS: How Do I Connect Thee? Let Me Point the Ways. Finally, for content repositories and other sources of searchable data, there are also connector frameworks, such as Apache ManifoldCF, that facilitate the connection between the repositories and various destinations (primarily search servers). Support for a wide variety of repositories, such as Documentum, Alfresco, Sharepoint, etc. is already available. Other custom connectors may also be similarly developed. On the other side, search servers such as ElasticSearch and Apache Solr are supported, amongst others. Read the rest[INFOWORLD.COM]

Agile Application Development

Agile Application DevelopmentAGILE DevOps: A Path to the Common Ground of Productivity. Best of breed analytics solutions must bridge the gap between data science and production to unify development and deployment into an agile methodology. With that in mind, Florian Douetteau, CEO of Dataiku, has put together an interesting guidebook that discusses how to achieve that level of synergy to build a data project that embodies the ideologies of agility. Read more[GIGAOM.COM]

PROJECT REQUIREMENTS: Blueprint’s Storyteller Auto-Generates User Stories for Agile Teams. Blueprint is trying to solve one of the biggest problems it sees in the agile industry: user stories. According to the company, too often teams misunderstand project requirements, which result in costly delays and revisions. To solve this, Blueprint is launching Storyteller, a new solution designed to auto-generate high-quality user stories and acceptance criteria. Read the rest[SDTIMES.COM]

Agile Application DevelopmentCONTRACTING: Agile Software Development Brings New Contracting Issues. Creating software using an agile software development (“ASD”) methodology is not a new concept, but it is rapidly gaining popularity among software developers based on the notion that ASD yields workable code sooner and in a more efficient manner. However, traditional “waterfall” software development approaches do not easily lend themselves to contracting under an ASD approach. Read more[LAW360.COM]

EPA: How Agile Development Aids FITARA Compliance. As chief information officer of the Environmental Protection Agency, Ann Dunkin is charged with modernizing the IT infrastructure of the 15,000-person strong office. In a recent interview, Dunkin spoke about the progress that EPA is making in reforming its IT acquisition process and the challenge of shifting from legacy systems to agile development. Read the rest [FEDERALTIMES.COM]

BYOD

BYOD

EXEC TECH: BYOD is Evolving for a Cyber-Conscious Age. Kimberly Hancher, former CIO at the Equal Employment Opportunity Commission, helped craft the White House BYOD policy in 2012. That document outlines a broad set of guidelines that agencies can use to establish the proper parameters for mobile access. Yet four years later, she said, there aren’t enough clear policies at federal agencies. “I don’t think most agencies are really undertaking the effort and due diligence to address BYOD policy,” she said. “They’re just sort of letting people do whatever they can get away with, and very few agencies have actually put formal policies in place.” Read the rest[FCW.COM]

BYOD

USERS: Don’t Mess with iOS 10 or Android Nougat Betas. There’s a lot of interest in the beta releases of iOS 10 and Android Nougat, and while most people are free to explore the new platforms, BYOD users should hold off from testing them. Find out more[ZDNET.COM]

ENTERPRISE: The BYOD Evolution: Three Common Approaches. It has become a way of life for employees to bring personal devices to work, whether or not your organisation has a BYOD policy. Employees want the ability to use their own phones, tablets and laptops at work, without losing ownership or control of those devices. But this should raise some red flags for a company’s IT and security teams. The modern issues with BYOD have gone beyond just basic user-privacy issues, to the serious security and compliance matters that need to be addressed to ensure IT ecosystems are not vulnerable. Read more [APPSTECHNEWS.COM]

BYOD

INDUSTRY INSIGHT: Balancing Mobility with Security: What Government Can Do. The consumerization of IT is not only changing the way employees work, it’s changing their expectations of government IT. Employees look to their agencies to provide modern IT services, interfaces and capabilities — most of which have historically been the responsibility of IT departments. The trouble is that accommodating the mobility demands of today’s users presents a fundamental security challenge to IT teams used to retaining control of every system, app and network under their purview. How do IT teams balance the demands of flexible and secure mobility, accommodate users’ preferences and modernize their IT environments? Here are a few considerations. Read the rest[GCN.COM]

Big Data

Big DataINFORMATION MANAGEMENT: How to Make Big Data Work for SMEs. Big data for SMEs is all about joining up various sources of data and using it to improve productivity and profitability. With accessibility via the cloud, big data enables smaller business to take advantage of the tools that were previously only available to larger corporates. Big data is basically a repository of information drawn from different silos and joined up to make it work more effectively for the business.Here are five key steps on how SMEs can maximise their existing data to make it big. Read the rest[INFORMATION-AGE.COM]

STUDY: One-Third of Big Data Developers Use Machine Learning. A recent Evans Data report shows that 36 percent of developers working with big data and analytics are also using machine learning. Find out more[EWEEK.COM]

Big Data

HEALTHCARE: Managing Big Data in Healthcare. Life sciences companies have too much information – manually collected, logged and stored to adhere to the highest quality standards. Digital analytics can funnel just the right information for risk management. Read more[AUTOMATIONWORLD.COM]

ROUNDUP: Watson, WebEx Mashup, Hadoop Summit. IBM Watson gets close with Cisco WebEx to improve collaboration. Hortonworks rolls out updates and initiatives at Hadoop Summit. MapR offers an update to please admins. MongoDB Atlas goes live with a managed cloud-based MongoDB service. Read more[INFORMATIONWEEK.COM]

Mobile Applications

Mobile Applications

SURVEY: Companies Want Mobile Apps Without Spending Much on Development. The enterprises engaged in the communications space are increasingly recognizing the perks having a sophisticated mobile app platform, with 42 percent of companies expanding their spending on mobile app development, by an average of 31 per cent in 2016. However, the companies are averse to spending much on it, as a recent survey by Gartner revealed that the average proportion of the overall application development budget allocated to mobile is only 10 per cent, which is actually a 2 percent decline from last year. Read the rest[CIOL.COM]

Mobile Applications

IBM: Revamps MobileFirst Development Platform for the Cloud. IBM further strengthened the ties between its enterprise mobile app development platform and the cloud with MobileFirst Foundation 8.0, an enterprise middleware that provides cloud-based Mobile Back-end-as-a-Service (MBaaS) for enterprise mobile apps, along with many other associated products and services to round out the development/deployment lifecycle. Find out more[ADTMAG.COM]

Mobile Applications

AMAZON: AWS Mobile App Development Tools Target Device Lifecycle. AWS is a major player in mobile app development with a variety of end-to-end tools. But it’s not the only option, as Google and other MBaaS providers seek their market share. Read more[SEARCHAWS.TECHTARGET.COM]

FILEMAKER 15: How to Make Mobile Apps with FileMaker 15. The business world is full of inventories, catalogs and other lists that sit in spreadsheets or databases that would be more useful if you could take them out of the office. With FileMaker Go and FileMaker WebDirect, you can. Read the rest[CIO.COM]

Personnel Management

Personnel ManagementWORKFORCE: Millennials Want to Stay, If Government Grasps the New Reality. Many “millennials” in government say their agencies haven’t yet understood what makes them tick. And their generation isn’t drastically different than the ones that have come before it. Though a majority of federal employees under the age of 35 indicated their interest in staying within the federal government, many millennials said their decision depends on several different factors. Read the rest[FEDERALNEWSRADIO.COM]

OPM: Office of Personnel Management Hires First CISO. Following one of the largest data breaches on record, the Office of Personnel Management hires a chief information security officer. The new CISO is Cord Chase, former senior adviser on Cyber and National Security to the White House and Office of Management and Budget, and technology head and engineer at the U.S. Department of Agriculture. Find out more [GOVTECH.COM]

Personnel Management

DOD: The 4 Big Takeaways from Ash Carter’s New Push for Military Personnel Reform. The plan to overhaul the military personnel system that Defense Secretary Ash Carter announced Thursday would end the “one-size-fits-all” promotion system for military officers and clear the way for far more diverse options in military career tracks. Read more[MILITARYTIMES.COM]

FEDERAL CIVIL SERVICE: Report Says Top Civil-Service Rank Needs Urgent Boost. The Senior Executive Service, the highest rank of the nation’s federal civil service, carries a certain prestige. But that is not enough to convince many lower-ranking employees that the status is worth the headache. Read more[WASHINGTONPOST.COM]

Programming & Scripting Development Client & Server-Side

Programming & Scripting Development Client & Server-Side

JAVA: How Oracle’s Business As Usual Is Threatening to Kill Java. Oracle’s silence about Java EE has brought developer community distrust to a fever pitch. Read the rest[ARSTECHNICA.COM]

JAVASCRIPT: Blocking JavaScript Can Stop Some Windows Malware. Email attachments are probably the most common mechanism for infecting a Windows computer. As potential victims get wise to the tried and true infection schemes, bad guys have a relatively new wrinkle — the attached malicious file is JavaScript. JavaScript, or more correctly in this case, JScript files, are plain text files that end in “.js.” Find out more[COMPUTERWORLD.COM]

Programming & Scripting Development Client & Server-Side

jQUERY: Long-awaited jQuery 3.0 Brings Slim Build. The jQuery team has unveiled the long-awaited 3.0 release, bringing a new slimmed-down option as well as major new features, improvements, and bug fixes. Read more[INFOQ.COM]

RUBY-ON-RAILS: Ruby on Rails-style Development Comes to Apple’s Swift. The Swifton framework shares the model-view-controller development pattern with Rails. Read more[INFOWORLD.COM]

Cloud Computing

Cloud Computing

IaaS: Infrastructure as a Service Cloud Computing Revenue to Surge by 2020. Infrastructure as a service (IaaS) cloud revenue is expected to triple to $43.6 billion by 2020, up from $12.6 billion in 2015, according to research firm IDC. The projection, which equates to a compound annual growth rate of 28.2 percent over five years, is based on the number of enterprises ditching on-premises hardware for the public cloud. Read the rest[ZDNET.COM]

MICROSOFT: Azure Cloud Wins a High-Profile New Customer – GE. General Electric is making its Predix industrial software platform available on Microsoft’s cloud. The move isn’t entirely new for GE — its Predix platform was already available on Amazon and Oracle’s clouds. But it’s an important step for Microsoft, which wants to establish itself as the favored partner for big business. Find out more[CNBC.COM]

Cloud Computing

SERVERLESS COMPUTING: What Serverless Computing Really Means. For developers, worrying about infrastructure is a chore they can do without. Serverless computing merely adds another layer of abstraction atop cloud infrastructure, so developers no longer need to worry about servers, including virtual ones in the cloud. Read more[INFOWORLD.COM]

IBM: Tests Secure Cloud Blockchain Service. IBM is beta-testing a new high-security service plan for IBM Blockchain, with dedicated infrastructure for each customer. Until now, it has offered only a starter cloud service for developers who want to experiment with blockchain technology. That service runs in a multitenant cloud, with infrastructure shared among hundreds of blockchains. The new service plan is still cloud-based, but “you get your own resources dedicated to you,” said IBM Vice President for Blockchain Technologies Jerry Cuomo. Read more[COMPUTERWORLD.COM]

Business Intelligence

Business IntelligenceTOOLS: 12 Ways to Empower Government Users With the Microsoft Business Intelligence (MBI) Stack. One way to mitigate the risks of budgetary constraints is to discontinue the habit of relying on IT resources for small tasks that users can either do themselves or with limited assistance. Your agency’s use of Microsoft Business Intelligence (MBI) tools and reporting services may hold the key to advancing your organization’s return on investment as well as gain much needed autonomy for your users. Read the rest[BLUEMT.COM]

DATABASES: SQL Server 2016 Stretch Database: What Can It Do? When Microsoft released SQL Server 2016, the release was accompanied by a slew of advanced features heavily tailored to make data more malleable and useful for business. In that light, one of the most exciting features of SQL Server 2016 is the Stretch Database feature. Find out more[ENTERPRISEAPPSTODAY.COM]

Business Intelligence

AMAZON: How Amazon Echo Could Serve as Your New Business Analyst. Picture this. You’re meeting with your board of directors. Someone requests more details about a sales forecast. Instead of booting up a laptop computer to dig up those numbers, you address the question verbally to an Amazon Echo device sitting alongside the other conference room gadgetry. Moments later, it responds with the appropriate data, allowing the meeting to continue uninterrupted. That scenario is being tested among a handful of companies that use data analytics software from Sisense, a New York-based company. Read more[FORTUNE.COM]

Business Intelligence

SOFTWARE: The Two Main Pitfalls of Business Intelligence As We Know It. Business Intelligence, or as it’s more commonly known as in today’s lexicon “BI,” is one of the first things that pops into professionals’ minds when anything data-related in the workplace is brought up. Whether you’re on the information technology side of the business or a P&L owner, the answer to any information problem is to typically throw a BI solution at it. Here’s a look at two primary reasons why business intelligence is soon-to-be extinct in the emerging technology landscape. Read more[CIO.COM]

IT Security | Cybersecurity

IT Security | Cybersecurity

NIST: Plans Cybersecurity Framework Update. Winter 2017 Revision Would Refine, Clarify Provisions. The National Institute of Standards and Technology plans to update its 2-year-old cybersecurity framework late next year, says Matt Barrett, program manager. Read the rest[GOVINFOSECURITY.COM]

PHYSICS: In Cybersecurity, It’s Physics to the Rescue. As computing technology evolves, how will cybersecurity need to change to keep up? Find out more[FEDSCOOP.COM]

IT Security | CybersecurityFEDERAL AGENCIES: For Federal Agencies, a Deluge of Data Requires Security – Everywhere. Data security is a paramount concern for federal agencies no matter how and where their information is stored. Read more[FEDTECHMAGAZINE.COM]

RANSOMWARE: New York Takes Bold Steps to Tackle Ransomware. As ransomware threats increasingly target state and local IT systems, Sen. Chuck Schumer calls for a unified and coordinated defense. Read more[STATETECHMAGAZINE.COM]

IT Security | Cybersecurity

FDIC: Why the FDIC Is Updating Its Cyber Security Policy After This Data Breach. The U.S. Federal Deposit Insurance Corporation is updating cyber security policies after a 2015 data breach in which a former employee kept copies of sensitive information on how banks would handle bankruptcy. FDIC Chairman Martin Gruenberg said he made personnel changes after receiving a report in 2013 informing him that he had not been fully briefed about the major compromise of the regulator’s computers by a foreign government in 2010 and 2011. Read more[FORTUNE.COM]

IT Security | CybersecurityBLIND SPOTS: Cybersecurity Blind Spots: Mitigating Risks and Vulnerabilities. Technical blind spots certainly present major information security challenges to CISOs and their teams, as the complexities of monitoring encrypted traffic and updating SAP software and other legacy applications can be daunting tasks. But there are other cybersecurity blind spots that involve more amorphous and less technical concepts such as enterprise risks. Here’s how security experts overcome these challenges. Read the rest[SEARCHSECURITY.TECHTARGET.COM]

CAREERS: Feds to Hire 3,500 Cybersecurity Pros by Year’s End. Last October, the U.S. government began hiring 6,500 new cybersecurity IT professionals. It has hired 3,000 so far, and plans to hire another 3,500 by January 2017, the White House has reported. Read more[COMPUTERWORLD.COM]

IT Security | Cybersecurity

THREAT PREVENTION: Context-Rich And Context-Aware Cybersecurity. An adaptive threat-prevention model is quickly replacing traditional, unintegrated architectures as security teams work to achieve a sustainable advantage against complex threats. Read the rest[DARKREADING.COM]

From the Blue Mountain Data Systems Blog

Three-Dimensional Governance for the CIOhttps://www.bluemt.com/three-dimensional-governance-for-the-cio

7 Reasons to Take Control of IT Incidentshttps://www.bluemt.com/7-reasons-to-take-control-of-it-incidents/

Breach Mitigation Response Time Too Long, Survey Sayshttps://www.bluemt.com/breach-mitigation-response-time-too-long-survey-says/

Six Tactics for Cyberdefensehttps://www.bluemt.com/six-tactics-for-cyberdefense/

From the Blue Mountain Data Systems Blog

Feds Report Mixed Responses to Shared Serviceshttps://www.bluemt.com/feds-report-mixed-responses-to-shared-services

Federal Employees Are Not Security Expertshttps://www.bluemt.com/federal-employees-are-not-security-experts

Survival Guide for Network Administratorshttps://www.bluemt.com/survival-guide-for-network-administrators

DBaaS: OpenStack Trove Changes DB Managementhttps://www.bluemt.com/dbaas-openstack-trove-changes-db-management

From the Blue Mountain Data Systems Blog

Help Wanted: Certified Cybersecurity Professionalshttps://www.bluemt.com/help-wanted-certified-cybersecurity-professionals

Cyber Threat Intelligence Integration Center Previewhttps://www.bluemt.com/cyber-threat-intelligence-integration-center-preview/

Cloud Moves in 1-2-3https://www.bluemt.com/cloud-moves-in-1-2-3/

Change Management for Disaster Recoveryhttps://www.bluemt.com/change-management-for-disaster-recovery/

From the Blue Mountain Data Systems Blog

Jeffersonian Advice For C-Suite Career Advancementhttps://www.bluemt.com/jeffersonian-advice-for-c-suite-career-advancement/

Ways To Survive The “Mobile-Pocalypse”https://www.bluemt.com/ways-to-survive-the-mobile-pocalypse/

Microsoft Cloud Services Receive FedRAMP Authority to Operatehttps://www.bluemt.com/microsoft-cloud-services-receive-fedramp-authority-to-operate/

Hiring Pentesters? Here Are 10 Things You Need to Knowhttps://www.bluemt.com/hiring-pentesters-here-are-10-things-you-need-to-know/

From the Blue Mountain Data Systems Blog

Home Router Malware Alerthttps://www.bluemt.com/home-router-malware-alert/

Threat Model Deconstructionhttps://www.bluemt.com/threat-model-deconstruction/

Business Email Scam Nets $214 Millionhttps://www.bluemt.com/business-email-scam-nets-214-million/

How to Prevent Unauthorized Software from Taking Over Your Organizationhttps://www.bluemt.com/the-cios-guide-to-happy-end-users-2/

From the Blue Mountain Data Systems Blog

Digital Marketing Predictions for 2015https://www.bluemt.com/digital-marketing-predictions-for-2015/

SDN: Network Administrator’s Friend or Foe?https://www.bluemt.com/sdn-network-administrators-friend-or-foe/

Mobile Payments: A Must for Federal Agencieshttps://www.bluemt.com/mobile-payments-a-must-for-federal-agencies/

Soft Skills Are A Must-Have For Careers In IThttps://www.bluemt.com/soft-skills-are-a-must-have-for-careers-in-it/

From the Blue Mountain Data Systems Blog

Security Risks Most Prevalent in Younger Workershttps://www.bluemt.com/security-risks-most-prevalent-in-younger-workers/

The Security World’s Maturationhttps://www.bluemt.com/the-security-worlds-maturation/

Data Breach Concerns Keep CISOs Up At Nighthttps://www.bluemt.com/data-breach-concerns-keep-cisos-up-at-night/

Personalized Govt Equals Instant Gratification for Citizenshttps://www.bluemt.com/personalized-govt-equals-instant-gratification-for-citizens/

From the Blue Mountain Data Systems Blog

People-Centric Securityhttps://www.bluemt.com/people-centric-security/

Pentagon Tries BYOD To Strike Work/Life Balancehttps://www.bluemt.com/pentagon-tries-byod-to-strike-worklife-balance/

Open Source Model Considered for MS Windowshttps://www.bluemt.com/open-source-model-considered-for-ms-windows/

Open Internet: To Be or Not to Be?https://www.bluemt.com/open-internet-to-be-or-not-to-be/

From the Blue Mountain Data Systems BlogMalware Stays A Step Ahead Infecting One Third of Websiteshttps://www.bluemt.com/malware-stays-a-step-ahead-infecting-one-third-of-websites/

Machine-Generated Data: Potential Goldmine for the CIOhttps://www.bluemt.com/machine-generated-data-potential-goldmine-for-the-cio/

Government Legacy Programs: Reuse vs. Replacementhttps://www.bluemt.com/government-legacy-programs-reuse-vs-replacement/

It Takes a Whole Village to Protect Networks and Systemshttps://www.bluemt.com/it-takes-a-whole-village-to-protect-networks-and-systems/

From the Blue Mountain Data Systems Blog

Governance For the CIOhttps://www.bluemt.com/governance-for-the-cio/

Help Desk Consolidation – Lessons Learnedhttps://www.bluemt.com/help-desk-consolidation-lessons-learned/

One Year Later, Companies Still Vulnerable to Heartbleedhttps://www.bluemt.com/one-year-later-companies-still-vulnerable-to-heartbleed/

Federal Projects Cultivate Worker Passionhttps://www.bluemt.com/federal-projects-cultivate-worker-passion-2/

ABOUT US

Blue Mountain Data Systems Inc.

Blue Mountain Data Systems Inc. is dedicated to application and systems development, electronic document management, IT security support, and the automation of workflow processes.

Read more about our experience here:>> http://bluemt.com/experience

Recent Experience

U.S. Dept. of Labor Employee Benefits Security Administration

1994 to Present

Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support.

MANAGEMENT

Paul T. Vesely Founder, President, CEO and Principal Architect

Mr. Vesely is a recognized thought leader in systems architecture and delivery, having designed and delivered many enterprise wide information and document management solutions. Mr. Vesely’s history includes 33 years experience in the information systems industry, with Unisys, Grumman, PRC and a host of clients in both government and private sectors.

CONTACT US

Contact Us Today to Discuss Your Next IT Project

HEADQUARTERS366 Victory DriveHerndon, VA 20170

PHONE 703-502-3416

FAX 703-745-9110

EMAILpaul@bluemt.com

WEBhttps://www.bluemt.com