Blue Mountain Data Systems Tech Update SummaryMay 2017

For CTOs, CIOs & CISOs

Visit Blue Mountain Data Systems https://www.bluemt.com

For CTOs, CIOs & CISOs

Every business day, we publish a Daily Tech Update for Federal & State CTOs ,CIOs & CISOs on the Blue

Mountain Data Systems Blog. We hope you will visit our blog for the latest information.

You can also receive these updates via email. Click here to subscribe.

Here’s the summary of the Daily Tech Updates for May 2017. Hope the information and ideas prove

useful.

Best,

Paul Vesely

President and Principal Architect

Blue Mountain Data Systems Inc.

Encryption

Encyption

FEDERAL GOVERNMENT: Suing to See the Feds’ Encrypted Messages? Good Luck. The conservative group Judicial Watch is suing the Environmental Protection Agency under the Freedom of Information Act, seeking to compel the EPA to hand over any employee communications sent via Signal, the encrypted messaging and calling app. In its public statement about the lawsuit, Judicial Watch points to reports that EPA staffers have used Signal to communicate secretly, in the face of an adversarial Trump administration. But encryption and forensics experts say Judicial Watch may have picked a tough fight. Delete Signal’s texts, or the app itself, and virtually no trace of the conversation remains. “The messages are pretty much gone,” says Johns Hopkins crypotgrapher Matthew Green, who has closely followed the development of secure messaging tools. “You can’t prove something was there when there’s nothing there.” Find out more[WIRED.COM]

Encyption

WHY: We Need to Encrypt Everything. Many major websites already encrypt by default. Here’s why encryption and multifactor authentication should be everywhere. Find out more[INFOWORLD.COM]

NEWS: Make Encryption Ubiquitous, Says Internet Society. The Internet Society has urged the G20 not to undermine the positive role of encryption in the name of security, claiming it should provide the foundation of all online transactions. Find out more[INFOSECURITY-MAGAZINE.COM]

Encyption

FBI: $61M to Fight Cybercrime, Encryption in Trump Budget Proposal. President Donald Trump’s budget blueprint for the federal government proposes a $61 million increase for the FBI and Justice Department in fiscal 2018 to better track terrorist communications and combat cybercriminals. Find out more[FEDSCOOP.COM]

Encyption

ENCRYPTION: Usage Grows Again, but Only at Snail’s Pace. Deployment pains and problems with finding data in the corporate maze are being blamed for business’ lack of interest in crypto. Read more[ZDNET.COM]

ATTACKS/BREACHES: The Long Slog To Getting Encryption Right. Encryption practices have improved dramatically over the last 10 years, but most organizations still don’t have enterprise-wide crypto strategies. Read the rest[DARKREADING.COM]

Encyption

ENTERPRISE: Keeping the Enterprise Secure in the Age of Mass Encryption. How can businesses ensure enterprise security in a world with mass encryption, given Mozilla’s revelations recently that over half of webpages loaded by Firefox use HTTPS. Find out[INFORMATION-AGE.COM]

READ: Encryption Won’t Stop Your Internet Provider From Spying on You. Data patterns alone can be enough to give away what video you’re watching on YouTube. A 2016 Upturn report sets out some of the sneaky ways that user activity can be decoded based only on the unencrypted metadata that accompanies encrypted web traffic—also known as “side channel” information. Read more[THE ATLANTIC.COM]

Databases

Databases

FPGAs: Shaking Up Stodgy Relational Databases. So you are a system architect, and you want to make the databases behind your applications run a lot faster. There are a lot of different ways to accomplish this, and now, there is yet another –and perhaps more disruptive – one. Read more[NEXTPLATFORM.COM]

DATA BREACHES: If You Want to Stop Big Data Breaches, Start With Databases.Over the past few years, large-scale data breaches have become so common that even tens of millions of records leaking feels unremarkable. One frequent culprit that gets buried beneath the headlines? Poorly secured databases that connect directly to the internet. Read the rest[WIRED.COM]

Databases

TRENDS: Top Databases in 2017: Trends for SQL, NoSQL, Big Data, Fast Data.What are the most in demand tools for data storage and processing this year? Find out[JAXENTER.COM]

IBM: Jumps on Bandwagon for Cloud Databases. Responding to what it says is growing demand for deploying SQL databases in the cloud, IBM this week rolled out a transactional database as a service on its SoftLayer cloud infrastructure. The move reflects the steady advance of cloud-native data platforms along with a growing number of analytics and transaction databases provisioned in the cloud. Read more[ENTERPRISETECH.COM]

More About Blue Mountain

BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S. Dept. of Labor, Employee Benefits Security Administration. Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support. Read more.

Electronic Document Management

Electronic Document Management

SECURE DOCUMENTS: 18 Ways to Secure Your Electronic Documents. Electronic Document Management Systems (EDMS) are electronic repositories designed to provide organized, readily retrievable, collections of information for the life cycle of the documents. How can you keep these electronic files secure during the entire chain of custody? Here are 18 security suggestions. Read more[BLUEMT.COM]

LEGAL DEPT DOCUMENT MANAGEMENT: Investing in New Technologies: How Corporate Legal Departments Are Leading the Way. Many departments are looking to technology to assist with automation of processes, resource and budgetary management, and tracking. Connie Brenton, co-founder of Corporate Legal Operations Consortium (CLOC), a non-profit association of legal operations executives, explains, “Corporate executives expect the GC’s office to be a business counselor to the firm, and to discuss numbers, data and analytics. Efficiency is now essential for legal departments, and this has advanced software’s role and accelerated technology adoption.” Find out more[INSIDECOUNSEL.COM]

Electronic Document Management

CFPB: Looks to Embrace Cloud for Email, Office Application Needs. The Consumer Financial Protection Bureau wants to move to a public cloud setup for some of its core enterprise apps. The financial watchdog agency recently sent out a Request for Information (RFI) on the process, technical requirements and costs of moving to cloud services in fiscal year 2017. CFPB wants to establish a more complete understanding on the costs associated with moving fully to a cloud solution for email and office applications (e.g., documents, spreadsheets, presentations, SharePoint and more).Read the rest[FEDTECHMAGAZINE.COM]

Electronic Document Management

ROI: 4 Ways Business Document Management Software Can Save You Money. Lisa Croft, Group Product Marketing Manager at Adobe Document Cloud, talks about the many ways business document management can save your company time, space, and more importantly, loads of money. Here are the four most obvious ways these tools provide excellent return-on-investment. Read more[PCMAG.COM]

Security Patches

Security Patches

MOBILE: March Android Security Update Breaks SafetyNet, Android Pay. An issue with the March Android over-the-air security update has been resolved after Nexus 6 users complained that Android Pay no longer worked after installation of the update. The update in fact broke Android’s SafetyNet API which provides a constant check on device integrity, blocking access to certain features – such as Android Pay – if it believes a device has been rooted. A Google representative confirmed to Threatpost that the issue was resolved and the OTA update re-issued, even for devices that had already installed the bad update. Find out more[THREATPOST.COM]

Security Patches

ADOBE: Flash Player New Security Update. On March 14, Adobe Flash Player users should receive a new security update instead of the February patches. This is because Microsoft has engaged to its earlier plan to defer and deliver the updates at a later date even if the security patches are now available. On February 2017, Adobe has addressed the issue and found a solution in which a patch was able to deal with the security problem. For this reason, users are given access to both MS17-005 Security Update for the Adobe Flash Player. This is due to the update from Adobe and the provision by Microsoft. This vulnerability has been considered a critical issue due to the permission that it can grant the attackers. In a report by security specialists, such a vulnerability indicates that attackers are granted control of the machine that was infected. This is in the sense that they are allowed to send remote commands.. Find out more[TNHONLINE.COM]

Security Patches

SECURITY: After CIA Leaks, Tech Giants Scramble to Patch Security Flaws. Apple, Microsoft, and Google are analyzing leaked CIA documents to see if their products are affected, but security researchers say that most of the flaws have long been fixed. Find out more[ZDNET.COM]

CMS: WordPress Finally Patches 6 Glaring Security Issues. WordPress is the most popular CMS in the world – and the most hacked. Just last month, hackers engaged in a “feeding frenzy” at the expense of WordPress sites across the web, exploiting a vulnerability found in the WP REST API plugin. After patching that security issue, Automattic, the company behind WordPress, rolled out yet another security patch this week in the form of WordPress 4.7.3. Find out more[CMSWIRE.COM]

Security Patches

ORACLE: Oracle Releases Nearly 300 Security Patches. Apache Struts fixes take the lead in the patch-Tuesday, which also includes fixes for various Shadow Brokers leaks. Read more[SCMAGAZINE.COM]

MICROSOFT: Patch Tuesday New Security Update Guide Gets Mixed Reviews.Microsoft’s April Patch Tuesday finally revealed the company’s new approach in rolling out and informing the industry on the security updates for the month and at best has received mixed reviews from several industry insiders. Read the rest[SCMAGAZINE.COM]

Security Patches

ANDROID: Pixel XL Devices Accidentally Receive ‘Googlers-only OTA’ of Next Android Security Update. Google frequently uses their employees to dogfood updates before they are released to the public. Earlier this evening, a “confidential Googlers-only OTA” appears to have inadvertently been pushed to some Pixel XL devices. Find out[9TO5GOOGLE.COM]

READ: Shadow Brokers Lessons…First, Don’t Panic. If you’re worried about zero-days and hacking tools but not outdated software and obsolete systems in your network, then you’re doing security wrong. Read more[INFOWORLD.COM]

CIO, CTO & CISO

For the CIO, CTO & CISO

CIO: Federal CIOs’ 5 Key Steps to IT Modernization. There’s an urgent need to modernize federal agencies’ technology. At least two-thirds – and in some cases more – of the federal IT budget in recent years has gone toward the operations and maintenance of outdated legacy systems that are often older than some of the personnel in charge of their upkeep. Find out more[FEDSCOOP.COM]

CTO: White House Selects Deputy CTO From Peter Thiel’s Rolodex. One of PayPal’s cofounders and early Facebook investor Peter Thiel’s aides will step into the role of White House deputy chief technology officer. The White House tapped Michael Kratsios, principal and chief of staff at Thiel Capital, for the post in the Office of Science and Technology, according to Politico. Kratsios’ prior roles include chief financial officer and chief compliance officer at Clarium Capital Management –another Thiel-funded investment firm – and roles as an analyst at Lyford Group International and Barclays Capital. Find out more

[NEXTGOV.COM]

CIO, CTO & CISO

CISO: Think Like a Hacker, Says Former CISO. “We need to think like a hacker” to protect federal networks, Greg Touhill said at a March 30 cybersecurity conference in Washington. “We haven’t even been thinking like an accountant” when it comes to federal IT, he said. “We need to do a bit of both” to maximize security and efficiency for the federal networking dollars. Find out more[FCW.COM]

INSIGHTS: Acting CIOs May Slow Government Technology Push. A lack of action by the Trump administration has left 10 of 25 federal chief information officer positions vacant, which may slow plans to upgrade cybersecurity and information technology systems across the federal government. Find out more[ABOUT.BGOV.COM]

Penetration Testing

Penetration Testing

WHY: Cyber Attacks Will Continue until Prevention Becomes a Priority. It’s time for organizations to rethink their approach to security. Keeping your organization safe must be a full-time commitment, not simply a passing concern following the latest report of a data breach. Focus on training, getting rid of old tech, and overcoming apathy. Read more[DARKREADING.COM]

SECURITY: Good Coding Practices Mean Good Data Security. Data breaches are a dime a dozen these days. Are hackers getting better? Not really. It turns out that bad coding practices lead to insecure code and glaring vulnerabilities. Read the rest[JAXENTER.COM]

Penetration Testing

SECURITY GAPS: Time to Look at Red Teaming? Penetration testing and red teaming are designed to identify vulnerabilities in your IT systems, but the methodologies are very different. Red teaming is simply a no-holds-barred use of realistic attacker tactics, from spear-phishing and deployment of bespoke Trojans to the testing of defences to gain physical entry to a building. Find out more[COMPUTERWEEKLY.COM]

TOOLS: There’s Now a Tool to Test for NSA Spyware. A script that detects a related code implant has shown as many as 100,000 systems worldwide may be infected. Read more[PCWORLD.COM]

Open Source

Open Source

READ: The Rise Of Open-Source Malware And IoT Security. With 2017 well underway, security professionals are scrambling to understand emerging cyberthreats that will be prevalent in the coming year, and the appropriate mitigation techniques. I’ve found that this is particularly true for communications service providers (CSPs), who have to protect their networks as well as business and consumer subscribers from attacks. While ransomware, data breaches and global hacking events will continue to grab headlines, a major area of focus in the cybersecurity world in 2017 will undoubtedly be internet of things (IoT) devices. Based on recent attacks, these devices seem easy to hack, and can be used to launch global attacks with devastating outcomes. Find out more[FORBES.COM]

Open Source

DOD: New DOD Software Coding Will Increase Private-Sector Involvement. The Department of Defense (DOD) has unveiled a software coding initiative that could transform the creation and quality of DOD software projects, and the interactions between federal, private sector, and individual software developers. The initiative, known as Code.mil, is headed by the Defense Digital Service (DDS), a team representing DOD’s effort to increase public-private collaboration in the software industry. Code.mil represents the next step in this endeavor with its objective of connecting the vast amount of individual coding talent and skill with DOD software projects open to improvements. Find out more[DEFENSESYSTEMS.COM]

CLONES: Welcome in Scientific Hardware. Learn why a firm is open sourcing their testing equipment. Find out more[OPENSOURCE.COM]

Open Source

MICROSOFT: To Shut CodePlex Open Source Project Site. The company acknowledges that GitHub is the go-to option for project hosting and will shutter CodePlex at the end of this year. Find out more[INFOWORLD.COM]

GIS: Unlocking Business Value with Open Source GIS. Proprietary geospatial software generally consists of subscriptions that determine how many data sources can be considered and how much it will cost to determine optimal routing. Open-source geospatial software, on the other hand, allows organizations to leverage geospatial data without incurring per-user, per-login or per-CPU cycle costs. Additionally, users are not penalized for increasing their number of users or conducting as much analysis as is required to determine ideal routing. Here’s a look at the most prominent benefits of open-source software. Find out more

[DATA-INFORMED.COM]

Business Intelligence

Business Intelligence

DISCOVER: 7 Forces Driving Modern Business Intelligence Growth. The number of organizations embracing business intelligence platforms continues to grow, but more focus is being placed on business-led, agile analytics and self-service features rather than IT-led system-of-record reporting. That is the finding of a recent study by Gartner, which looked at market trends in business intelligence and analytics overall, and differences between traditional BI investments and modern BI. Find out more[INFORMATION-MANAGEMENT.COM]

GOOGLE: The AI Talent Race Leads Straight to Canada. America’s biggest tech companies are remaking the internet through artificial intelligence. And more than ever, these companies are looking north to Canada for the ideas that will advance AI itself. Find out more[WIRED.COM]

Business Intelligence

READ: The Unmistakable Conviction of Visual Business Intelligence. Visual business intelligence represents the summation of BI’s time-honored journey from the backrooms of IT departments to the front offices of business analysts and C level executives alike. It seamlessly merges the self-service movement’s empowerment of the business via user-friendly technology with the striking data visualizations servicing everything from data preparation to analytics results. Find out more[KMWORLD.COM]

NGA: Looks to “Reinvent security’ with Fast-Churn Cloud Architecture. To better protect the nation’s intelligence networks, the National Geospatial-Intelligence Agency is moving most of its IT operations to the cloud and looking to “reinvent security” in the process. Jason Hess, the NGA’s chief of cloud security, wants to take advantage of cloud’s flexibility to tear down the agency’s IT architecture and rebuild it every day so that would-be attackers will confront a confusing operating environment and enjoy limited time-on-target. Find out more

[GCN.COM]

Operating Systems

Operating Systems

WINDOWS 10: Is Windows 10 an Operating System or an Advertising Platform? Windows 10 has certainly gotten its share of lumps since it was released. Some users really liked it, while other detested the changes made by Microsoft. Windows 10 has proven to be a great example of beauty being in the eye of the beholder. One writer at BetaNews recently wondered if Windows 10 was an operating system or an advertising platform. Find out more[INFOWORLD.COM]

Operating Systems

MOBILE: Android is Set to Overtake Windows as Most Used Operating System. After more than eight years in the hands of consumers, Android is poised to overtake Windows as the most used operating system in the world. This measurement comes by way of web analytics firm StatCounter, which follows trends in worldwide web traffic. Microsoft Windows holds the slimmest of margins over Android, and they could trade positions very soon if current trends continue. Find out more[EXTREMETECH.COM]

Operating Systems

PERSONAL TECH: Just What Was in That iOS System Update? When you get the notice of a software update for iOS, there’s usually a link to read about the security content of the update. But where does Apple officially tell you about all other things that change in these upgrades? Find out more[NYTIMES.COM]

LEARN: The Best Alternatives Operating Systems. For most people, the only operating systems they know of are Windows, macOS, Android and iOS. However, there are other operating systems you can consider. Here’s a list of six alternative operating systems for your review. Find out more[HACKREAD.COM]

Incident Response

Incident Response

ENERGY DEPT: Exercise Reveals ‘Gaps’ in Major Cyber Incident Response. Department of Energy exercise last year found shortcomings in the way that federal, state and local governments would work with industry to respond to a major cyber incident affecting energy infrastructure on the East Coast. Read more[THEHILL.COM]

OPINION: Complete Security Deception Includes Detection and Incident Response. Finding a threat solves only part of the problem. A complete deception solution will also enable better incident response. Read the rest[NETWORKWORLD.COM]

Incident Response

BRIEFS: Threats, Violent Incidents at Federal Facilities Assessed. Read a recent CRS report examining violent incidents at federal facilities, including a tally of nearly 1,000 incidents in recent years that it says probably represents only a small portion of such incidents. Find out[FEDWEEK.COM]

READ: Will Congress Help Fund New State and Local Cyber Programs? Back in early March, a bipartisan group introduced the State Cyber Resiliency Act. If passed and funded, the legislation would provide grants for state and local governments to improve cybersecurity protections and incident response. Here’s what you need to know. Read more[GOVTECH.COM]

Cybersecurity

Cybersecurity

CITIES: As Cities Get Smarter, Hackers Become More Dangerous. This Could Stop Them. As governments create smarter cities, they need cybersecurity measures built from the ground up – or they risk costly data breaches which could compromise the privacy of their citizens. Find out more[CNBC.COM]

FEDERAL GOVERNMENT: Looking to the Feds for Help in Fighting Cybercriminals. Cybercriminals are unrelenting in their attacks on state and local government computer networks, which contain detailed personal and business information —such as birth certificates, driver’s licenses, Social Security numbers and even bank account or credit card numbers — on millions of people and companies. Now, state and local officials are hoping Congress will give them some help in fending off the constant threat. Find out more[GCN.COM]

Cybersecurity

INSURANCE: How AIG’s Cyber Security Gamble Could Pay Off. American International Group (AIG) has recently begun offering personal cyber security insurance plans to individuals. The company appears to be riding a wave of individuals’ fears about losing online data or having their bank accounts emptied, and should find success with wealthier customers who have a lot to lose. But it remains to be seen whether ordinary consumers will come to regard cyber security insurance as a necessary expense. Find out more[FORTUNE.COM]

Cybersecurity

NIST: Must Audit Federal Cybersecurity Because DHS Isn’t, Hill Staffer Says. A senior House science committee staffer Friday defended controversial legislation expanding the authorities of the government’s cybersecurity standards agency, saying it’s necessary because other agencies aren’t stepping up to the job. The bill, which passed the committee nearly entirely with Republican support earlier this month, would direct the National Institute of Standards and Technology to audit agencies’ cyber protections within two years, giving priority to the most at-risk agencies. Find out more[NEXTGOV.COM]

Cybersecurity

STATES: Rhode Island Names First State Cybersecurity Officer. Mike Steinmetz brings a wealth of public- and private-sector experience to the Ocean State, where he will serve as the first cybersecurity officer. Read more[GOVTECH.COM]

MANAGEMENT: NASCIO Midyear 2017 – Cybersecurity, Agile Take Center Stage. Mitigating hacking attacks, implementing more nimble procurement methods and more will be explored at this year’s National Association of State Chief Information Officer’s Midyear Conference. Read the rest[STATETECHMAGAZINE.COM]

Cybersecurity

WHY: You Must Build Cybersecurity Into Your Applications. One of the largest changes underway in the way we create software is that cybersecurity is no longer an afterthought, but instead is being built into every application. The challenge many companies face is how to keep up and make sure the software they create is just as safe as the products they buy. Find out[FORBES.COM]

NETWORKS: Trump’s Cybersecurity Mystery: 90 Days In, Where’s the Plan? An executive order was shelved without explanation, and a promised cybersecurity report hasn’t materialized. Read more[NETWORKWORLD.COM]

Cybersecurity

SECURITY: Greg Touhill’s Cyber Advice – Think Like a Hacker. DHS aims to get ahead of cybersecurity adversaries via automation tools, but the former U.S. CISO recommends a change of mindset as well. Read more[FEDTECHMAGAZINE.COM]

OPINION: Here’s Why Agencies Shouldn’t Give Up on Firewalls. There has been a lot of talk lately about the death of the security perimeter for computer networks, which is an especially sensitive topic for the federal government that helped to create the concept. Everyone seems to think it’s now impossible within cybersecurity to draw a line and keep bad guys on one side and authorized users on the other. Read the rest[NEXTGOV.COM]

Cybersecurity

ENTERPRISE: Keeping the Enterprise Secure in the Age of Mass Encryption. How can businesses ensure enterprise security in a world with mass encryption, given Mozilla’s revelations recently that over half of webpages loaded by Firefox use HTTPS. Find out[INFORMATION-AGE.COM]

COMMENT: Securing the Government Cloud. What many government network defenders have forgotten is that security in a cloud environment is a shared responsibility. The cloud provider secures the internet and physical infrastructure, but the cloud customer is responsible for protecting its own data. FedRAMP and third-party certifications assure that the cloud provider is doing its part. But it is ultimately up to customers to ensure they’re taking steps to prevent, detect and respond to cyber adversaries during the attack lifecycle. Read more[FCW.COM]

Project Management

Project Management

GUIDE: Scrum Agile Project Management: The Smart Person’s Guide. Here’s a go-to guide on scrum, a popular agile project management framework. You’ll learn scrum terminology, how to use the methodology in software and product development projects, and more. Find out more[TECHREPUBLIC.COM]

TOOLS: 7 Project Management Tools Any Business Can Afford. There’s no shortage of project management solutions for mid-size and large businesses. Startups, though, have limited budgets and simply can’t afford high-priced project management software. Here are seven affordable options. Find out more[CIO.COM]

Project Management

RISK: Open Source Project Management Can Be Risky Business. Learn how open source code is a huge factor in mitigating risk. Find out more[OPENSOURCE.COM]

FEDERAL GOVERNMENT: Get on the Same Platform, CIO Council Urges. Taking a government-as-a-platform approach to IT service delivery by leveraging cloud-supported solutions can help modernize and digitize federal agencies, according to a new report from the CIO Council. Find out more[GCN.COM]

Project Management

FITNESS TRACKING: Weight Loss On Your Wrist? Fitness Trackers May Not Help. Fitness trackers remain wildly popular, but do they make us fit? Maybe not, according to a study that asked overweight or obese young adults to use the tiny tracking tools to lose weight. Read the rest[NPR.ORG]

Application Development

Application Development

IoT: Why App Development Is The Key To Unlocking The IoT Vault. Solution providers are positioning themselves for success in the lucrative Internet of Things market by bolstering their application development teams. Companies bringing IoTsolutions to market face several hurdles, including interoperability, security and data management challenges – and staffing up with IoT application developers is critical for tackling these issues. Read more[CRN.COM]

SDKS: How Imaging SDKs Can Solve Today’s Application Development Challenges. In a mobile-first world, developers understand the importance of creating a next-generation app that fits in with client or user expectations. Developers should consider the myriad of SDK options if they want to improve functionality for the user, especially imaging SDKs. Although they are a niche market, these SDKs can add better imaging capabilities and target industry-related problems that companies are trying to tackle. Find out more

[SDTIMES.COM]

Application Development

SECURITY: Application Security Requires More Talk Than Tech. If you think application security only involves installing a tool, or scanning a few apps and moving on, you’re wrong. Application security is a unique security initiative, and its success hinges on people as much as technology. Read more[INFOWORLD.COM]

SPEED: How to Speed Enterprise App Development and Meet Digital Transformation Demands. Low-code platforms are key in accelerating digital transformation with rapid application development. Find out more[INFORMATION-AGE.COM]

Big Data

Big Data

KAFKA: Channels the Big Data Firehose. Kafka has emerged as the open source pillar of choice for managing huge torrents of events. The challenge is refining the tooling and raising the game on security beyond basic authentication. Read more[ZDNET.COM]

EUROPE: Big Data, Robotics and AI Fuelling VC Investment in London. Despite the Brexit result last year, London tech companies have attracted over £1 billion in emerging technologies since the referendum vote. Read the rest[INFORMATION-AGE.COM]

Big Data

E-COMMERCE: 5 Ways Big Data Analytics Can Help Your eCommerce Business. The words ‘Big data’ are thrown around a lot these days, but there is no definition that is universally accepted. The best definition of Big data comes from analyst Doug Laney, who said in 2001 that Big data is defined by ‘The 3Vs’ – including velocity, variety and volume. This means that Big data is a large amount of content that is varied and being produced quickly. Here are five ways that Big data analytics can help your online company. Find out[INSIDEBIGDATA.COM]

PODCAST: Big Data for Small Businesses. In the latest episode of the Microsoft Partner Network Podcast, listen to CEO of Neal Analytics, Dylan Dias, as he talks about the business of Big Data. Neal Analytics is a Microsoft partner focused on solving business problems with analytics and a management consulting perspective. Dylan was able to shed some light on what it takes for businesses to hit a fast-moving target like Big Data. Read more

[BLOGS.PARTNER.MICROSOFT.COM]

Mobile Applications

Mobile

JAVASCRIPT: Using NodeJS and JSON in Mobile App Development. For those who are new to application development, older technologies such as PHP and SQL were used to create web based applications based on databases and these were confirmed by a lack of scalability, and often needed a complete redevelopment in order to expand the platform. The emergence of Javascript and associated libraries and frameworks has meant that as software applications have become more data intensive and real time updates have occurred then technologies have been developed to allow for the increase of the use of these technologies. Read more[JOSIC.COM]

Mobile

HOW TO: Effectively Collect User Feedback in Mobile Application. According to lean development principles, developing a mobile application is a process that includes a sequence of phases — design, development, release, feedback collection, modification to redesign, and so on — with the aim of ensuring the successful development of an app at a minimal cost. User feedback is an indispensable part of the product life cycle and the basis to determine its evolution. Read the rest[INFOQ.COM]

DHS: Releases Government Guide for Mobile App Development. The Department of Homeland Security has released its Mobile Applications Playbook, giving federal agencies a roadmap for creating, testing and deploying apps that will be shared across the government. The 39-page guide can be used anywhere along an application’s development lifecycle, giving development teams a path forward when they are stuck on an issue related to an application’s progress. Find out

[FEDSCOOP.COM]

Mobile

FEDERAL AGENCIES: Progressive Web Apps: The Mobile Future. Agencies that can’t afford to pay a developer to build and maintain an app may want to consider progressive web apps, which offer advantages over traditional mobile applications and even browser-based apps because of their ability to work across multiple devices, their speed and the ease with which they can be developed and deployed. Read more[GCN.COM]

Programming & Scripting Development Client & Server-Side

Programming & Scripting Development Client & Server-Side

FYI: 10 Up-and-Coming Programming Languages Developers Should Get to Know. There are currently huge numbers of different programming languages in use by software developers, with most jobs requiring the more familiar skills such as Java, JavaScript, PHP and C#. However, as software demands evolve and grow, new and less widely-accepted languages are gaining in prominence, offering developers the right tool for certain jobs. Find out more[TECHWORLD.COM]

OPEN SOURCE: Introduction to Functional Programming. Here’s an explanation of what functional programming is, how to explore its benefits, and a list of resources for learning functional programming. Find out more[OPENSOURCE.COM]

Programming & Scripting Development Client & Server-Side

JAVASCRIPT: WIRED Had a Potential Infosecurity Problem. Here’s What We Did About It. On February 26th, WIRED’s security reporter Andy Greenberg received an email from Sophia Tupolev, the head of communications at the security firm Beame.io, saying she’d found a security issue on WIRED.com. Tupolev’s company had discovered sensitive data in the source code on many pages on our site, including obfuscated, “hashed” passwords and email addresses for current and former WIRED writers. Here’s what WIRED did to solve the problem. Find out more[WIRED.COM]

JAVA: Managing Both Acute and Chronic Web Application Security Issues. A new, high-severity vulnerability emerged in the Apache Struts 2 open-source framework used to build Java web applications. The flaw allows hackers to inject commands into remote web servers. Within hours, organizations around the world reported attacks exploiting CVE-2017-5638 while Struts 2 users scrambled to apply a patch from the Apache Foundation. What are the practical effects of these events, and what should government InfoSec leaders and practitioners do now? Find out more

[GCN.COM]

Programming & Scripting Development Client & Server-Side

FYI: 10 Up-and-Coming Programming Languages Developers Should Get to Know. There are currently huge numbers of different programming languages in use by software developers, with most jobs requiring the more familiar skills such as Java, JavaScript, PHP and C#. However, as software demands evolve and grow, new and less widely-accepted languages are gaining in prominence, offering developers the right tool for certain jobs. Find out more[TECHWORLD.COM]

OPEN SOURCE: Introduction to Functional Programming. Here’s an explanation of what functional programming is, how to explore its benefits, and a list of resources for learning functional programming. Find out more[OPENSOURCE.COM]

Programming & Scripting Development Client & Server-Side

JAVASCRIPT: WIRED Had a Potential Infosecurity Problem. Here’s What We Did About It. On February 26th, WIRED’s security reporter Andy Greenberg received an email from Sophia Tupolev, the head of communications at the security firm Beame.io, saying she’d found a security issue on WIRED.com. Tupolev’s company had discovered sensitive data in the source code on many pages on our site, including obfuscated, “hashed” passwords and email addresses for current and former WIRED writers. Here’s what WIRED did to solve the problem. Find out more[WIRED.COM]

Programming & Scripting Development Client & Server-Side

JAVA: Managing Both Acute and Chronic Web Application Security Issues. A new, high-severity vulnerability emerged in the Apache Struts 2 open-source framework used to build Java web applications. The flaw allows hackers to inject commands into remote web servers. Within hours, organizations around the world reported attacks exploiting CVE-2017-5638 while Struts 2 users scrambled to apply a patch from the Apache Foundation. What are the practical effects of these events, and what should government InfoSec leaders and practitioners do now? Find out more[GCN.COM]

Cloud Computing

Cloud Computing

CLOUD TECH: Heptio’s Joe Beda – Before Embracing Cloud Computing, Make Sure Your Culture is Ready. Ours is a world enamored with the possibilities unlocked by technological advances. And if we ever update our organizational thinking to account for those advances, we might actually follow through on those possibilities. That issue is at the forefront of Joe Beda’s mind these days. Beda is the co-founder of Heptio, a company that makes tools for developers interested in bringing containers into their development environment. He’s worked at large companies (he helped create Kubernetes and Google Cloud Engine at the search giant) and small (Heptio is up for Startup of the Year at Thursday’s GeekWire Awards), and understands why so many companies struggle with the shift to cloud computing. Read more[GEEKWIRE.COM]

Cloud Computing

DAILY REPORT: Cloud Computing Asserts Itself. It’s been said before but it bears repeating: If it were not for its cloud-computing business, Amazon.com would have difficulty reaching profitability. Can that last? A.W.S. is far and away the leader in cloud computing services, but Microsoft and Alphabet, the parent of Google, are both investing heavily to close the gap, and both are willing to undercut Amazon on price. Other big tech companies like IBM and Oracle are also aggressively investing to get a piece of the cloud action. Read the rest[NYTIMES.COM]

Cloud Computing

QUESTION: How Do You Define Cloud Computing? New technology that experiences high growth rates will inevitably attract hyperbole. Cloud computing is no exception, and almost everyone has his or her own definition of cloud from “it’s on the internet” to a full-blown technical explanation of the myriad compute options available from a given cloud service provider. Knowing what is and what is not a cloud service can be confusing. Fortunately, the National Institute of Standards and Technology (NIST) has provided us with a cloud computing definition that identifies “five essential characteristics.” Find out more[DATACENTERKNOWLEDGE.COM]

Cloud Computing

RED HAT: New Products Centered Around Cloud Computing, Containers. Red Hat has made a number of announcements at its user group conference, Red Hat Summit. The announcements ranged from the announcement of OpenShift.io to facilitate the creation of software as a service applications, pre-built application runtimes to facilitate creation of OpenShift-based workloads, an index to help enterprises build more reliable container-based computing environments, an update to the Red Hat Gluster storage virtualization platform allowing it to be used in an AWS computing environment, and, of course, an announcement of a Red Hat/Amazon Web Services partnership. Read more[VIRTUALIZATIONREVIEW.COM]

Announcement

Announcement

Blue Mountain Data Systems DOL Contract Extended Another Six MonthsThe Department of Labor has extended Blue Mountain Data Systems Inc. contract DOLOPS16C0017 for 6 months for network administration and application support.

U.S. Dept. of Labor, Employee Benefits Security Administration1994 to Present Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support.

IT Security | Cybersecurity

IT Security | Cybersecurity

INTERVIEW: Cybersecurity in the Federal Government. Alex Grohmann, founder and resident of Sicher Consulting, John Dyson from Deloitte, and Brian Gay, president, Think Forward Consulting talk about the concept of a cybersecurity framework for the federal government. Read more[FEDERALNEWSRADIO.COM]

TECH INSIDER: Priorities for Enhancing National Cybersecurity. Presidential transitions are a time of considerable change in government, including new agency leaders and evolving policy priorities. But many issues persist, and this is certainly the case with cybersecurity. Advancing the nation's cybersecurity posture must be a key priority for the Trump administration, especially if we are to maximize the benefits of digital transformation. Read more[NEXTGOV.COM]

IT Security | Cybersecurity

NEWS: National Guard Expects Expanded Role in Cybersecurity. The National Guard’s role in cybersecurity began in 1999 thanks to the uncertainty created by Y2K. With concerns of potential computer chaos looming when dates on systems turned over to 2000, the National Guard was given a new force structure called a computer network defense team. Renamed Defensive Cyber Operations Elements, the eight-to 10-person teams are organized on the state level, while support for the 10 Federal Emergency Management Agency regions is handled by Cyber Protection Teams, Lt. Col. Brad Rhodes, the commander of the Colorado National Guard's Cyber Protection Team 178, said in a recent interview. Find out more[GCN.COM]

PEOPLE: U.S. Rep. Bob Latta Named Chairman of Panel that Oversees Data, Cybersecurity. The House Subcommittee on Digital Commerce and Consumer Protection has a great range of jurisdiction -- everything from IoT policies to overseeing the Federal Trade Commission. Find out more

[GOVTECH.COM]

From the Blue Mountain Data Systems Blog

Personal Techhttps://www.bluemt.com/personal-tech-daily-tech-update-october-28-2016

IT Managementhttps://www.bluemt.com/it-management-daily-tech-update-october-27-2016

Business Intelligencehttps://www.bluemt.com/business-intelligence-daily-tech-update-october-26-2016

Incident Responsehttps://www.bluemt.com/incident-response-daily-tech-update-october-25-2016

From the Blue Mountain Data Systems Blog

Security Patcheshttps://www.bluemt.com/security-patches-daily-tech-update-october-24-2016/

BYODhttps://www.bluemt.com/byod-daily-tech-update-october-21-2016/

Databaseshttps://www.bluemt.com/databases-daily-tech-update-october-20-2016/

Operating Systemshttps://www.bluemt.com/operating-systems-daily-tech-update-october-19-2016/

From the Blue Mountain Data Systems Blog

Encryptionhttps://www.bluemt.com/encryption-daily-tech-update-october-18-2016/

Cloud Computinghttps://www.bluemt.com/cloud-computing-daily-tech-update-october-17-2016/

Programming & Scriptinghttps://www.bluemt.com/programming-scripting-daily-tech-update-october-14-2016/

Incident Responsehttps://www.bluemt.com/incident-response-daily-tech-update-october-13-2016/

From the Blue Mountain Data Systems Blog

Cybersecurityhttps://www.bluemt.com/cybersecurity-daily-tech-update-october-12-2016/

Big Datahttps://www.bluemt.com/big-data-daily-tech-update-october-11-2016/

Mobile Applicationshttps://www.bluemt.com/mobile-applications-daily-tech-update-october-7-2016/

Cloud Computinghttps://www.bluemt.com/cloud-computing-daily-tech-update-october-6-2016/

From the Blue Mountain Data Systems Blog

Open Sourcehttps://www.bluemt.com/open-source-daily-tech-update-october-5-2016/

CTO, CIO and CISOhttps://www.bluemt.com/cto-cio-ciso-daily-tech-update-october-4-2016/

Programming & Scriptinghttps://www.bluemt.com/programming-scripting-daily-tech-update-october-3-2016/

From the Blue Mountain Data Systems Blog

Feds Report Mixed Responses to Shared Serviceshttps://www.bluemt.com/feds-report-mixed-responses-to-shared-services

Federal Employees Are Not Security Expertshttps://www.bluemt.com/federal-employees-are-not-security-experts

Survival Guide for Network Administratorshttps://www.bluemt.com/survival-guide-for-network-administrators

DBaaS: OpenStack Trove Changes DB Managementhttps://www.bluemt.com/dbaas-openstack-trove-changes-db-management

From the Blue Mountain Data Systems Blog

Help Wanted: Certified Cybersecurity Professionalshttps://www.bluemt.com/help-wanted-certified-cybersecurity-professionals

Cyber Threat Intelligence Integration Center Previewhttps://www.bluemt.com/cyber-threat-intelligence-integration-center-preview/

Cloud Moves in 1-2-3https://www.bluemt.com/cloud-moves-in-1-2-3/

Change Management for Disaster Recoveryhttps://www.bluemt.com/change-management-for-disaster-recovery/

From the Blue Mountain Data Systems Blog

Jeffersonian Advice For C-Suite Career Advancementhttps://www.bluemt.com/jeffersonian-advice-for-c-suite-career-advancement/

Ways To Survive The “Mobile-Pocalypse”https://www.bluemt.com/ways-to-survive-the-mobile-pocalypse/

Microsoft Cloud Services Receive FedRAMP Authority to Operatehttps://www.bluemt.com/microsoft-cloud-services-receive-fedramp-authority-to-operate/

Hiring Pentesters? Here Are 10 Things You Need to Knowhttps://www.bluemt.com/hiring-pentesters-here-are-10-things-you-need-to-know/

From the Blue Mountain Data Systems Blog

Home Router Malware Alerthttps://www.bluemt.com/home-router-malware-alert/

Threat Model Deconstructionhttps://www.bluemt.com/threat-model-deconstruction/

Business Email Scam Nets $214 Millionhttps://www.bluemt.com/business-email-scam-nets-214-million/

How to Prevent Unauthorized Software from Taking Over Your Organizationhttps://www.bluemt.com/the-cios-guide-to-happy-end-users-2/

From the Blue Mountain Data Systems Blog

Digital Marketing Predictions for 2015https://www.bluemt.com/digital-marketing-predictions-for-2015/

SDN: Network Administrator’s Friend or Foe?https://www.bluemt.com/sdn-network-administrators-friend-or-foe/

Mobile Payments: A Must for Federal Agencieshttps://www.bluemt.com/mobile-payments-a-must-for-federal-agencies/

Soft Skills Are A Must-Have For Careers In IThttps://www.bluemt.com/soft-skills-are-a-must-have-for-careers-in-it/

From the Blue Mountain Data Systems Blog

Security Risks Most Prevalent in Younger Workershttps://www.bluemt.com/security-risks-most-prevalent-in-younger-workers/

The Security World’s Maturationhttps://www.bluemt.com/the-security-worlds-maturation/

Data Breach Concerns Keep CISOs Up At Nighthttps://www.bluemt.com/data-breach-concerns-keep-cisos-up-at-night/

Personalized Govt Equals Instant Gratification for Citizenshttps://www.bluemt.com/personalized-govt-equals-instant-gratification-for-citizens/

From the Blue Mountain Data Systems Blog

People-Centric Securityhttps://www.bluemt.com/people-centric-security/

Pentagon Tries BYOD To Strike Work/Life Balancehttps://www.bluemt.com/pentagon-tries-byod-to-strike-worklife-balance/

Open Source Model Considered for MS Windowshttps://www.bluemt.com/open-source-model-considered-for-ms-windows/

Open Internet: To Be or Not to Be?https://www.bluemt.com/open-internet-to-be-or-not-to-be/

From the Blue Mountain Data Systems Blog

Malware Stays A Step Ahead Infecting One Third of Websiteshttps://www.bluemt.com/malware-stays-a-step-ahead-infecting-one-third-of-websites/

Machine-Generated Data: Potential Goldmine for the CIOhttps://www.bluemt.com/machine-generated-data-potential-goldmine-for-the-cio/

Government Legacy Programs: Reuse vs. Replacementhttps://www.bluemt.com/government-legacy-programs-reuse-vs-replacement/

It Takes a Whole Village to Protect Networks and Systemshttps://www.bluemt.com/it-takes-a-whole-village-to-protect-networks-and-systems/

From the Blue Mountain Data Systems Blog

Governance For the CIOhttps://www.bluemt.com/governance-for-the-cio/

Help Desk Consolidation – Lessons Learnedhttps://www.bluemt.com/help-desk-consolidation-lessons-learned/

One Year Later, Companies Still Vulnerable to Heartbleedhttps://www.bluemt.com/one-year-later-companies-still-vulnerable-to-heartbleed/

Federal Projects Cultivate Worker Passionhttps://www.bluemt.com/federal-projects-cultivate-worker-passion-2/

ABOUT US

Blue Mountain Data Systems Inc.

Blue Mountain Data Systems Inc. is dedicated to application and systems development, electronic document management, IT security support, and the automation of workflow processes.

Read more about our experience here:>> http://bluemt.com/experience

Recent Experience

U.S. Dept. of LaborEmployee Benefits Security Administration

1994 to Present

Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support.

MANAGEMENT

Paul T. VeselyFounder, President, CEO and Principal Architect

Mr. Vesely is a recognized thought leader in systems architecture and delivery, having designed and delivered many enterprise wide information and document management solutions. Mr. Vesely’s history includes 33 years experience in the information systems industry, with Unisys, Grumman, PRC and a host of clients in both government and private sectors.

CONTACT US

Contact Us Today to Discuss Your Next IT Project

HEADQUARTERS

366 Victory DriveHerndon, VA 20170

PHONE 703-502-3416

FAX 703-745-9110

EMAIL

paul@bluemt.com

WEB

https://www.bluemt.com