Blue Mountain Data SystemsTech Update Summary

October 2016

For CTOs, CIOs & CISOs

Visit Blue Mountain Data Systems https://www.bluemt.com

For CTOs, CIOs & CISOs

Every business day, we publish a Daily Tech Update for Federal & State CTOs ,CIOs & CISOs on the

Blue Mountain Data Systems Blog. We hope you will visit our blog for the latest information.

You can also receive these updates via email. Click here to subscribe.

Here’s the summary of the Daily Tech Updates for October 2016. Hope the information and ideas prove

useful.

Best,Paul VeselyPresident and Principal ArchitectBlue Mountain Data Systems Inc.

Encryption

Encyption

OPEN SOURCE: GPG Sync Simplifies Encryption Key Management. Open source project GPG Sync makes it easier for organizations already using GPG to encrypt email messages to manage different user keys. Read more[INFOWORLD.COM]

SECURITY: How Federal Agencies Can Improve Cybersecurity with Better Data Encryption. Recent data breaches within the government show the importance of protecting data itself and not just erecting perimeter security. Find out more[FEDTECHMAGAZINE.COM]

EncyptionSTATE GOVERNMENT: Maryland Government Adopts Email Encryption Tool with NSA Roots. The Maryland state government has adopted an email encryption system first developed by the NSA so that employees can share sensitive information with one another. Virtru, a company founded by a former National Security Agency employee to market the technology, announced Thursday that after a pilot program in the prisons department some 15,000 employees are now using the system. Find out more[BALTIMORESUN.COM]

INTERVIEW: Ron Wyden Discusses Encryption, Data Privacy and Security. Ron Wyden, a Democratic senator from Oregon, has been a leading voice on the side of encryption and against giving the Justice Department more power to get consumer data from tech companies. Mr. Wyden, a member of the Senate Select Committee on Intelligence, recently talked to The New York Times about the privacy-versus-security debate. Read the rest [NYTIMES.COM]

Federal, State & Local IT

Federal, State & Local ITFEDERAL: 3 Ways Governments Are Working to Make Broadband Universally Accessible. Broadband is commonly described as a critical piece of modern infrastructure. Here’s how a city, a state and a school district are working to make sure everyone has access. Read more[GOVTECH.COM]

STATE: Texas Makes Major Progress on IT Consolidation. Like many states, Texas is battling against an aging IT infrastructure in an age where agility, reduced complexity and transparency are king. That’s why as part of its consolidation efforts, the state has also implemented a hardware refresh policy. The Lone Star State is already three-quarters of the way through its IT consolidation efforts, which other states can derive lessons from. Find out more[STATETECHMAGAZINE.COM]

Federal, State & Local ITLOCAL: A Blueprint for Crisis Communications in Local Government. Does your team have contingency plans for how the chain of command and the flow of information will work, including if certain members are unavailable? Advance visioning is crucial to making sure you’re prepared to help when the unthinkable takes place. Read more[GOVTECH.COM]

Federal, State & Local ITCOLLABORATION: Technology Gives Police and Public Safety Agencies the Upper Hand. Cities put common IT infrastructure to work in the ongoing effort to prevent and reduce criminal activity. When a suspicious person or activity happens at Newburgh, N.Y.’s City Hall, police are notified directly. City employees can push a button to silently page the nearby police department in an emergency, one of many new features available since the city upgraded its communications infrastructure, adding new IP phones, paging and emergency notification software on top of a new Cisco Systems phone system. Find out more[STATETECHMAGAZINE.COM]

Databases

Databases

BREACHES: Database Breaches: An Alarming Lack Of Preparedness. It’s no secret that databases are fertile ground for malicious activities. Here’s how a seven-step process for monitoring known harbingers of an imminent attack can help reduce the risk. Read more[DARKREADING.COM]

NoSQL: Couchbase and the Future of NoSQL Databases. In this interview, Arun Gupta, VP of Developer Advocacy at Couchbase, shares his views on how open source has made an impact on the database industry. Find out more[OPENSOURCE.COM]

Databases

MICROSOFT: Migrating SQL Server to Microsoft Azure SQL Database as a Service. Microsoft Azure SQL Database compatibility problems disappeared in V12, clearing the path for a SQL database migration to the cloud. Here’s how to make the move. Find out more[SEARCHSQLSERVER.TECHTARGET.COM]

ORACLE: Monster Oracle Update Patches Database, Java. Oracle’s Critical Patch Updates keep getting bigger. The database giant addressed a number of remotely exploitable flaws in Java, MySQL, and Oracle Database this quarter. Read the rest[INFOWORLD.COM]

More About Blue Mountain

BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S. Dept. of Labor, Employee Benefits Security Administration. Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support. Read more.

Electronic Document Management

Electronic Document ManagementSECURE DOCUMENTS: 18 Ways to Secure Your Electronic Documents. Electronic Document Management Systems (EDMS) are electronic repositories designed to provide organized, readily retrievable, collections of information for the life cycle of the documents. How can you keep these electronic files secure during the entire chain of custody? Here are 18 security suggestions. Read more[BLUEMT.COM]

LEGAL DEPT DOCUMENT MANAGEMENT: Investing in New Technologies: How Corporate Legal Departments Are Leading the Way. Many departments are looking to technology to assist with automation of processes, resource and budgetary management, and tracking. Connie Brenton, co-founder of Corporate Legal Operations Consortium (CLOC), a non-profit association of legal operations executives, explains, “Corporate executives expect the GC’s office to be a business counselor to the firm, and to discuss numbers, data and analytics. Efficiency is now essential for legal departments, and this has advanced software’s role and accelerated technology adoption.” Find out more[INSIDECOUNSEL.COM]

Electronic Document Management

CFPB: Looks to Embrace Cloud for Email, Office Application Needs. The Consumer Financial Protection Bureau wants to move to a public cloud setup for some of its core enterprise apps. The financial watchdog agency recently sent out a Request for Information (RFI) on the process, technical requirements and costs of moving to cloud services in fiscal year 2017. CFPB wants to establish a more complete understanding on the costs associated with moving fully to a cloud solution for email and office applications (e.g., documents, spreadsheets, presentations, SharePoint and more).Read the rest[FEDTECHMAGAZINE.COM]

Electronic Document Management

ROI: 4 Ways Business Document Management Software Can Save You Money. Lisa Croft, Group Product Marketing Manager at Adobe Document Cloud, talks about the many ways business document management can save your company time, space, and more importantly, loads of money. Here are the four most obvious ways these tools provide excellent return-on-investment. Read more[PCMAG.COM]

Security Patches

Security Patches

CISCO: Releases Five Security Patches. Cisco released security updates for several products, one of which fixes a flaw that could allow remote execution if exploited. Cisco’s ASA Software Identity Firewall, CVE-2016-6432, patch repairs a buffer overflow issue that can be exploited through a specially crafted NetBIOS packet leading to the execution of arbitrary code. Cisco Firepower System Software’s flaw, CVE-2016-6439, is due to the improper handling of an HTTP packet stream that can create a Denial of Service condition if not patched. The company’s ASA Software’s problem, CVE-2016-6431, would allow an attacker to cause a reload if he sent a crafted enrollment request to the infected system. Cisco Meeting Server required two patches for CVE-2016-6446 and CVE-2016-6444. The former could allow an attacker to retrieve memory from a connected server and the latter would allow a cross-site request forgery against a Web Bridge user. Read more[SCMAGAZINE.COM]

Security PatchesORACLE: Fixes 253 Security Flaws in October Update. Oracle released its October Critical Patch Update, fixing 253 different vulnerabilities across the company product portfolio. The update, released Oct. 18, is the second-largest ever issued by Oracle, outpaced only by the company’s July CPU in which 276 vulnerabilities were patched. Overall, Oracle’s patching updates have been growing in recent years, with 2016 set to be larger than in past years. Find out more[INFOWORLD.COM]

GOOGLE CHROME: 21 Google Chrome Security Holes You Need to Patch Now. Google released security patches for 21 vulnerabilities in its Chrome browser, including six high-severity flaws. Most of these flaws were discovered and reported by bug hunters through the tech giant’s bounty program. Chrome Update 54 is available for Mac, Windows and Linux operating systems. Read the rest[KOMANDO.COM]

Security PatchesWINDOWS: 5 Critical Updates for October Patch Tuesday. October’s change of season brings a fundamental change to how Microsoft presents and delivers updates to Windows 7 and 8.x systems. As of this month, Microsoft will now follow the Windows 10 cumulative update model for all currently supported versions of Windows platforms — including Windows 7 and 8.x systems. This is a big departure from a more granular approach using individual updates and patches. Microsoft will now “roll-up” security, browser and system component (.NET) into aggregate patches. This month Microsoft has released ten updates with five rated as critical, four rated as important and one update with a lower security rating of moderate. This release cycle includes several “Patch Now” updates for IE, Edge, Adobe Flash Player and a small component of Microsoft Office. All of these patches will require a restart. Find out more[COMPUTERWORLD.COM]

CIO, CTO & CISO

For the CIO, CTO & CISO

CTO: A CTO’s IT Spending Strategy for a Fast-Growing Platform Startup. What is the optimal IT spending strategy for a fast-growing startup? If you’re Brian Morgan, CTO at Catalant, a Boston-based platform startup that delivers business expertise on demand, IT investments are dictated by what the company is trying to achieve, period. Read more[SEARCHCIO.TECHTARGET.COM]

CIO: A New Generation of CIO Thinking Emerges. As both business leadership and investment in technology grows outside the IT department in a era of large generational technology shifts, CIOs are considering new ways to think about the nature and role of IT. Find out more[ZDNET.COM]

CIO, CTO & CISO

CISO: So Now We Have a Federal CISO. So now we have a federal CISO (Brigadier General [retired] Gregory J. Touhill) as part of the OMB (Office of Management and Budget). But what does that really mean? Find out more[TECHCRUNCH.COM]

MORE CISO NEWS: CISOs Need to Be More Business-Focused, says Publicis CISO. Information security leadership is about politics, getting a place at the top table and showing what security can do for the business, according to Publicis CISO Thom Langford. Read the rest[COMPUTERWEEKLY.COM]

Penetration Testing

Penetration Testing

ANALYTICS: The New Security Mindset: Embrace Analytics To Mitigate Risk. Merely conducting a penetration test may find a weakness. But conducting a creative analysis of the network and carefully analyzing the results will truly identify key areas of risk. Security professionals who can sniff out abnormalities in their IT network and applications can foil intruders’ plans before they escalate. This is a far different approach than simply finding a single weakness and then declaring “mission accomplished.” Read more[DARKREADING.COM]

Penetration Testing

HOW TO: Respond to Social Engineering Incidents: An Expert Interview. Steven Fox is a top government cybersecurity expert, Distinguished Fellow with the Ponemon Institute and frequent speaker at top security events all over America. In this exclusive interview, Steven shares several low-tech but sophisticated social engineering techniques that hackers use to gain (unauthorized) privileged access into government systems and large and small company networks. Most important, what can we do to prevent fraud and respond to incidents that do occur? Find out more[GOVTECH.COM]

TOOL: Where’s the BeEF? BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. Read more[GITHUB.COM]

Penetration Testing

RISK MANAGEMENT: The Truth About Penetration Testing Vs. Vulnerability Assessments. Vulnerability assessments are often confused with penetration tests. In fact, the two terms are often used interchangeably, but they are worlds apart. To strengthen an organization’s cyber risk posture, it is essential to not only test for vulnerabilities, but also assess whether vulnerabilities are actually exploitable and what risks they represent. To increase an organization’s resilience against cyber-attacks, it is essential to understand the inter-relationships between vulnerability assessment, penetration test, and a cyber risk analysis. Find out more[SECURITYWEEK.COM]

Open Source

Open SourceLINUX: A $5 Linux Server. Onion Corp., a Boston-based startup, announced a Linux development computer called the Omega 2. It’s the size of a postage stamp and sells for just $5. According to Onion Corp., its Omega 2 is an IoT computer that “combines the tiny form factor and power-efficiency of the Arduino, with the power and flexibilities of the Raspberry Pi.” The Omega 2 is expected to ship in December. The company said that the tiny computer is fully functional out of the box and does not need Wi-Fi dongles or OS installation. It has a number of simple apps with it and a store where more can be obtained. Read more[OPENSOURCE.COM]

APACHE SPOT: Meet Apache Spot, a New Open-Source Project for Cybersecurity. The effort taps big data analytics and machine learning for advanced threat detection. Find out more [COMPUTERWORLD.COM]

Open Source

WEB SECURITY: Facebook Debuts Open Source Detection Tool for Windows. Facebook successfully ported its SQL-powered detection tool, osquery, to Windows this week, giving users a free and open source method to monitor networks and diagnose problems. The framework, which converts operating systems to relational databases, allows users to write SQL-based queries to detect intrusions and other types of malicious activity across networks. Find out more[THREATPOST.COM]

IoT: GE, Bosch and Open Source Could Bring More IoT Tools. The two companies will work through the Eclipse Foundation to make more IoT software components work together . Read the rest[PCWORLD.COM]

Business Intelligence

Business IntelligenceMICROSOFT: Hershey Relies on Microsoft for Collaboration and Business Intelligence. Microsoft stock hit an all-time high this week—breaking a record that was initially achieved in 1999 during the dot com era. Investors were responding to Microsoft’s quarterly results, which exceeded expectations and show that Microsoft is on a solid path. Much of Microsoft’s success in the recent quarter—and in recent years—has been driven by its Microsoft Azure cloud business, thanks to customers like Hershey. Read more[TECHSPECTIVE.NET]

ENTERPRISE APPLICATIONS: MicroStrategy Desktop BI Software Now Free. BI vendor MicroStrategy announced that its Desktop software is now free, adding to the affordable self-service BI landscape that includes Tableau Public, Microsoft Power BI and others. MicroStrategy Desktop 10.5 is available for download at https://www.microstrategy.com/us/desktop. Find out more[COMPUTERWORLD.COM]

Business Intelligence

CLOUD: The Power of Machine Learning and Artificial Intelligence in the Data Centre. Data is everywhere – masses of it. And it’s helping businesses to make better decisions across departments. Marketing can utilise data to discover the effectiveness of email campaigns, finance can analyse past trends to make predictions and projections for the future, and sales can target their follow-up with detailed information on prospective customers. But data is only useful when business tools transform it into valuable information. Data intelligence through algorithms and analytics make business data relatable. The most advanced solutions require enormous amounts of data to be able to offer accurate insight to users. As a result, many solutions are cloud based, as most businesses do not have the IT capacity or budget to store this amount of information. So where does all this data reside? The data centre. Read the rest[CLOUDCOMPUTING-NEWS.NET]

Business Intelligence

QUESTION: What’s the Difference Between Business Intelligence (BI) and EPM? John O’Rourke describes the difference between business intelligence (BI) and enterprise performance management (EPM) solutions. Find out more[SMARTDATACOLLECTIVE.COM]

Operating Systems

Operating SystemsWINDOWS 10: In a World of Free Operating Systems, Can Windows 10 Survive? Do you give up a decades-long relationship with Windows just because it costs a few bucks more than its competitors? In a world where PC adoption has cratered, what of the future of Windows? David Gewirtz makes the case that there’s still life in them old bits. Read more[ZDNET.COM]

WHY: Google Andromeda Might Be Too Little, Too Late. John C. Dvorak writes about Google’s plan for a new OS…why it is a fantastic idea…and why it will never pull it off. Find out more[PCMAG.COM]

Operating Systems

LINUX: Fedora 25 Linux OS to Officially Offer Support for Raspberry Pi 2 and 3 Devices. Fedora Project has proudly announced that support for Raspberry Pi 2 and Raspberry Pi 3 single-board computers is finally coming to the Fedora Linux operating system. Find out more[NEWS.SOFTPEDIA.COM]

SECURITY: Critical Flaws Found in Open-Source Encryption Software VeraCrypt. Many issues were found in the new UEFI bootloader and have been patched in VeraCrypt 1.19. Read the rest[PCWORLD.COM]

Incident Response

Incident ResponseATTACKS/BREACHES: Cyber Hunters, Incident Response & The Changing Nature Of Network Defense. Or how network defense needs to evolve from a game of “stumbled upon” to “search and discover.” Read more[DARKREADING.COM]

CLOUD: 4 Fundamentals of an Effective Cloud Access Security Broker. The federal government’s efforts to eliminate legacy systems and modernize federal IT seems to be paying off. According to a recent Government Accountability Office report, $2.8 billion has already been saved by closing 3,125 data centers since 2011, and that’s just the data reported from 19 out of 24 agencies that participated in the Federal Data Center Consolidation Initiative. The same report also suggests another 2,078 closings will result in an additional $5.4 billion in savings by the end of fiscal 2019. Find out more[NEXTGOV.COM]

Incident Response

NEW DRAFT: Cyber Response Plan Nearly Ready for Release. The Department of Homeland Security is nearly ready to release a draft of the National Cyber Incident Response Plan that has been anticipated and debated for months. The latest version, which was shared with stakeholders for final comment, moves the NCIRP from the interim draft status under which it’s languished since 2009 and inches it closer to a final plan. Find out more[FCW.COM]

NSA: Another NSA Breach Hits Booz Allen. Will Anything Change? Booz Allen Hamilton Holding Corp. is once again at the center of a major U.S. intelligence breach. And for the second time in three years, the company known in Washington for its classified contracts and influential alumni will probably face criticism but suffer few consequences. Read the rest[BLOOMBERG.COM]

Incident Response

ANALYTICS: Incident Response – A Challenge For 98% Of InfoSec Pros. Too many alerts and too little staff leave security pros swimming in threat intel and begging for automation. According to a recent survey, ninety-eight percent of IT security pros find incident response to be a challenge and 71% say it’s grown more difficult over the past two years. Read more[DARKREADING.COM]

FEDERAL GOVERNMENT: Warner – Procurement and Personnel Key for Cyber. Fixing the way the U.S. government buys technology and hires and deploys its workforce is the key to improving the nation’s cybersecurity defenses, not changing the way authorities and responsibilities are divided up between federal agencies, said Sen. Mark Warner, D-Va. Find out more[CYBERSCOOP.COM]

Incident ResponseNSA: Hackers Find an Easy Path to U.S. Systems. For all the concern about zero-day exploits, a senior NSA official said that the high-profile hacks of U.S. networks in the last two years show there are far easier ways for cybercriminals to infiltrate government systems. Curtis Dukes, deputy national manager for national security systems at the NSA, said that none of the high-profile government hacks the NSA responded to — Office of Personnel and Management, the White House, State Department, Department of Defense — used zero-day exploits. Find out more[FCW.COM]

CYBER-EXPOSURE: No Standard Cyberinsurance Policy for Government Exists. While offsetting the cost of a data breach is the most common coverage for cyberinsurance, policies may cover physical cyber-risks as well, such as the danger of attacks on utilities and medical facilities, and property damage and injury from cyberattacks. Read the rest[GOVTECH.COM]

Tech Research News

Tech Research NewsMIT: Cache Management Improved Once Again. New version of breakthrough memory management scheme better accommodates commercial chips. A year ago, researchers from MIT’s Computer Science and Artificial Intelligence Laboratory unveiled a fundamentally new way of managing memory on computer chips, one that would use circuit space much more efficiently as chips continue to comprise more and more cores, or processing units. In chips with hundreds of cores, the researchers’ scheme could free up somewhere between 15 and 25 percent of on-chip memory, enabling much more efficient computation. Their scheme, however, assumed a certain type of computational behavior that most modern chips do not, in fact, enforce. Last week, at the International Conference on Parallel Architectures and Compilation Techniques – the same conference where they first reported their scheme – the researchers presented an updated version that’s more consistent with existing chip designs and has a few additional improvements. Read more [NEWS.MIT.EDU]

Tech Research News

REPORT: Digital Readiness Gaps. According to Pew Research Center, Americans fall along a spectrum of preparedness when it comes to using tech tools to pursue learning online, and many are not eager or ready to take the plunge. Find out more[PEWINTERNET.ORG]

DOD: Ashton Carter – Cyber Tech, Automation, Biological Research Essential for DoD Missions. Defense Secretary Ashton Carter has said automated systems, cyber technology and biological research efforts are necessary to keep the Defense Department moving forward. Find out more[EXECUTIVEGOV.COM]

Tech Research News

FITNESS TRACKING: Weight Loss On Your Wrist? Fitness Trackers May Not Help. Fitness trackers remain wildly popular, but do they make us fit? Maybe not, according to a study that asked overweight or obese young adults to use the tiny tracking tools to lose weight. Read the rest[NPR.ORG]

Search Technology

Search Technology

SOLR: Not Just For Text Anymore. When Solr came out, it was supposed to be an OpenSource text search engine. Now it has a big place in Big Data. Read what Ness's CTO, Moshe Kranc has to say about how it has evolved. Read more[DZONE.COM]

INGALLS: Spring Data 'Ingalls' Release Train Leaves Station. The Spring Data team has announced the first milestone release of the Ingalls Release Train. This coordinated release of subprojects under the Spring Data umbrella ships with 230 fixes and a number of new features. Find out more[ADTMAG.COM]

Search TechnologyGOOGLE: Announces New Cloud Natural Language API While Cloud Search API Goes Beta. Google says that the Cloud Natural Language API gives developers access to three Google-powered engines– sentiment analysis, entity recognition, and syntax analysis. The service is currently available in open beta and is based on the company’s natural language understanding research. It will initially support three languages– English, Spanish and Japanese and will help developers reveal the structure and meaning of your text in the given language. Read more[THETECHPORTAL.COM]

AMAZON: Amazon EC2 Container Service Now Supports Networking Modes and Memory Reservation. Docker networks provide isolation for your containers. It is important to have control over the networks your applications run on. With Amazon ECS, you can now specify an optional networking mode for your containers that cater towards different use cases. Find out more[DABCC.COM]

Application Development

Application DevelopmentIoT: Why App Development Is The Key To Unlocking The IoT Vault. Solution providers are positioning themselves for success in the lucrative Internet of Things market by bolstering their application development teams. Companies bringing IoT solutions to market face several hurdles, including interoperability, security and data management challenges – and staffing up with IoT application developers is critical for tackling these issues. Read more[CRN.COM]

SDKS: How Imaging SDKs Can Solve Today’s Application Development Challenges. In a mobile-first world, developers understand the importance of creating a next-generation app that fits in with client or user expectations. Developers should consider the myriad of SDK options if they want to improve functionality for the user, especially imaging SDKs. Although they are a niche market, these SDKs can add better imaging capabilities and target industry-related problems that companies are trying to tackle. Find out more [SDTIMES.COM]

Application Development

SECURITY: Application Security Requires More Talk Than Tech. If you think application security only involves installing a tool, or scanning a few apps and moving on, you’re wrong. Application security is a unique security initiative, and its success hinges on people as much as technology. Read more[INFOWORLD.COM]

SPEED: How to Speed Enterprise App Development and Meet Digital Transformation Demands. Low-code platforms are key in accelerating digital transformation with rapid application development. Find out more[INFORMATION-AGE.COM]

BYOD

BYODHOW TO: Implement an Effective BYOD Policy. Companies have accepted that BYOD is a reality. The challenge now is striking a balance between security and flexibility. Concerns around BYOD once revolved around security with third-party services, but that’s getting easier to manage, says Fred Mouawad, founder and CEO of TaskWorld, a company focused on employee performance and management. Now businesses are finding it more difficult to govern BYOD policies internally. Read more[CIO.COM]

BACKLASH: If BYOD Costs You Too Much, You’re Doing It Wrong — Or Making Up An Excuse to Regain Mobile Control. Recent research shows a clear picture: IT organizations are increasingly unhappy about BYOD and now want to curtail or end the practice. Their stated concern: The costs are too high and the savings too low. But those concerns are misguided and likely masking a secret agenda to regain control over mobile devices, not to save money. Face it: BYOD was never popular with IT. Find out more [INFOWORLD.COM]

BYOD

CLOUD: Why Preparation is Key to Securing Your Cloud Migration. The benefits of big data and BYOD are real. And with so many businesses looking to migrate their data to the cloud, they want to make sure everything arrives safely and intact. After all, much of this data contains sensitive and proprietary information, and the prospect of moving it from the safety of the corporate firewall to a cloud environment is cause for concern. Find out more[CLOUDCOMPUTING-NEWS.NET]

FEDERAL GOVT: Federal BYOD: The Mobile Security Conundrum. There are currently more than 7.7 billion mobile connections around the world. Thanks to the Internet of Things, it is predicted that the number of connected devices will reach an astounding 20.8 billion by 2020. With the average number of mobile devices owned per person currently estimated at 3.64, those devices are becoming necessary equipment for today’s workers. Read the rest [GCN.COM]

BYOD

ENTERPRISE: Enterprise Mobile Security Tools May Not Protect BYOD. For employees, bring-your-own-device workplace policies can increase efficiency and improve remote work capabilities. For the organization, BYOD can reduce equipment costs, but it can also open the enterprise up to all sorts of new exploits and breaches. Find out more[GCN.COM]

POLICY: Malware and ‘Connection Hijacking’ Remain Biggest BYOD Risks. A new report from data centre provider CyrusOne outlines malware, device theft and phishing as among the key risks for organisations looking to implement a bring your own device (BYOD) policy. Find out more[APPSTECHNEWS.COM]

Big Data

Big Data

PREDICTIONS: 5 Amazing Things Big Data Helps Us To Predict Now. Big data is predicting things about your life almost every minute of your day – whether you’re aware of it or not. Read more[FORBES.COM]

CLOUD: More Money in Big Data Initiatives, Gartner Argues – But is the ROI Still Unclear? The big data landscape is approaching a state of maturation: according to the latest note from analyst house Gartner, more money is being invested in big data but fewer companies are deciding to commit. Find out more[CLOUDCOMPUTING-NEWS.NET]

Big Data

LANGUAGE: Why Java in Big Data? What About Scala? Here’s what to keep in mind when comparing and determining what language to use with big data applications and data access. Find out more[DZONE.COM]

ROI: Big Data: Why the Boom is Already Over. Too many big data projects have been poorly built, and lack return on investment – so companies are spending their money on other priorities. Read the rest[ZDNET.COM]

Mobile Applications

Mobile ApplicationsORACLE: Oracle Visual Code Brings Cloud-Based App Dev to Business Users. With its Project Visual Code platform, Oracle is taking a swing at Salesforce in cloud-based application development. The platform for low-code development provides a browser-based interface for building standalone applications or extensions to existing applications. Geared to “citizen developers,” Visual Code is a direct competitor to the Salesforce Lightning component-based development platform. Read more[INFOWORLD.COM]

RAD: How Rapid Application Development is Changing Everything. RAD has evolved into a very viable option for just about any type of app project. Vijay Pullur, CEO of WaveMaker talks about the changes RAD has gone through, the advantages of RAD in the cloud, low-code options, what application projects are best suited for a RAD build, and more. Find out more[APPDEVELOPERMAGAZINE.COM]

Mobile ApplicationsONGOING EDUCATION: IT Certifications Report Card – What Are They Worth Now? Which Ones Pay Off the Most? Unique keywords such as CompTIA, MCSE, CISSP and PMP — all indicators of popular IT certifications or certification bodies themselves — serve as a proven means to filter candidates in technology’s highly competitive environment. (That’s also something to keep in mind if the next economic downturn hits IT as hard as it will other occupations.) Bolstering this argument is the comprehensive, substantive and credible research from sources like established IT search firms on the higher wages typically granted to those with advanced certifications. To help you chart your ongoing education wisely, here’s a full review of today’s most rewarding IT certification areas, based on the trends driving the value of the knowledge and competencies they impart. These are: mobile application development, IT networking and security, HTML5 programming, project management certification and CRM software expertise. Find out more[COMPUTERWORLD.COM]

Mobile ApplicationsACCELERATED MOBILE PAGES: Get Started with AMP HTML. For many, reading on the mobile web is a slow, clunky and frustrating experience – but it doesn’t have to be that way. The Accelerated Mobile Pages (AMP) Project is an open source initiative that embodies the vision that publishers can create mobile optimized content once and have it load instantly everywhere. Read the rest[AMPPROJECT.ORG]

IT Management

IT Management

PERFORMANCE: Why Performance Management Is Dead & Performance Motivation Is Here To Stay. How's your team performing? Before you start the process of performance evaluations, take 10 minutes and discover why performance management is dead and performance motivation is here to stay. Read more[FORBES.COM]

CXO: 3 Survival Skills for Reluctant IT Managers. Textbook management practices don't always work in IT disciplines. Here are some strategies for tech professionals who find themselves in a management role. Find out more[TECHREPUBLIC.COM]

IT Management

LEGAL: How to Avoid Failure by Design. When it comes to technology projects, lawyers have a dual role. Firstly, to help the parties convert the commercial deal into a robust contract. Secondly, to help identify what could go wrong and make sure that the contract has appropriate mechanisms to deal with failures and disputes. This second role is particularly essential because the evidence shows that many technology projects do fail. Projects are delayed, exceed budget, and/or don’t deliver technology that meets the customer's needs. Find out more[COMPUTERWORLDUK.COM]

IT Management

SLIDESHOW: Why Managers Lack Confidence in Their Firm's Data. Nearly all managers lack complete confidence in their company's data, according to a recent survey from Experian Data Quality. The accompanying report, "Building a Business Case for Data Quality," indicates that, despite the trust issues, it often takes many months for companies to approve data quality initiatives. Meanwhile, IT managers overseeing these efforts struggle to deal with large data volumes, human error and a lack of data standardization. Read the rest[BASELINEMAG.COM]

Programming & Scripting Development Client & Server-Side

Programming & Scripting Development Client & Server-Side

TYPESCRIPT: Microsoft’s JavaScript for Big Applications, Reaches Version 2.0. TypeScript, the JavaScript-based language that Microsoft devised to make developing large Web applications easier, reached its version 2.0 milestone last month. Since its introduction, TypeScript has included new features to improve performance, enhance JavaScript compatibility, and extend the range of error checking that the TypeScript compiler performs. TypeScript 2.0 introduces a big step forward here by giving developers greater control over null values. Read more[ARSTECHNICA.COM]

Programming & Scripting Development Client & Server-Side

GOOGLE: Beats Back Oracle Again in Java Android Case. Oracle loses in court once again in its latest attempt to obtain Java copyright damages from Google. To recap, Oracle claimed the 37 Java application programming interface (API) packages Google used to develop Android are covered by copyright. Of course, that’s not really the issue. True, the the US Federal Circuit Court of Appeals foolishly ruled that APIs could be copyrighted. But the US District Court for the Northern District of California ruled in May 2016 that Google’s use of the Java APIs were not subject to copyright licensing fees. Instead, Android’s use of the APIs was covered by “fair use.” Find out more[ZDNET.COM]

Programming & Scripting Development Client & Server-Side

CASE STUDY: JavaScript Blocking Google’s View of hreflang. Sam Gipson troubleshoots issues with a client’s hreflang implementation, testing to see if JavaScript elements might interfere with Google recognizing these tags. Find out more[SEARCHENGINELAND.COM]

CODE: What It Means To Be a ‘Popular’ Programming Language. A lot of people like JavaScript for sure, but its popularity has much more to do with its current utility. Web browsers (and now servers, via Node.js) feature engines for interpreting JavaScript and so JavaScript is the default programming language for web applications. If web development weren’t popular – especially so among Stack Overflow users—then we would see a different ranking. Read the rest[MOTHERBOARD.VICE.COM]

Cloud Computing

Cloud Computing

AMAZON: Boosts Cloud-Computing Performance With New, GPU-Accelerated AWS Instances. Amazon Web Services has announced a new Elastic Compute Cloud (EC2) instance type, dubbed P2, which leverages NVIDIA GPUs (Graphics Processing Units) to offer customers massive amounts of compute performance via the cloud. Read more[FORBES.COM]

CLOUD BUDGETS: Cloud Computing Embraced As Cost-Cutting Measure. When it comes to implementing a cloud infrastructure, whether it’s public, private, or hybrid, most IT departments view the technology as a way to cut costs and save money, according to a recent analysis from CompTIA. The report also shows that SaaS is seen as the most useful cloud service. Find out more[INFORMATIONWEEK.COM]

Cloud Computing

MICROSOFT: Signs Up Adobe for its Azure Cloud Computing Services. Microsoft and Adobe announced a major partnership that will see Adobe deliver its cloud services on Microsoft Azure and that will make Adobe the preferred marketing service for Microsoft’s Dynamics 365 Enterprise CRM solution. Find out more[TECHCRUNCH.COM]

STORAGE: Avoiding Cloud Computing Storage Lock-In: Does Hedvig Have the Answer? Rigid storage platforms could become a single, universal solution for all a company’s storage requirements thanks to the cloud. Read the rest[ZDNET.COM]

Personal Tech

Personal Tech

DEVICES: ‘Smart’ Devices ‘Too Dumb’ to Fend Off Cyber-Attacks, Say Experts. Internet-connected gadgets vulnerable because they don’t have enough memory for safety software, use generic code and access web by default. Read more[THEGUARDIAN.COM]

HEALTH TECH: Digital Health Technology Poised to Help an Aging Population. Startups and established mHealth and health IT vendors showcase care coordination and telehealth apps, while speakers talk about tech tools for the elderly and mentally ill. Find out more[SEARCHHEALTHIT.TECHTARGET.COM]

Personal Tech

EMAIL: Hacking Specialist Warns of Election-Themed Email Attacks. Heading toward Election Day in the U.S., hackers may target your inbox instead of the ballot box. It’s difficult to alter overall ballot counts in the U.S., which doesn’t have a centralized voting system, but hackers could take advantage of the Nov. 8 election to dupe people and gain access to their personal information, according to Oren Falkowitz, chief executive officer of Redwood City, California-based Area 1 Security. Read the rest[CHICAGOTRIBUNE.COM]

Personal Tech

TIPS: Cybersecurity Awareness Month Tips for Online Security. Never forget that any kind of business or work you do online — including email, shopping, social media sites, and surfing – warrants some level of scrutiny. So spend some time during Cybersecurity Awareness Month thinking about what you need to do to make yourself less vulnerable to attack as you use the Internet. Find out more[COMPUTERWORLD.COM]

IT Security | Cybersecurity

IT Security | Cybersecurity

G7: Sets Common Cyber-Security Guidelines for Financial Sector. The Group of Seven industrial powers on Tuesday said they had agreed on guidelines for protecting the global financial sector from cyber attacks following a series of cross-border bank thefts by hackers. Read more[REUTERS.COM]

NOTE: To The Next President…Get A National Cybersecurity Strategy. Do the candidates have coherent positions for responding to cyber-attacks or on cyber warfare? Find out more[FORBES.COM]

IT Security | Cybersecurity

OMB: Launching Cyber.gov for Best Practices Repository. Cyber.gov will be a repository for best practices, said Federal CISO Brigadier General (retired) Greg Touhill, during an Oct. 11 Washington, D.C. AFCEA chapter Cybersecurity Summit. “We have to focus on implementing best practices throughout our organizations,” Touhill said. “I want to emphasize that I don’t believe that compliance is…always the right approach, because compliance doesn’t bring you best practices, but best practices bring you compliance.” Find out more[FEDERALNEWSRADIO.COM]

ECONOMICS: Cybersecurity Economics In Government — Is Funding The Real Problem? Government leadership and those chartered with creating budgets could benefit from applying sound value-management practices when considering the cybersecurity budget process. Read the rest[DARKREADING.COM]

From the Blue Mountain Data Systems Blog

Personal Techhttps://www.bluemt.com/personal-tech-daily-tech-update-october-28-2016

IT Managementhttps://www.bluemt.com/it-management-daily-tech-update-october-27-2016

Business Intelligencehttps://www.bluemt.com/business-intelligence-daily-tech-update-october-26-2016

Incident Responsehttps://www.bluemt.com/incident-response-daily-tech-update-october-25-2016

From the Blue Mountain Data Systems Blog

Security Patcheshttps://www.bluemt.com/security-patches-daily-tech-update-october-24-2016/

BYODhttps://www.bluemt.com/byod-daily-tech-update-october-21-2016/

Databaseshttps://www.bluemt.com/databases-daily-tech-update-october-20-2016/

Operating Systemshttps://www.bluemt.com/operating-systems-daily-tech-update-october-19-2016/

From the Blue Mountain Data Systems Blog

Encryptionhttps://www.bluemt.com/encryption-daily-tech-update-october-18-2016/

Cloud Computinghttps://www.bluemt.com/cloud-computing-daily-tech-update-october-17-2016/

Programming & Scriptinghttps://www.bluemt.com/programming-scripting-daily-tech-update-october-14-2016/

Incident Responsehttps://www.bluemt.com/incident-response-daily-tech-update-october-13-2016/

From the Blue Mountain Data Systems Blog

Cybersecurityhttps://www.bluemt.com/cybersecurity-daily-tech-update-october-12-2016/

Big Datahttps://www.bluemt.com/big-data-daily-tech-update-october-11-2016/

Mobile Applicationshttps://www.bluemt.com/mobile-applications-daily-tech-update-october-7-2016/

Cloud Computinghttps://www.bluemt.com/cloud-computing-daily-tech-update-october-6-2016/

From the Blue Mountain Data Systems Blog

Open Sourcehttps://www.bluemt.com/open-source-daily-tech-update-october-5-2016/

CTO, CIO and CISOhttps://www.bluemt.com/cto-cio-ciso-daily-tech-update-october-4-2016/

Programming & Scriptinghttps://www.bluemt.com/programming-scripting-daily-tech-update-october-3-2016/

From the Blue Mountain Data Systems Blog

Feds Report Mixed Responses to Shared Serviceshttps://www.bluemt.com/feds-report-mixed-responses-to-shared-services

Federal Employees Are Not Security Expertshttps://www.bluemt.com/federal-employees-are-not-security-experts

Survival Guide for Network Administratorshttps://www.bluemt.com/survival-guide-for-network-administrators

DBaaS: OpenStack Trove Changes DB Managementhttps://www.bluemt.com/dbaas-openstack-trove-changes-db-management

From the Blue Mountain Data Systems Blog

Help Wanted: Certified Cybersecurity Professionalshttps://www.bluemt.com/help-wanted-certified-cybersecurity-professionals

Cyber Threat Intelligence Integration Center Previewhttps://www.bluemt.com/cyber-threat-intelligence-integration-center-preview/

Cloud Moves in 1-2-3https://www.bluemt.com/cloud-moves-in-1-2-3/

Change Management for Disaster Recoveryhttps://www.bluemt.com/change-management-for-disaster-recovery/

From the Blue Mountain Data Systems Blog

Jeffersonian Advice For C-Suite Career Advancementhttps://www.bluemt.com/jeffersonian-advice-for-c-suite-career-advancement/

Ways To Survive The “Mobile-Pocalypse”https://www.bluemt.com/ways-to-survive-the-mobile-pocalypse/

Microsoft Cloud Services Receive FedRAMP Authority to Operatehttps://www.bluemt.com/microsoft-cloud-services-receive-fedramp-authority-to-operate/

Hiring Pentesters? Here Are 10 Things You Need to Knowhttps://www.bluemt.com/hiring-pentesters-here-are-10-things-you-need-to-know/

From the Blue Mountain Data Systems Blog

Home Router Malware Alerthttps://www.bluemt.com/home-router-malware-alert/

Threat Model Deconstructionhttps://www.bluemt.com/threat-model-deconstruction/

Business Email Scam Nets $214 Millionhttps://www.bluemt.com/business-email-scam-nets-214-million/

How to Prevent Unauthorized Software from Taking Over Your Organizationhttps://www.bluemt.com/the-cios-guide-to-happy-end-users-2/

From the Blue Mountain Data Systems Blog

Digital Marketing Predictions for 2015https://www.bluemt.com/digital-marketing-predictions-for-2015/

SDN: Network Administrator’s Friend or Foe?https://www.bluemt.com/sdn-network-administrators-friend-or-foe/

Mobile Payments: A Must for Federal Agencieshttps://www.bluemt.com/mobile-payments-a-must-for-federal-agencies/

Soft Skills Are A Must-Have For Careers In IThttps://www.bluemt.com/soft-skills-are-a-must-have-for-careers-in-it/

From the Blue Mountain Data Systems Blog

Security Risks Most Prevalent in Younger Workershttps://www.bluemt.com/security-risks-most-prevalent-in-younger-workers/

The Security World’s Maturationhttps://www.bluemt.com/the-security-worlds-maturation/

Data Breach Concerns Keep CISOs Up At Nighthttps://www.bluemt.com/data-breach-concerns-keep-cisos-up-at-night/

Personalized Govt Equals Instant Gratification for Citizenshttps://www.bluemt.com/personalized-govt-equals-instant-gratification-for-citizens/

From the Blue Mountain Data Systems Blog

People-Centric Securityhttps://www.bluemt.com/people-centric-security/

Pentagon Tries BYOD To Strike Work/Life Balancehttps://www.bluemt.com/pentagon-tries-byod-to-strike-worklife-balance/

Open Source Model Considered for MS Windowshttps://www.bluemt.com/open-source-model-considered-for-ms-windows/

Open Internet: To Be or Not to Be?https://www.bluemt.com/open-internet-to-be-or-not-to-be/

From the Blue Mountain Data Systems BlogMalware Stays A Step Ahead Infecting One Third of Websiteshttps://www.bluemt.com/malware-stays-a-step-ahead-infecting-one-third-of-websites/

Machine-Generated Data: Potential Goldmine for the CIOhttps://www.bluemt.com/machine-generated-data-potential-goldmine-for-the-cio/

Government Legacy Programs: Reuse vs. Replacementhttps://www.bluemt.com/government-legacy-programs-reuse-vs-replacement/

It Takes a Whole Village to Protect Networks and Systemshttps://www.bluemt.com/it-takes-a-whole-village-to-protect-networks-and-systems/

From the Blue Mountain Data Systems Blog

Governance For the CIOhttps://www.bluemt.com/governance-for-the-cio/

Help Desk Consolidation – Lessons Learnedhttps://www.bluemt.com/help-desk-consolidation-lessons-learned/

One Year Later, Companies Still Vulnerable to Heartbleedhttps://www.bluemt.com/one-year-later-companies-still-vulnerable-to-heartbleed/

Federal Projects Cultivate Worker Passionhttps://www.bluemt.com/federal-projects-cultivate-worker-passion-2/

ABOUT US

Blue Mountain Data Systems Inc.

Blue Mountain Data Systems Inc. is dedicated to application and systems development, electronic document management, IT security support, and the automation of workflow processes.

Read more about our experience here:>> http://bluemt.com/experience

Recent Experience

U.S. Dept. of Labor Employee Benefits Security Administration

1994 to Present

Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support.

MANAGEMENT

Paul T. Vesely Founder, President, CEO and Principal Architect

Mr. Vesely is a recognized thought leader in systems architecture and delivery, having designed and delivered many enterprise wide information and document management solutions. Mr. Vesely’s history includes 33 years experience in the information systems industry, with Unisys, Grumman, PRC and a host of clients in both government and private sectors.

CONTACT US

Contact Us Today to Discuss Your Next IT Project

HEADQUARTERS366 Victory DriveHerndon, VA 20170

PHONE 703-502-3416

FAX 703-745-9110

EMAILpaul@bluemt.com

WEBhttps://www.bluemt.com