Tech Update Summary from Blue Mountain Data Systems August 2018

Blue Mountain Data Systems
Tech Update Summary
August 2018

For CTOs, CIOs & CISOs
Visit Blue Mountain Data Systems
https://www.bluemt.com

For CTOs, CIOs & CISOs
Every business day, we publish a Daily Tech Update for Federal & State CTOs ,CIOs & CISOs on the Blue
Mountain Data Systems Blog. We hope you will visit our blog for the latest information.
You can also receive these updates via email. Click here to subscribe.
Here’s the summary of the Daily Tech Updates for August 2018. Hope the information and ideas prove
useful.
Best,
Paul Vesely
President and Principal Architect
Blue Mountain Data Systems Inc.

Network Security
IT WATCH: Finding and Fixing Security On Your Network Perimeter. Networks
need multiple layers of security. However, with the complexity inherent in the
internal layers, many folks pay short shrift to the perimeter. That’s a mistake and
here’s why. Read more
[PCMAG.COM]
SOFTWARE: Linux Kernel 4.18: Better Security, Leaner Code. The latest version of
the Linux kernel cleans out nearly 100K lines of code, adds file encryption and the
Berkeley Packet Filter, plus makes a nod to gamers and mobile devices. Read more
[NETWORKWORLD.COM]

Network Security
NETWORK DESIGN: Machine Learning Is Becoming a Must in Data Center
Network Security. The volume of data traveling on networks and sophistication of
attack tools are outpacing human experts’ capabilities. Read more
[DATACENTERKNOWLEDGE.COM]
SECURITY: Think Like an Attacker…Three Network Security Points to Identify and
Protect. Pulling the plug on the Internet is often jokingly referred to as the best
solution for network security. All kidding aside, anything you can do to make it
harder for the bad guys to gain access to your network can have a positive impact
on your overall security posture. That begs the question: with so many cyber
security threats and attack methods to worry about – and so many hardware and
software solutions to consider – where should you focus? Read more
[SECURITYBOULEVARD.COM]

Encyption
OPINION: There is No Such Thing as a ‘Safe Backdoor’ in Encryption. federal
officials are now pressuring tech companies to create so-called “backdoors” that
allow law enforcement to work around encrypted devices. These backdoors would
grant them access to Americans’ personal data through a supposedly secure
channel. In theory, a backdoor would be available only to the government and law
enforcement agencies. But technology experts warn that tech companies cannot
build a backdoor that would guarantee only law-abiding officials have access. If you
create a way in, somebody you don’t want to get in will find it. Read more
[THEHILL.COM]

Encyption
THE PAINS OF ENCRYPTION KEY MANAGEMENT: Why Manual Processes Are So
Hard. In its 2018 Global Encryption Trends Study, Thales along with Venafi and
Geobridge sponsored Ponemon Institute to survey 5,252 IT and security
professionals in 12 different countries about their organizations’ encryption use.
Their responses revealed that many enterprises continue to struggle when it
comes to balancing encryption with their security posture. Read more
POPULAR ENCRYPTION SOFTWARE: Researchers Help Close Security Hole.
Cybersecurity researchers at the Georgia Institute of Technology have helped close
a security vulnerability that could have allowed hackers to steal encryption keys
from a popular security package by briefly listening in on unintended “side
channel” signals from smartphones. Read more
[SCIENCEDAILY.COM]

Encyption
FYI: Oracle’s Transparent Data Encryption. Security. Each day it seems another
breach is reported, another hack revealed, more personal user information is
stolen, apparently despite the best efforts to thwart such attacks. It’s becoming
increasingly obvious that guarding against break-ins is simply not enough; one
must be prepared for the maliciously inclined to succeed at hacking their way into
‘secure’ systems. For the Oracle DBA this may not be as daunting a task as it first
appears. Read more
[DATABASEJOURNAL.COM]

Databases
LEGACY: When It Comes to Databases, Why ‘I Can’t Quit You, Baby’. Leaving
legacy RDMSs is hard, but eventually enterprises will break free of Oracle’s and
others’ last grip on their data infrastructure. Read more
[INFOWORLD.COM]
ORACLE: Oracle Launches Autonomous Database for Online Transaction
Processing. Oracle executive chairman and CTO Larry Ellison first introduced the
company’s autonomous database at Oracle Open World last year. The company
later launched an autonomous data warehouse. Now it announced the next step
with the launch of the Oracle Autonomous Transaction Processing (ATP) service.
Read more
[TECHCRUNCH.COM]

Databases
MICROSOFT: SQL Server 2008 Support Extended for Cloud Migrations. Microsoft
is adding an addition three years of support for SQL Server 2008 customers that
migrate to the Azure Cloud. Read more
[EWEEK.COM]
GET STARTED: Quick Start Tips for Using the New MSSQL-CLI SQL Query Tool. The
new MSSQL-CLI command-line tool provides many enhancements over SQLCMD
CLI that enable you to quickly write and run T-SQL queries across Linux, macOS and
Windows. Read more
[SEARCHSQLSERVER.TECHTARGET.COM – REGISTRATION REQUIRED FOR ACCESS]

More About Blue Mountain
BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S.
Dept. of Labor, Employee Benefits Security Administration. Responsible to the
Office of Technology and Information Systems for information systems
architecture, planning, applications development, networking, administration and
IT security, supporting the enforcement of Title I of the Employee Retirement
Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for
design, development and support for its various enforcement database
management systems, as well as all case tracking and customer service inquiry
systems. Blue Mountain also provides IT security services to the EBSA, in the form
of FISMA Assessment and Authorization, System Security Plans, Risk and
vulnerability assessments, monitoring and investigation support. Read more.

Federal Tech
FEDERAL GOVERNMENT: APIs, Shared Services Can Reshape,
Modernize Government Technology. The size and scope of the
federal government’s information technology landscape only
continues to grow and in a way that makes it incredibly difficult to
change. In the Federal Chief Information Officers Council’s latest
study, the current state of government IT is described as monolithic.
And, it is not meant as a compliment. Read more
[FEDERALNEWSRADIO.COM]

Federal Tech
OPINION: Government Efforts to Weaken Privacy are Bad for Business and
National Security. The federal government’s efforts to require technology and
social media companies to relax product security and consumer privacy standards
– if successful – will ultimately make everyone less safe and secure. Read the rest
[INFOSECURITY-MAGAZINE.COM]
PUBLIC SAFETY: Rapid DNA Technology Gives Law Enforcement Access to Your
DNA in 90 Minutes. Before recently-passed legislation, law enforcement agencies
had to send DNA samples to government labs and wait for it to get tested, which
could take days or even weeks. Find out more
[GOVTECH.COM]

Federal Tech
MODERNIZATION: Making Modernization Happen. Now more than ever before,
comprehensive IT modernization for federal agencies is a real possibility. The
question that remains is whether President Donald Trump’s words and actions
during his first months in office will be sustained by the administration and
Congress in the months and years ahead. Read more
[FCW.COM]

State Tech
SURVEY: Cybersecurity Concerns May Keep One in Four Americans
from Voting. Cybersecurity concerns may prevent one in four
Americans from heading to the polls in November, according to a
new survey by cybersecurity firm Carbon Black. The company
recently conducted a nationwide survey of 5,000 eligible US voters to
determine whether reports of cyberattacks targeting election-related
systems are impacting their trust in the US electoral process. The
results revealed that nearly half of voters believe the upcoming
elections will be influenced by cyberattacks. Consequently, more
than a quarter said they will consider not voting in future elections.
Read more
[HSTODAY.US.COM]

State Tech
ALASKA: Unique Challenges in IT Consolidation. The Last Frontier is
centralizing IT operations under Alaska’s newly created Office of
Information Technology. But consolidating IT in a sprawling state like
Alaska offers challenges not found in other environments, says the
state’s new CIO Bill Vajda. Read the rest
[GCN.COM]
ALABAMA: Acting CIO Jim Purcell Is a Man on a Mission for Smarter
State IT. Jim Purcell wasn’t expecting a call from Alabama’s new
governor, Kay Ivey, and he certainly wasn’t expecting her to ask him
to head up the Office of Information Technology (OIT) – but that’s
exactly what happened last week. Find out more
[GOVTECH.COM]

State Tech
ILLINOIS: Inside a State Digital Transformation. Hardik Bhatt, CIO of the State of
Illinois, sought to become the nation’s first Smart State – a process that required
reorganizing its 38 IT departments into one, improving government services, and
finding new sources of innovation to apply to its revenue model. Within 18
months, Illinois rose in national rankings from the bottom fourth of state
governments to the top third. Read more
[ENTERPRISERSPROJECT.COM]

Electronic Document Management

CFPB: Looks to Embrace Cloud for Email, Office Application Needs. The Consumer
Financial Protection Bureau wants to move to a public cloud setup for some of its
core enterprise apps. The financial watchdog agency recently sent out a Request
for Information (RFI) on the process, technical requirements and costs of moving to
cloud services in fiscal year 2017. CFPB wants to establish a more complete
understanding on the costs associated with moving fully to a cloud solution for
email and office applications (e.g., documents, spreadsheets, presentations,
SharePoint and more).Read the rest
[FEDTECHMAGAZINE.COM]

ROI: 4 Ways Business Document Management Software Can Save You Money. Lisa
Croft, Group Product Marketing Manager at Adobe Document Cloud, talks about
the many ways business document management can save your company time,
space, and more importantly, loads of money. Here are the four most obvious ways
these tools provide excellent return-on-investment. Read more
[PCMAG.COM]

Section 508 Compliance & WCAG 2.0

HIRING: Blind Workers Test Limitations of Online Hiring Systems. Hard Rock Cafe.
GameStop. Dart Container. Albertsons. What do the theme-restaurant chain,
gaming retailer, foam cup maker, and grocery store chain have in common? All are
accused of having online job application systems that blind workers can’t access
fully. And all four companies face lawsuits in California federal court alleging
discrimination against blind and visually impaired job seekers at the very outset of
the job search process. And they’re not alone. Since April, seven other employers
have similarly been sued under California law in state court. The cases draw
attention to “huge” problems for many visually impaired Americans: accessing
online job sites and unemployment, the American Foundation for the Blind’s
Megan Dodd told Bloomberg Law. Read more
[BNA.COM]

APPLE: Sued Over Claims Website is Inaccessible to Visually Impaired Users.
Apple has become the target of a new lawsuit, one that claims the iPhone
producer’s website is violating the Americans with Disabilities Act (ADA) by not
being fully accessible to blind or visually-impaired consumers, due to the way the
website itself is coded. Read more
[APPLEINSIDER.COM]
AGILE: How USCIS Ensures Section 508 Compliance in Agile Development. Many
people ask how U.S. Citizenship and Immigration Services (USCIS) ensures Section
508 compliance in Agile projects – especially when Section 508 testing is still
largely manual. The short answer is that they do this the same way they ensure the
code works or that it meets security requirements: they test. And they do this as
early in the process as possible. Then, they do whatever else works. Read more
[HSTODAY.US]

POLICY & ISSUES: 19 State AGs Write Sessions Sharing CUNA’s ADA Concerns.
Attorneys General from nineteen states have written Attorney General Jeff
Sessions calling for clarity about how the Americans With Disabilities Act applies to
websites. Several of the attorneys general signed onto the letter as a direct result
of advocacy by state credit union leagues. CUNA continues its work to find a
solution on the regulatory and legislative arenas, as uncertainty over how the ADA
applies to websites has led to lawsuits against credit unions. Read more
[NEWS.CUNA.ORG]

Security Patches
FYI: Patch Tuesday, August 2018 Edition. Adobe and Microsoft each released
security updates for their software on Tuesday. Adobe plugged five security holes
in its Flash Player browser plugin. Microsoft pushed 17 updates to fix at least 60
vulnerabilities in Windows and other software, including two “zero-day” flaws that
attackers were already exploiting before Microsoft issued patches to fix them.
Read more
[KREBSONSECURITY.COM]
ORACLE: Apply Out-of-Band Patch for Database Flaw ASAP. Flaw in the Java VM
component of Oracle’s Database Server is easily exploitable, security experts warn.
Read more
[DARKREADING.COM]

Security Patches
INTEL: Beyond Spectre – Foreshadow, a New Intel Security Problem. Researchers
have broken Intel’s Software Guard Extensions, System Management Mode, and
x86-based virtual machines. Read more
[ZDNET.COM]
CISCO: Patches Router OS Against New Crypto Attack on Business VPNs. New
attack threatens enterprise VPN and could enable target networks to be
impersonated or allow a man-in-the-middle attack. Read more
[ZDNET.COM]

For the CIO, CTO & CISO
SECURITY: CIOs Reveal Their Security Philosophies. Global IT leaders describe their
approaches to cybersecurity application and communication. Read more
[CIO.COM]
NGA: On the Hunt for a New CTO. The National Geospatial-Intelligence Agency is
looking for a new chief technology officer to be the agency’s “authoritative expert
for technology.” Whoever ends up filling this role will be NGA’s second CTO — Dr.
Anthony Vinci, the agency’s first CTO, was appointed to the role in February 2018
and stepped down this month. Read more
[FEDSCOOP.COM]

CIO, CTO & CISO
CISO: Election Security Insights From Former Federal CISO. Retired Brigadier
General Gregory Touhill, who was appointed by President Obama as the first
CISO of the federal government, spells out what he sees as the essential steps
for fighting against Russian meddling in this year’s midterm elections. Read more
[BANKINFOSECURITY.COM]
WATCHDOG: Agency CIOs Still Don’t Have Mandated Authorities. The onus to
improve the use and management of technology in the federal government has
been put squarely on the shoulders of agency chief information officers.
However, across government, CIOs still don’t have the requisite authorities to
lead IT transformation, according to a recent report from the Government
Accountability Office. Read more
[NEXTGOV.COM]

Penetration Testing
SKILLS: That a ‘Next-Level’ Pentester Should Have. Top tier penetration testers
are a breed of their own. Here is how to make sure your pentester is topnotch.
Read more
[THREATPOST.COM]
DHS: Census CIO Says DHS Penetration Tests Confirm Data Security. U.S. Census
Bureau CIO Kevin Smith said that the Department of Homeland Security
performed penetration tests this year that were unable to break through Census’
data safeguards, confirming the strength of Census’ cybersecurity programs for
both its self-response website and in-field mobile devices. Read more
[MERITALK.COM]

Penetration Testing
NEW RESEARCH: To Identify a Hacker, Treat Them Like a Burglar. Imagine
someone robs your house. The savvy culprit didn’t leave behind fingerprints, shoe
prints, or any other discrete, identifying details. Still, police manage to link the
crime to a series of burglaries that happened the next town over, because of the
criminal’s behavior. Each robbery occurred in the same way, and in each case, the
perpetrator stole many of the same items. Now, new research indicates that the
techniques law enforcement use to tie crimes together through behavioral
patterns might help in the digital world too. Read more
[WIRED.COM]
FEDERAL GOVERNMENT: What Solutions and Services Can Best Support Federal
IT Modernization? Cutting-edge technologies move agencies toward their goals
for efficiency, productivity and security. Read more
[FEDTECHMAGAZINE.COM]

Open Source
UI DEV: Getting to Know Grommet, an Open Source UI Dev Tool. While
Grommet has been around since 2016, it is not among the best-known open
source development tools. The library of reusable UI components helps
developers create web applications. This overview explains what Grommet can
do, the problems it addresses, and what makes it appealing. Read more
[LINUX.COM]
DART 2: Open Source Dart 2 Revamp Focuses on Mobile, Web Development.
After a nearly eight-month pre-release preview, the open source Dart 2
programming language has emerged as a stable release that includes many
breaking changes in a revamp that focuses on mobile and Web client-side
development. Along with that Web focus, creator Google has shipped a
complete rewrite of the Dart Web platform. Read more
[ADTMAG.COM]

Open Source
SPOT THE BOT: Researchers Open-Source Tools to Hunt Twitter Bots. Their goal?
To create a means of differentiating legitimate from automated accounts and detail
the process so other researchers can replicate it. Read more
[DARKREADING.COM]
GSA: Offers Overview of How It’s Redesigning CAMEO. The General Services
Administration is getting ready to overhaul the system it uses as the federal
government’s buyer of IT solutions, and it provided industry stakeholders with a
sneak peek. Officials from the agency’s Federal Acquisition Service, including
Commissioner Alan Thomas, detailed their strategy to redesign the backend of the
CIO Application Maintenance, Enhancements, and Operations (CAMEO) system.
They plan to issue a follow-on contract that emphasizes commercial-off-the-shelf
(COTS) applications, an open-source data layer that works across technologies and a
whole lot of industry engagement. Read more
[FEDSCOOP.COM]

Business Intelligence
B2B: Self Service Business Intelligence Isn’t Here, Artificial Intelligence May Be The
Missing Piece. BI tools are still the arena of the analyst. Line managers are able to
look at visualizations in a dashboard, they even have a limited ability to investigate
the data underneath it, but a “what if?” thought almost always requires a loop back
to an analyst or a developer. While too many people in the industry continue to say
the solution to the problem is to get the managers to “think like data scientists”,
there will continue to be barriers to acceptance. It’s not the line manager’s job to be
a programmer or analyst any more than it is the programmer’s or analyst’s job do
deal with managing the business. What’s needed is to assist the manager. There are
two main technical problems to doing that. Read more
[FORBES.COM]

HR: Turning the Tide on Business Intelligence Failure. When does business
information become a business disadvantage? Using today’s Business Intelligence
(BI) tools can be a bit like trying to drink from a fire hydrant – too much information,
from all directions, with no control. Far too often the very business driver a
company set out to find and monitor gets lost in the melee. Read more
[BLEEPINGCOMPUTER.COM]
MICROSOFT: Updates Power BI Report URL Filter, Report Server Update.
Microsoft’s Power BI application has been given a number of feature updates aimed
at improving enterprise business intelligence reporting and improving the
performance of Power BI for users. Read more
[EWEEK.COM]

FEDERAL GOVERNMENT: Microsoft Says It Has Found a Russian Operation
Targeting U.S. Political Institutions. A group affiliated with the Russian government
created phony versions of six websites – including some related to public policy and
to the U.S. Senate – with the apparent goal of hacking into the computers of people
who were tricked into visiting, according to Microsoft, which said Monday night that
it discovered and disabled the fake sites. Read more
[WASHINGTONPOST.COM]

Operating Systems
GOOGLE: Chrome 69 Rolling Out ‘Material Design refresh’ Next Month ‘Across All
Operating Systems’. Even before the Google Material Theme was showcased at I/O
2018, the Chrome team has been working on a big redesign for the browser that
shares many similarities like rounded corners and stark white backgrounds.
Available on both desktop and mobile, this “Material Design refresh” is now
scheduled to begin rolling out in September with Chrome 69. Read more
[9TO5GOOGLE.COM]
CISCO: Patches Its Operating Systems Against New IKE Crypto Attack. Cisco
released security updates today to patch a vulnerability in the IOS and IOS XE
operating systems that run the vast majority of its devices. The vulnerability is
tracked as CVE-2018-0131 and is one of four CVE identifiers for a new
Bleichenbacher oracle cryptographic attack against the IKE (Internet Key Exchange)
protocol. Read more
[BLEEPINGCOMPUTER.COM]

Operating Systems
SECURITY: Securing the Server, Inside and Out. Computing is hard enough, but the
sophistication and proliferation of attacks on IT infrastructure, from the firewall
moat surrounding the corporate network all the way down into the guts of the
operating system kernel and deep into the speculative execution units on the
physical processor, make the task of computing – with confidence – doubly difficult.
It hasn’t helped that applications have become increasingly distributed and
virtualized, spread across networked machines and propped up on various layers of
software abstraction. Read more
[THENEXTPLATFORM.COM]

Operating Systems
FYI: SUSE Builds a Custom Linux Kernel to Boost Microsoft Azure Performance.
SUSE added a performance boost for enterprises running its Linux Enterprise Server
15 platform on the Microsoft Azure cloud. That boost comes from a custom-tailored
Linux kernel that provides up to 25 percent faster network throughput and a 23
percent drop in average latency for on-demand instances. Read more
[SDXCENTRAL.COM]

BYOD
SECURITY: Why BYOD Authentication Struggles to be Secure. A recent Bitglass
study pointed out some interesting statistics: Over a quarter (28%) of organizations
rely solely on user-generated passwords to secure BYOD, potentially exposing
countless endpoints to credential guessing, cracking and theft. 61% of respondents
also had reservations about Apple’s Face ID technology. Given that the general
concept in security has always been to eliminate passwords and use MFA, the
results are surprising, so why the disconnect? Read more
[INFOSECURITY-MAGAZINE.COM]

BYOD
DOD: ‘Wrong Trajectory’ in Mobile Strategy Stifles Marines’ BYOD Ambitions. The
Marine Corps has been talking about implementing a bring-your-own-device
strategy for more than three years as one way to cut costs and speed up its
adoption of commercial smartphone technology. But the service’s chief information
officer says the goal is still a long way off, and the Marines are still struggling to
bring aboard the most modern mobile devices, even when they’re owned by the
government. Read more.
TEXTBOOKS OPTIONAL: What Unbundling and BYOD Mean for Learning
Technology. Today, schools across the country look to educators to customize
learning for their unique classrooms. Here is how educators are accomplishing this
through unbundling and BYOD. Find out more
[ESCHOOLNEWS.COM]

BYOD
FEDERAL GOVERNMENT BYOD: The Mobile Security Conundrum. There are
currently more than 7.7 billion mobile connections around the world. Thanks to the
Internet of Things, it is predicted that the number of connected devices will reach
an astounding 20.8 billion by 2020. With the average number of mobile devices
owned per person currently estimated at 3.64, those devices are becoming
necessary equipment for today’s workers. Yet while the private sector has been
quick to establish Bring-your-own-device policies, the public sector has lagged
behind because of security and privacy concerns. Despite several initiatives —
including a White House-issued BYOD toolkit and two National Institute of
Standards and Technology documents (800-124 and 800-164) giving guidance on
securing devices that connect with government networks — many federal agencies
are still reluctant to establish BYOD policies. Read more
[GCN.COM]

Incident Response
PODCAST: Gain an Edge Over BEC and Account Compromise With Intelligent
Incident Response. As Black Hat heats up in Las Vegas, host Lorielle Paulk, product
marketing manager at IBM X-Force Incident Response and Intelligence Services
(IRIS), sits down with Nick Rossmann, research and operations lead at X-Force IRIS,
and Jordan Rogers, principal consultant at X-Force IRIS, to discuss the hottest
threats in today’s security landscape and the critical advantage of intelligent
incident response. Read more
[SECURITYINTELLIGENCE.COM]
ENDPOINT: 4 Reasons Why Companies Are Failing at Incident Response. When it
comes to containing the business impacts of a security breach, proper planning is
often the difference between success and failure. Read more
[DARKREADING.COM]

Incident Response
GDPR: Incident Response Under GDPR – What to Do Before, During and After a
Data Breach. The European Union (EU)’s General Data Protection Regulation (GDPR)
is in full effect, but many organizations still don’t have the processes in place to be
compliant. According to an IBM survey, only 36 percent of executives said they
expect to be GDPR-compliant by the enforcement date. For many organizations,
one of the top challenges is complying with the GDPR’s tight 72-hour data breach
notification window. To help organizations accelerate their incident response times
and meet this deadline, we’ve outlined steps privacy teams can take before, during
and after a data breach to help them comply with the GDPR and improve their
overall privacy and security processes. Read more
[SECURITYINTELLIGENCE.COM]

Incident Response
CIRP: Ten Considerations for a Cybersecurity Incident Response Plan. If you ask a
group of cybersecurity experts what should be included in a Cybersecurity Incident
Response Plan (“CIRP”), you will get a wide variety of answers. Happily, many of
those answers contain similar themes including these ten important considerations
your organization should be aware of when creating and managing a CIRP. Read
more
[LEXOLOGY.COM]

Cybersecurity
DNC: Says Hack Attack Was Actually Just a Cybersecurity Test. The Democratic
National Committee now believes its database of voters was the target of a third-
party test of its cybersecurity and not a cyber-attack, according to party officials.
Read more
[TIME.COM]
FYI: The Most Effective Defense is Proactive Cybersecurity. Your network is under
siege. If you’ve been working in IT or IT security for more than 15 minutes, you
should be aware that there’s a seemingly endless array of attackers and exploits
trying to infiltrate your network, compromise your servers and applications, and
steal your data every day. The thing that separates effective cybersecurity from
poor cybersecurity is just how proactive your network defenses are—do you
respond to threats, or react? Read more

Cybersecurity
CHRONICLE: One of Google’s Newest Sister Companies is Almost Ready to Go
After the $96 Billion Cybersecurity Industry on a ‘Planet Scale’. Chronicle is one of
Alphabet’s newest “Other Bets,” the group of Google’s sister companies that are
hoping to stumble on the next big thing in tech, such as self-driving cars (Waymo) or
high-speed internet access in remote areas (Loon). And cybersecurity is a
potentially massive opportunity for Alphabet. Research firm Gartner predicts
cybersecurity spending will hit $96 billion in 2018, and only increase from there.
Read more
[CNBC.COM]

Cybersecurity
FINANCIAL SERVICES: Cybersecurity Compliance Deadline Looming, Says NY
Regulator. Financial companies regulated by New York State Department of
Financial Services have less than a month to comply with another round of
cybersecurity rules, the agency’s head warned Wednesday. Read more
[AMERICANBANKER.COM]
WORK FORCE: Cybersecurity’s Insidious New Threat – Workforce Stress. The
thousands of cybersecurity professionals gathering at Black Hat, a massive
conference held in the blistering heat of Las Vegas every summer, are encountering
a different type of session this year. A new “community” track is offering talks on a
range of workplace issues facing defenders battling to protect the world from a
hacking onslaught. With titles like “Mental Health Hacks: Fighting Burnout,
Depression and Suicide in the Hacker Community” and “Holding on for Tonight:
Addiction in Infosec,” several of the sessions will address pressures on security
teams and the negative impact these can have on workers’ wellbeing. Read more
[TECHNOLOGYREVIEW.COM]

Cybersecurity
NNSA: Banning Software Isn’t the Route to Cybersecurity, Nuclear Security Agency
Official Says. The government should be focused on mitigating the danger any
software can pose, rather than banning software from China and elsewhere, the
NNSA CIO says. Read more https://fedtechmagazine.com/article/2018/
[NEXTGOV.COM]
IoT: Continental Offers Cyber Security Solutions from Argus and Elektrobit for All
Connected Vehicle Electronics. Technology company Continental recently
announced it is offering end-to-end cyber security and wireless software update
solutions integrated into connected vehicle electronics including telematics units,
infotainment systems, gateways and more from Argus Cyber Security (Argus) and
Elektrobit (EB). Read more
[DARKREADING.COM]

Cybersecurity
THE CYBERSECURITY 202: Trump Team Isn’t Doing Enough to Deter Russian
Cyberattacks. The Trump administration isn’t doing enough to deter Russian
cyberattacks, according to an overwhelming 94 percent of cybersecurity experts
surveyed by the Cybersecurity 202. Read more
[WASHINGTONPOST.COM]
GOOGLE: Doesn’t Want You to Have to Think About Cybersecurity. Your safety
online shouldn’t be your problem — it should be the tech giants’. Parisa Tabriz,
nicknamed “Google’s Security Princess” and the company’s director of engineering,
delivered the keynote speech at the Black Hat cybersecurity conference Wednesday
in Las Vegas, where she discussed issues with the state of cybersecurity. Read more
[CNET.COM]

Project Management
BEST PRACTICES: 6 Project Management Skills All Managers Should Adopt. Here
are six vital project management skills that you can adopt in your managerial
career to ensure better business outcomes for your organization. Read more
[SILICONREPUBLIC.COM]
CXO: 5 Things to Know About Remote Project Management. As the workforce
gets more spread out, managers need to acquire a few new skills, to keep everyone
on task. Read more
[TECHREPUBLIC.COM]

Project Management
DEVOPS: 8 Things They Don’t Teach You in Project Management School. Project
management is about more than shepherding software through the
development process. Don’t forget the humans and the team dynamic. Read
more
[INFORMATIONWEEK.COM]
FYI: Why Everyone is Now a Project Manager. A report from Planview detailed
the five biggest challenges to effective project management and the top tools in
the profession. Read more
[TECHREPUBLICAN.COM]

Application Development
INFOGRAPHIC: The Time and Cost of Mobile Application Development. A great
website is a necessity for just about any business, and ensuring that website works
well on mobile is also vital. But is your mobile website up to giving your customers a
stellar experience? If you’re unsure, check out these factors to determine whether
a mobile site or a mobile app is right for your business. If you decide your business
is ready for an app, then you’ll want to start thinking about cost. Read more
[MARKETINGPROFS.COM]
CIOs: 5 Things CIOs Misunderstand About Application Development. Do you have
a blind spot or two regarding the daily realities of your application developers?
Here’s what IT execs sometimes don’t “get” about modern application
development. Read more
[ENTERPRISERSPROJECT.COM]

Application Development
DEFENSE: New Application Development Standards Will Reduce Risk to
Commanders. The Navy is “moving out to enforce” this fall a new approach to
developing applications meant to rapidly push software to the fleet and reduce the
burden on operational commanders when software is problematic, according to a
senior Navy officer. Read more
[INSIDEDEFENSE.COM]
CLOUD: Best Practices for Your SaaS Laravel Application on AWS. It is not easy to
subsist in a modern cloud ecosystem. However, there are solid principles that will
help you to build a perfect AWS architecture for your Laravel application, including
the 12-factor methodology, design applications with a stateless approach and
decoupling service components. Read more
[DEVOPS.COM]

Big Data
SEARCH ACQUISITION: Twitter Kills Off Third-Party App Features. Twitter has
restricted access to APIs, which effectively kills off certain key features in popular
third-party apps. Most notably, third-party apps have lost the ability to deliver push
notifications and refresh the timeline automatically. Read more
[SEARCHENGINEJOURNAL.COM]
BIG DATA AND AI: Eight Ways Big Data And AI Are Changing The Business World.
By the end of 2018, it is predicted that 70% of enterprises (paywall) will implement
artificial intelligence (AI). This is up from 40% in 2016 and 51% in 2017. There’s one
thing that these statistics make crystal clear — big data and AI are here to stay.
Read more
[FORBES.COM]

Big Data
HEALTHCARE: How AI, Blockchain Combine to Fuel Healthcare Big Data Analytics.
Artificial intelligence and blockchain have quickly become the tools of choice for
developers, providers, and payers looking to bulk up their health IT infrastructure
with innovative, effective data management capabilities. Read more
[HEALTHITANALYTICS.COM]
FYI: Big Data Pros and Cons. These days every enterprise makes use of big data. Big
data analytics offers a veritable gold mine of potential benefits, but it also poses
significant challenges that could offset any potential gains. Read more
[DATAMATION.COM]

Internet of Things (IoT)
CITIES: 6 Ways The Internet Of Things Is Improving The Quality Of Urban Life. So
how are cities currently leveraging IoT to improve urban life and boost the
happiness of city dwellers? Here are six examples. Read more
[FORBES.COM]
READ: The Internet of Things Era: 6 Ways to Stay Safe. While the Internet of Things
(IoT) is full of promise and can, in many ways, make our lives easier, it comes at a
cost. The devices that we carry around in our pockets and place in our homes
control access to our possessions, and our most intimate personal details. In the
wrong hands, those gadgets have the power to put our physical safety at risk. You
need to stay safe. Read more
[REUTERS.COM]

SLIDESHOW: 10 Ways the Internet of Things Will Make Our Lives Better. The
Internet of Things (IoT) links a wide range of devices — including wearables, smart
appliances, and driverless cars — to each other and the cloud. This market could
grow from $171 billion in 2017 to $561 billion by 2022, according to market
research firm Reportlinker. Intel (NASDAQ:INTC) estimates that 200 billion devices
could be connected across the IoT market by 2020. Those bullish forecasts sparked
an IoT land grab in recent years, as many companies rushed to produce connected
devices. Here are 10 ways those products can improve our lives. Read more
[FOOL.COM]

COMMENT: Data Behaving Badly. The private sector, especially consumer-facing
organizations, are betting big on data-intensive technologies like artificial
intelligence and the internet of things. The trend is accelerating worldwide, with
private sector investments in AI projected to reach $12.5 billion in 2017 alone, and
IoT investments expected to top $800 billion. Although slower to embrace AI and
IoT, government is now pursuing them aggressively. Read more
[FCW.COM]

Personal Tech
GOOGLE: Make Several Gmail Addresses Out of One. Thanks to the way Google
processes your mail, you can modify part of your address for different situations
and still get all your messages. Read more
[NYTIMES.COM]
SURVEY: Faculty Members Voice Concerns About Student Reliance on Tech.
Personal technology use on campus is not expected to slow down. That has
presented several concerns among faculty and administrators regarding the impact
of technology dependence on student learning and on the reliability and security of
the related infrastructure. Read more
[EDUCATIONDIVE.COM]

Personal Tech
HOW TO: Give Your Old Computer New Life. If you’re not ready to buy a whole new
system, you might be able to add new parts and upgrade your aging machine for
less than a few hundred dollars. Read more
[NYTIMES.COM]
APPLE: Help a Fellow Mac User With Remote Tech Support. Just like Windows
users, Mac owners have ways to share and control another computer over the
internet to give a quick assist online. Read more
[NYTIMES.COM]

Mobile
NIST: Updating Recommendations for Mobile App Security. The National Institute
of Standards and Technology is working on updating its recommendations for how
organizations and developers can keep mobile applications secure. The updated
recommendations are being made to the Special Publication (SP) 800-163, Vetting
the Security of Mobile Applications document that was initially released in January
2015. The 50-page draft revision includes additional clarity and details on how to
minimize mobile app risks. Read more
[EWEEK.COM]
OUR HISTORY WITH MOBILE: A Prescient Steve Jobs Predicted Our Obsession with
Mobile Apps. Though even he might have undersold it a little. Read more
[ENGADGET.COM]

Mobile
SECURITY: Team Finds Many Mobile Applications Are Open to Web API Hijacking.
Smartphones, tablets, iPads—mobile devices have become invaluable to the
everyday consumer. But few consider the security issues that occur when using
these devices. Modern mobile applications or “apps” use cloud-hosted HTTP-based
application programming interface (API) services and heavily rely on the internet
infrastructure for data communication and storage. To improve performance and
leverage the power of the mobile device, input validation and other business logic
required for interfacing with web API services are typically implemented on the
mobile client. However, when a web service implementation fails to thoroughly
replicate input validation, it gives rise to inconsistencies that could lead to attacks
that can compromise user security and privacy. Developing automatic methods of
auditing web APIs for security remains challenging. Read more
[PHYS.ORG]

Mobile
CYBERSECURITY: Risky Mobile Apps No Fun for Entertainment Sector. In case it’s
not already on your risk radar, it’s time to add mobile apps to the growing list of
threat vectors. Mobile apps are risky across all sectors, but more specifically, those
that come from media and entertainment businesses are putting users at risk.
BitSight recently released the results of its research that looked at data from more
than 1,000 companies offering apps on iOS and Google Play and found
vulnerabilities across the board. Read more

Programming & Scripting Development
Client & Server-Side

JAVASCRIPT: Is JavaScript Destined to Be Usurped by TypeScript? Year after year
JavaScript features among the top 10 most widely used programming languages
worldwide, but is a challenger emerging to the venerable web favorite? An analysis
by TIOBE, which counts the number of hits for each programming language
returned by major search engines, suggests that Microsoft’s TypeScript is enjoying
an explosive growth in popularity and encroaching on areas previously dominated
by JavaScript. Read more
[TECHREPUBLIC.COM]
JAVA: Kotlin and Java Go Well Together, Report Shows. Kotlin is only seven years
old but it is already playing in the big leagues. Its massive success can be traced
back to the moment when Google announced Kotlin support in Android last year
but that was just the tip of the iceberg. According to Pusher’s State of Kotlin 2018
research report, great things are coming Kotlin’s way. Read more
[JAXENTER.COM]

GOOGLE: Google Debuts Jib, a Tool to Make Software Containers and Java Work
Better Together. Google LLC has released Jib, a new open-source tool that aims to
make software containers and the Java programming language work more
seamlessly together. Read more
[SILICONANGLE.COM]
PYTHON: GitHub Now Warns You About Flaws Affecting Your Python Code.
Python has joined Ruby and JavaScript on GitHub’s list of coding languages it scans
for security vulnerabilities. Developers using Python can now get security alerts for
any new bugs the code repository platform spots, as well as some recent
vulnerabilities Python has had. Read more
[ITPRO.CO.UK]

Cloud Computing
OPINION: Serverless Computing Is a Paradigm Shift for Cloud Computing. The
serverless revolution is akin to delivery companies moving away from owning large
trucks to managing a fleet of leased vans, and from there, to outsourcing
transportation to a third-party fleet of scooters. Read more
[CALCALISTECH.COM]
MICROSOFT: Catching Up to Amazon in Security Clearances for Cloud. That could
give Microsoft an edge over other potential bidders in the Pentagon’s winner-take-all
competition for a multibillion-dollar cloud computing contract. Read more
[SEATTLETIMES.COM]

Cloud Computing
BUSINESS TRANSFORMATION: Five Ways to Make the Most of the Move to On-
Demand. Cloud computing can’t fix everything but it can be a key element of
business transformation if handled well. Read more
[ZDNET.COM]
LINUX: How Red Hat Morphed From Linux Pioneer Into Cloud-Computing Player.
Red Hat’s reinvention is tied to the rise of cloud computing. Like many traditional
suppliers of information technology, it has been pressured to adapt. Read more
[INVESTORS.COM]

Announcement
Blue Mountain Data Systems DOL Contract Extended Another Six Months
The Department of Labor has extended Blue Mountain Data Systems Inc. contract
DOLOPS16C0017 for 6 months for network administration and application
support.
U.S. Dept. of Labor, Employee Benefits Security Administration
1994 to Present Responsible to the Office of Technology and Information Systems
for information systems architecture, planning, applications development,
networking, administration and IT security, supporting the enforcement of Title I
of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue
Mountain is responsible for design, development and support for its various
enforcement database management systems, as well as all case tracking and
customer service inquiry systems. Blue Mountain also provides IT security services
to the EBSA, in the form of FISMA Assessment and Authorization, System Security
Plans, Risk and vulnerability assessments, monitoring and investigation support.

IT Security | Cybersecurity
SECURITY: 5 Things You Need to Know About the Future of Cybersecurity. Terrorism
researchers, AI developers, government scientists, threat-intelligence specialists,
investors and startups gathered at the second annual WIRED conference to discuss
the changing face of online security. These are the people who are keeping you safe
online. Their discussions included Daesh’s media strategy, the rise of new forms of
online attacks, how to protect infrastructure, the threat of pandemics and the
dangers of hiring a nanny based on her Salvation Army uniform. Read more
[WIRED.CO.UK]
IT MANAGEMENT: Top 5 Cybersecurity Mistakes IT Leaders Make, and How to Fix
Them. Cybersecurity teams are largely understaffed and underskilled. Here’s how to
get the most out of your workers and keep your business safe. Read more.
[TECHREPUBLIC.COM]

FEDERAL GOVERNMENT: Rep. Hurd Champions Modernizing Federal Cybersecurity.
The federal government is and will continue to be a target of cyber crimes.
According to the Identity Theft Resource Center, U.S. companies and government
agencies suffered a total of 1,093 data breaches in 2016. Mid-year numbers for 2017
show 791 incidents as of the end of June – a 29 percent increase over the same
period in 2016. With that said, is the government doing enough to prepare for cyber
threats? On this episode of CyberChat, host Sean Kelley, former Environmental
Protection Agency chief information security officer and former Veterans Affairs
Department deputy chief information officer, spoke with Rep. Will Hurd (R-Texas)
about initiatives to modernize the federal cybersecurity space. Read more

STATE GOVERNMENT: To Simplify Cybersecurity Regulations, State Groups Ask
Federal Government for Help. A letter to the Office of Management and Budget
says that today’s regulatory environment “hampers” states in their pursuit of cost
savings and IT optimization. Find out more
STATESCOOP.COM]

From the Blue Mountain Data Systems Blog
Programming & Scripting
https://www.bluemt.com/programming-scripting-daily-tech-update-september-
29-2017/
Cloud Computing
https://www.bluemt.com/cloud-computing-daily-tech-update-september-18-
2017/
https://www.bluemt.com/business-intelligence-daily-tech-update-september-15-
2017/
Mobile Applications
https://www.bluemt.com/mobile-applications-daily-tech-update-september-11-
2017/

Personal Tech
https://www.bluemt.com/personal-tech-daily-tech-update-september-28-2017/
Databases
https://www.bluemt.com/databases-daily-tech-update-september-21-2017/
Penetration Testing
https://www.bluemt.com/penetration-testing-daily-tech-update-september-26-
2017/
Incident Response
https://www.bluemt.com/incident-response-daily-tech-update-september-14-
2017/

Security Patches
https://www.bluemt.com/security-patches-daily-tech-update-september-22-
2017/
Operating Systems
https://www.bluemt.com/operating-systems-daily-tech-update-september-20-
2017/
Encryption
https://www.bluemt.com/encryption-daily-tech-update-september-19-2017/
Cloud Computing
https://www.bluemt.com/cloud-computing-daily-tech-update-september-18-
2017/

Open Source
5-2017/
CTO, CIO and CISO
https://www.bluemt.com/cio-cto-ciso-daily-tech-update-september-6-2017/
Programming & Scripting
5-2017/

Security Risks Most Prevalent in Younger Workers
https://www.bluemt.com/security-risks-most-prevalent-in-younger-workers/
The Security World’s Maturation
https://www.bluemt.com/the-security-worlds-maturation/
Data Breach Concerns Keep CISOs Up At Night
https://www.bluemt.com/data-breach-concerns-keep-cisos-up-at-night/
Personalized Govt Equals Instant Gratification for Citizens
https://www.bluemt.com/personalized-govt-equals-instant-gratification-for-
citizens/

People-Centric Security
https://www.bluemt.com/people-centric-security/
Pentagon Tries BYOD To Strike Work/Life Balance
https://www.bluemt.com/pentagon-tries-byod-to-strike-worklife-balance/
Open Source Model Considered for MS Windows
https://www.bluemt.com/open-source-model-considered-for-ms-windows/
Open Internet: To Be or Not to Be?
https://www.bluemt.com/open-internet-to-be-or-not-to-be/

Malware Stays A Step Ahead Infecting One Third of Websites
https://www.bluemt.com/malware-stays-a-step-ahead-infecting-one-third-of-
websites/
Machine-Generated Data: Potential Goldmine for the CIO
https://www.bluemt.com/machine-generated-data-potential-goldmine-for-the-
cio/
Government Legacy Programs: Reuse vs. Replacement
https://www.bluemt.com/government-legacy-programs-reuse-vs-replacement/
It Takes a Whole Village to Protect Networks and Systems
https://www.bluemt.com/it-takes-a-whole-village-to-protect-networks-and-
systems/

Governance For the CIO
https://www.bluemt.com/governance-for-the-cio/
Help Desk Consolidation – Lessons Learned
https://www.bluemt.com/help-desk-consolidation-lessons-learned/
One Year Later, Companies Still Vulnerable to Heartbleed
https://www.bluemt.com/one-year-later-companies-still-vulnerable-to-
heartbleed/
Federal Projects Cultivate Worker Passion
https://www.bluemt.com/federal-projects-cultivate-worker-passion-2/

ABOUT US
Blue Mountain Data Systems Inc.
Blue Mountain Data Systems Inc. is dedicated to application
and systems development, electronic document management,
IT security support, and the automation of workflow processes.
Read more about our experience here:
>> http://bluemt.com/experience

Recent Experience
U.S. Dept. of Labor
Employee Benefits Security Administration
1994 to Present
Responsible to the Office of Technology and Information Systems for information
systems architecture, planning, applications development, networking,
administration and IT security, supporting the enforcement of Title I of the
Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue
Mountain is responsible for design, development and support for its various
enforcement database management systems, as well as all case tracking and
customer service inquiry systems. Blue Mountain also provides IT security services
to the EBSA, in the form of FISMA Assessment and Authorization, System Security
Plans, Risk and vulnerability assessments, monitoring and investigation support.

MANAGEMENT
Paul T. Vesely
Founder, President, CEO and Principal Architect
Mr. Vesely is a recognized thought leader in systems
architecture and delivery, having designed and
delivered many enterprise wide information and
document management solutions. Mr. Vesely’s history
includes 33 years experience in the information
systems industry, with Unisys, Grumman, PRC and a
host of clients in both government and private sectors.

CONTACT US
Contact Us Today to Discuss Your Next IT Project
HEADQUARTERS
366 Victory Drive
Herndon, VA 20170
PHONE 703-502-3416
FAX 703-745-9110
EMAIL
paul@bluemt.com
WEB
https://www.bluemt.com

Tech Update Summary from Blue Mountain Data Systems August 2018

Recomendados

Recomendados

Mais conteúdo relacionado

Último

Último (20)

Destaque

Destaque (20)

Tech Update Summary from Blue Mountain Data Systems August 2018