Tech Update Summary from Blue Mountain Data Systems June 2017

Blue Mountain Data Systems Tech Update Summary
June 2017

For CTOs, CIOs & CISOs
Visit Blue Mountain Data Systems
https://www.bluemt.com

For CTOs, CIOs & CISOs
Every business day, we publish a Daily Tech Update for Federal & State CTOs ,CIOs & CISOs on the Blue
Mountain Data Systems Blog. We hope you will visit our blog for the latest information.
You can also receive these updates via email. Click here to subscribe.
Here’s the summary of the Daily Tech Updates for June 2017. Hope the information and ideas prove
useful.
Best,
Paul Vesely
President and Principal Architect
Blue Mountain Data Systems Inc.

Encyption
FEDERAL GOVERNMENT: Suing to See the Feds’ Encrypted Messages? Good Luck.
The conservative group Judicial Watch is suing the Environmental Protection
Agency under the Freedom of Information Act, seeking to compel the EPA to hand
over any employee communications sent via Signal, the encrypted messaging and
calling app. In its public statement about the lawsuit, Judicial Watch points to
reports that EPA staffers have used Signal to communicate secretly, in the face of
an adversarial Trump administration. But encryption and forensics experts say
Judicial Watch may have picked a tough fight. Delete Signal’s texts, or the app
itself, and virtually no trace of the conversation remains. “The messages are pretty
much gone,” says Johns Hopkins crypotgrapher Matthew Green, who has closely
followed the development of secure messaging tools. “You can’t prove something
was there when there’s nothing there.” Find out more
[WIRED.COM]

Encyption
WHY: We Need to Encrypt Everything. Many major websites already encrypt by
default. Here’s why encryption and multifactor authentication should be
everywhere. Find out more
[INFOWORLD.COM]
NEWS: Make Encryption Ubiquitous, Says Internet Society. The Internet Society
has urged the G20 not to undermine the positive role of encryption in the name of
security, claiming it should provide the foundation of all online transactions. Find
out more
[INFOSECURITY-MAGAZINE.COM]

Encyption
FBI: $61M to Fight Cybercrime, Encryption in Trump Budget Proposal. President
Donald Trump’s budget blueprint for the federal government proposes a $61
million increase for the FBI and Justice Department in fiscal 2018 to better track
terrorist communications and combat cybercriminals. Find out more
[FEDSCOOP.COM]

Encyption
ENCRYPTION: Usage Grows Again, but Only at Snail’s Pace. Deployment pains and
problems with finding data in the corporate maze are being blamed for business’
lack of interest in crypto. Read more
[ZDNET.COM]
ATTACKS/BREACHES: The Long Slog To Getting Encryption Right. Encryption
practices have improved dramatically over the last 10 years, but most organizations
still don’t have enterprise-wide crypto strategies. Read the rest
[DARKREADING.COM]

Encyption
ENTERPRISE: Keeping the Enterprise Secure in the Age of Mass Encryption. How
can businesses ensure enterprise security in a world with mass encryption, given
Mozilla’s revelations recently that over half of webpages loaded by Firefox use
HTTPS. Find out
[INFORMATION-AGE.COM]
READ: Encryption Won’t Stop Your Internet Provider From Spying on You. Data
patterns alone can be enough to give away what video you’re watching on
YouTube. A 2016 Upturn report sets out some of the sneaky ways that user activity
can be decoded based only on the unencrypted metadata that accompanies
encrypted web traffic—also known as “side channel” information. Read more
[THE ATLANTIC.COM]

Databases
FPGAs: Shaking Up Stodgy Relational Databases. So you are a system architect,
and you want to make the databases behind your applications run a lot faster.
There are a lot of different ways to accomplish this, and now, there is yet another –
and perhaps more disruptive – one. Read more
[NEXTPLATFORM.COM]
DATA BREACHES: If You Want to Stop Big Data Breaches, Start With Databases.
Over the past few years, large-scale data breaches have become so common that
even tens of millions of records leaking feels unremarkable. One frequent culprit
that gets buried beneath the headlines? Poorly secured databases that connect
directly to the internet. Read the rest
[WIRED.COM]

Databases
TRENDS: Top Databases in 2017: Trends for SQL, NoSQL, Big Data, Fast Data.
What are the most in demand tools for data storage and processing this year? Find
out
[JAXENTER.COM]
IBM: Jumps on Bandwagon for Cloud Databases. Responding to what it says is
growing demand for deploying SQL databases in the cloud, IBM this week rolled
out a transactional database as a service on its SoftLayer cloud infrastructure. The
move reflects the steady advance of cloud-native data platforms along with a
growing number of analytics and transaction databases provisioned in the cloud.
Read more
[ENTERPRISETECH.COM]

More About Blue Mountain
BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S.
Dept. of Labor, Employee Benefits Security Administration. Responsible to the
Office of Technology and Information Systems for information systems
architecture, planning, applications development, networking, administration and
IT security, supporting the enforcement of Title I of the Employee Retirement
Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for
design, development and support for its various enforcement database
management systems, as well as all case tracking and customer service inquiry
systems. Blue Mountain also provides IT security services to the EBSA, in the form
of FISMA Assessment and Authorization, System Security Plans, Risk and
vulnerability assessments, monitoring and investigation support. Read more.

Electronic Document Management

SECURE DOCUMENTS: 18 Ways to Secure Your Electronic Documents. Electronic
Document Management Systems (EDMS) are electronic repositories designed to
provide organized, readily retrievable, collections of information for the life cycle of
the documents. How can you keep these electronic files secure during the entire
chain of custody? Here are 18 security suggestions. Read more
[BLUEMT.COM]
LEGAL DEPT DOCUMENT MANAGEMENT: Investing in New Technologies: How
Corporate Legal Departments Are Leading the Way. Many departments are looking
to technology to assist with automation of processes, resource and budgetary
management, and tracking. Connie Brenton, co-founder of Corporate Legal
Operations Consortium (CLOC), a non-profit association of legal operations
executives, explains, “Corporate executives expect the GC’s office to be a business
counselor to the firm, and to discuss numbers, data and analytics. Efficiency is now
essential for legal departments, and this has advanced software’s role and
accelerated technology adoption.” Find out more
[INSIDECOUNSEL.COM]

CFPB: Looks to Embrace Cloud for Email, Office Application Needs. The Consumer
Financial Protection Bureau wants to move to a public cloud setup for some of its
core enterprise apps. The financial watchdog agency recently sent out a Request
for Information (RFI) on the process, technical requirements and costs of moving to
cloud services in fiscal year 2017. CFPB wants to establish a more complete
understanding on the costs associated with moving fully to a cloud solution for
email and office applications (e.g., documents, spreadsheets, presentations,
SharePoint and more).Read the rest
[FEDTECHMAGAZINE.COM]

ROI: 4 Ways Business Document Management Software Can Save You Money. Lisa
Croft, Group Product Marketing Manager at Adobe Document Cloud, talks about
the many ways business document management can save your company time,
space, and more importantly, loads of money. Here are the four most obvious ways
these tools provide excellent return-on-investment. Read more
[PCMAG.COM]

Security Patches
MOBILE: March Android Security Update Breaks SafetyNet, Android Pay. An issue
with the March Android over-the-air security update has been resolved after
Nexus 6 users complained that Android Pay no longer worked after installation of
the update. The update in fact broke Android’s SafetyNet API which provides a
constant check on device integrity, blocking access to certain features – such as
Android Pay – if it believes a device has been rooted. A Google representative
confirmed to Threatpost that the issue was resolved and the OTA update re-issued,
even for devices that had already installed the bad update. Find out more
[THREATPOST.COM]

Security Patches
ADOBE: Flash Player New Security Update. On March 14, Adobe Flash Player
users should receive a new security update instead of the February patches. This
is because Microsoft has engaged to its earlier plan to defer and deliver the
updates at a later date even if the security patches are now available. On February
2017, Adobe has addressed the issue and found a solution in which a patch was
able to deal with the security problem. For this reason, users are given access to
both MS17-005 Security Update for the Adobe Flash Player. This is due to the
update from Adobe and the provision by Microsoft. This vulnerability has been
considered a critical issue due to the permission that it can grant the attackers. In
a report by security specialists, such a vulnerability indicates that attackers are
granted control of the machine that was infected. This is in the sense that they are
allowed to send remote commands.. Find out more
[TNHONLINE.COM]

Security Patches
SECURITY: After CIA Leaks, Tech Giants Scramble to Patch Security Flaws. Apple,
Microsoft, and Google are analyzing leaked CIA documents to see if their products
are affected, but security researchers say that most of the flaws have long been
fixed. Find out more
[ZDNET.COM]
CMS: WordPress Finally Patches 6 Glaring Security Issues. WordPress is the most
popular CMS in the world – and the most hacked. Just last month, hackers
engaged in a “feeding frenzy” at the expense of WordPress sites across the web,
exploiting a vulnerability found in the WP REST API plugin. After patching that
security issue, Automattic, the company behind WordPress, rolled out yet another
security patch this week in the form of WordPress 4.7.3. Find out more
[CMSWIRE.COM]

Security Patches
ORACLE: Oracle Releases Nearly 300 Security Patches. Apache Struts fixes take
the lead in the patch-Tuesday, which also includes fixes for various Shadow
Brokers leaks. Read more
[SCMAGAZINE.COM]
MICROSOFT: Patch Tuesday New Security Update Guide Gets Mixed Reviews.
Microsoft’s April Patch Tuesday finally revealed the company’s new approach in
rolling out and informing the industry on the security updates for the month and
at best has received mixed reviews from several industry insiders. Read the rest
[SCMAGAZINE.COM]

Security Patches
ANDROID: Pixel XL Devices Accidentally Receive ‘Googlers-only OTA’ of Next
Android Security Update. Google frequently uses their employees to dogfood
updates before they are released to the public. Earlier this evening, a “confidential
Googlers-only OTA” appears to have inadvertently been pushed to some Pixel XL
devices. Find out
[9TO5GOOGLE.COM]
READ: Shadow Brokers Lessons…First, Don’t Panic. If you’re worried about zero-
days and hacking tools but not outdated software and obsolete systems in your
network, then you’re doing security wrong. Read more
[INFOWORLD.COM]

For the CIO, CTO & CISO
CIO: USCIS CIO Schwartz to Leave Government. Mark Schwartz, the
groundbreaking chief information officer at the U.S. Citizenship and Immigration
Service in the Homeland Security Department is leaving government. Schwartz’s
decision to leave government is the second major change in the CIO ranks in the
last few weeks. David Bray, the Federal Communications Commission CIO, another
CIO who has been on the leading edge announced he’s moving to a new position at
the National Geospatial-Intelligence Agency. Read more
[FEDERALNEWSRADIO.COM]

CIO, CTO & CISO
CTO: Former VA CTO John Hays Named Merlin Federal Healthcare Solutions
Director. John Hays, a former chief technology officer at the Department of
Veterans Affairs, has joined Merlin International as director of federal healthcare
solutions business at the Englewood, Colorado-based information technology
and cybersecurity services contractor. Read the rest
[GOVCONWIRE.COM]

CIO, CTO & CISO
CISO: 3 Lessons Agencies Need to Learn from WannaCry. Federal government
systems escaped the global outbreak of the WannaCry ransomware, but
agencies can glean lessons to fend off whatever comes next. Find out more
[NEXTGOV.COM]
CIO AGAIN: DHS CIO Leads with a Hands-on Style. The Department of
Homeland Security isn’t looking for one-size-fits-all IT, said its CIO, Richard
Staropoli, but rather technology that can address common and specific needs
across its sprawling family of component agencies. Read more
[FCW.COM]

Penetration Testing
APPS: 6 Ways Your Apps May Be Attacked: How Crowdsourced Penetration
Testing Improves Software Development. In the modern world of security, there
is stuff you worry about and stuff you don’t. Most companies have SaaS and
third-party applications, cloud infrastructure, and other systems. For much of
this footprint, there is only a limited amount you can do to ensure protection.
The fundamental security of the systems is the responsibility of the provider.
Read more
[FORBES.COM]
DEVOPS: Framework Speeds Software Delivery. A new DevOps framework can
help agile developers securely upgrade government IT systems and move to the
cloud. After about almost a year of testing at several agencies, including the
Department of Health and Human Services and the Federal Emergency
Management Agency, eGlobalTech has made its DevOps Factory broadly
available. Read the rest
[GCN.COM]

Penetration Testing
CITIES: A 10-Step Cybersecurity Checklist for Smart Cities. In order to guide
smart city developers, Trend Micro has come up with a quick 10-step
cybersecurity checklist they can refer to when implementing smart technologies.
Find out more
[ENTERPRISEINNOVATION.NET]
VULNERABILITIES: Hacking The Penetration Test. Penetration testers rarely get
spotted, according to a Rapid7 report analyzing its real-world engagements.
Read more
[DARKREADING.COM]

Open Source
OPEN19: The Vendor-Friendly Open Source Data Center Project. In case you
missed it, LinkedIn last month teamed up with GE, Hewlett Packard Enterprise,
and a host of other companies serving the data center market to launch a
foundation to govern its open source data center technology effort. The Open19
Foundation now administers the Open19 Project, which in many ways is similar
to the Open Compute Project, started by Facebook, but also stands distinctly
apart thanks to several key differences. Read more
[DATACENTERKNOWLEDGE.COM]

Open Source
CLOUD: Google Open Sources More Machine Learning Computer Vision
Technology. Google has made more of its extensive research around machine
learning and computer vision available to the open source community. The
company has publicly released an API that developers and researchers can use to
explore a Google computer vision system for automatically detecting and correctly
identifying multiple objects in a single image. Read the rest
[EWEEK.COM]

Open Source
NSA: Sharing 32 Open Source Projects on GitHub. The US National Security
Agency (NSA) has launched an official GitHub page. GitHub is an online service
used to share code amongst programmers. So, what is the NSA sharing? So far, it
lists 32 different projects, although several, like SELinux, are years old. Find out
more
[THEINQUIRER.NET]
GSA: Looks to Bring AI to Proposal Reviews. The General Services
Administration wants to streamline the FASlane review process for new
proposals by using distributed ledger technology, automated machine learning
and/or artificial intelligence to review and exchange information. Read more
[GCN.COM]

Business Intelligence
DISCOVER: 7 Forces Driving Modern Business Intelligence Growth. The number of
organizations embracing business intelligence platforms continues to grow, but
more focus is being placed on business-led, agile analytics and self-service features
rather than IT-led system-of-record reporting. That is the finding of a recent study
by Gartner, which looked at market trends in business intelligence and analytics
overall, and differences between traditional BI investments and modern BI. Find out
more
[INFORMATION-MANAGEMENT.COM]
GOOGLE: The AI Talent Race Leads Straight to Canada. America’s biggest tech
companies are remaking the internet through artificial intelligence. And more than
ever, these companies are looking north to Canada for the ideas that will advance AI
itself. Find out more
[WIRED.COM]

READ: The Unmistakable Conviction of Visual Business Intelligence. Visual business
intelligence represents the summation of BI’s time-honored journey from the
backrooms of IT departments to the front offices of business analysts and C level
executives alike. It seamlessly merges the self-service movement’s empowerment
of the business via user-friendly technology with the striking data visualizations
servicing everything from data preparation to analytics results. Find out more
[KMWORLD.COM]
NGA: Looks to “Reinvent security’ with Fast-Churn Cloud Architecture. To better
protect the nation’s intelligence networks, the National Geospatial-Intelligence
Agency is moving most of its IT operations to the cloud and looking to “reinvent
security” in the process. Jason Hess, the NGA’s chief of cloud security, wants to take
advantage of cloud’s flexibility to tear down the agency’s IT architecture and rebuild
it every day so that would-be attackers will confront a confusing operating
environment and enjoy limited time-on-target. Find out more
[GCN.COM]

Operating Systems
WINDOWS 10: Is Windows 10 an Operating System or an Advertising Platform?
Windows 10 has certainly gotten its share of lumps since it was released. Some
users really liked it, while other detested the changes made by Microsoft. Windows
10 has proven to be a great example of beauty being in the eye of the beholder.
One writer at BetaNews recently wondered if Windows 10 was an operating system
or an advertising platform. Find out more
[INFOWORLD.COM]

Operating Systems
MOBILE: Android is Set to Overtake Windows as Most Used Operating System.
After more than eight years in the hands of consumers, Android is poised to
overtake Windows as the most used operating system in the world. This
measurement comes by way of web analytics firm StatCounter, which follows
trends in worldwide web traffic. Microsoft Windows holds the slimmest of margins
over Android, and they could trade positions very soon if current trends continue.
Find out more
[EXTREMETECH.COM]

Operating Systems
PERSONAL TECH: Just What Was in That iOS System Update? When you get the
notice of a software update for iOS, there’s usually a link to read about the security
content of the update. But where does Apple officially tell you about all other things
that change in these upgrades? Find out more
[NYTIMES.COM]
LEARN: The Best Alternatives Operating Systems. For most people, the only
operating systems they know of are Windows, macOS, Android and iOS. However,
there are other operating systems you can consider. Here’s a list of six alternative
operating systems for your review. Find out more
[HACKREAD.COM]

Incident Response
ENERGY DEPT: Exercise Reveals ‘Gaps’ in Major Cyber Incident Response.
Department of Energy exercise last year found shortcomings in the way that federal,
state and local governments would work with industry to respond to a major cyber
incident affecting energy infrastructure on the East Coast. Read more
[THEHILL.COM]
OPINION: Complete Security Deception Includes Detection and Incident Response.
Finding a threat solves only part of the problem. A complete deception solution will
also enable better incident response. Read the rest
[NETWORKWORLD.COM]

Incident Response
BRIEFS: Threats, Violent Incidents at Federal Facilities Assessed. Read a recent CRS
report examining violent incidents at federal facilities, including a tally of nearly
1,000 incidents in recent years that it says probably represents only a small portion
of such incidents. Find out
[FEDWEEK.COM]
READ: Will Congress Help Fund New State and Local Cyber Programs? Back in early
March, a bipartisan group introduced the State Cyber Resiliency Act. If passed and
funded, the legislation would provide grants for state and local governments to
improve cybersecurity protections and incident response. Here’s what you need to
know. Read more
[GOVTECH.COM]

Cybersecurity
CITIES: As Cities Get Smarter, Hackers Become More Dangerous. This Could Stop
Them. As governments create smarter cities, they need cybersecurity measures
built from the ground up – or they risk costly data breaches which could
compromise the privacy of their citizens. Find out more
[CNBC.COM]
FEDERAL GOVERNMENT: Looking to the Feds for Help in Fighting Cybercriminals.
Cybercriminals are unrelenting in their attacks on state and local government
computer networks, which contain detailed personal and business information —
such as birth certificates, driver’s licenses, Social Security numbers and even bank
account or credit card numbers — on millions of people and companies. Now, state
and local officials are hoping Congress will give them some help in fending off the
constant threat. Find out more
[GCN.COM]

Cybersecurity
INSURANCE: How AIG’s Cyber Security Gamble Could Pay Off. American
International Group (AIG) has recently begun offering personal cyber security
insurance plans to individuals. The company appears to be riding a wave of
individuals’ fears about losing online data or having their bank accounts emptied,
and should find success with wealthier customers who have a lot to lose. But it
remains to be seen whether ordinary consumers will come to regard cyber security
insurance as a necessary expense. Find out more
[FORTUNE.COM]

Cybersecurity
NIST: Must Audit Federal Cybersecurity Because DHS Isn’t, Hill Staffer Says. A
senior House science committee staffer Friday defended controversial legislation
expanding the authorities of the government’s cybersecurity standards agency,
saying it’s necessary because other agencies aren’t stepping up to the job. The bill,
which passed the committee nearly entirely with Republican support earlier this
month, would direct the National Institute of Standards and Technology to audit
agencies’ cyber protections within two years, giving priority to the most at-risk
agencies. Find out more
[NEXTGOV.COM]

Cybersecurity
STATES: Rhode Island Names First State Cybersecurity Officer. Mike Steinmetz
brings a wealth of public- and private-sector experience to the Ocean State, where
he will serve as the first cybersecurity officer. Read more
[GOVTECH.COM]
MANAGEMENT: NASCIO Midyear 2017 – Cybersecurity, Agile Take Center Stage.
Mitigating hacking attacks, implementing more nimble procurement methods and
more will be explored at this year’s National Association of State Chief Information
Officer’s Midyear Conference. Read the rest
[STATETECHMAGAZINE.COM]

Cybersecurity
WHY: You Must Build Cybersecurity Into Your Applications. One of the largest
changes underway in the way we create software is that cybersecurity is no longer
an afterthought, but instead is being built into every application. The challenge
many companies face is how to keep up and make sure the software they create is
just as safe as the products they buy. Find out
[FORBES.COM]
NETWORKS: Trump’s Cybersecurity Mystery: 90 Days In, Where’s the Plan? An
executive order was shelved without explanation, and a promised cybersecurity
report hasn’t materialized. Read more
[NETWORKWORLD.COM]

Cybersecurity
SECURITY: Greg Touhill’s Cyber Advice – Think Like a Hacker. DHS aims to get ahead
of cybersecurity adversaries via automation tools, but the former U.S. CISO
recommends a change of mindset as well. Read more
OPINION: Here’s Why Agencies Shouldn’t Give Up on Firewalls. There has been a
lot of talk lately about the death of the security perimeter for computer networks,
which is an especially sensitive topic for the federal government that helped to
create the concept. Everyone seems to think it’s now impossible within
cybersecurity to draw a line and keep bad guys on one side and authorized users on
the other. Read the rest
[NEXTGOV.COM]

Cybersecurity
ENTERPRISE: Keeping the Enterprise Secure in the Age of Mass Encryption. How
can businesses ensure enterprise security in a world with mass encryption, given
Mozilla’s revelations recently that over half of webpages loaded by Firefox use
HTTPS. Find out
[INFORMATION-AGE.COM]
COMMENT: Securing the Government Cloud. What many government network
defenders have forgotten is that security in a cloud environment is a shared
responsibility. The cloud provider secures the internet and physical infrastructure,
but the cloud customer is responsible for protecting its own data. FedRAMP and
third-party certifications assure that the cloud provider is doing its part. But it is
ultimately up to customers to ensure they’re taking steps to prevent, detect and
respond to cyber adversaries during the attack lifecycle. Read more
[FCW.COM]

Project Management
GUIDE: Scrum Agile Project Management: The Smart Person’s Guide. Here’s a
go-to guide on scrum, a popular agile project management framework. You’ll
learn scrum terminology, how to use the methodology in software and product
development projects, and more. Find out more
[TECHREPUBLIC.COM]
TOOLS: 7 Project Management Tools Any Business Can Afford. There’s no
shortage of project management solutions for mid-size and large businesses.
Startups, though, have limited budgets and simply can’t afford high-priced
project management software. Here are seven affordable options. Find out more
[CIO.COM]

Project Management
RISK: Open Source Project Management Can Be Risky Business. Learn how
open source code is a huge factor in mitigating risk. Find out more
[OPENSOURCE.COM]
FEDERAL GOVERNMENT: Get on the Same Platform, CIO Council Urges. Taking a
government-as-a-platform approach to IT service delivery by leveraging cloud-
supported solutions can help modernize and digitize federal agencies, according
to a new report from the CIO Council. Find out more
[GCN.COM]

Project Management
FITNESS TRACKING: Weight Loss On Your Wrist? Fitness Trackers May Not Help.
Fitness trackers remain wildly popular, but do they make us fit? Maybe not,
according to a study that asked overweight or obese young adults to use the tiny
tracking tools to lose weight. Read the rest
[NPR.ORG]

Application Development
FEDERAL GOVERNMENT: New Platform Tries to Bring Some Normalcy to the Agile
Craze. New data from Bloomberg Government shows spending on agile services
increased to $368 million in fiscal 2016 from $242 million in 2015 among the 40
biggest contract vehicles. The MITRE Corp. developed a free online platform called
Acquisition in the Digital Age (AiDA) to provide tools, references and best practices
for agencies to use agile methodologies. Read more
CLOUD: Can an Agile Cloud Plug the ‘Brain Drain’ in Public Service? Do stacks of
paperwork detailing security and compliance regulations keep talented innovators
out of government agencies that badly need them? Read the rest
[SILICONANGLE.COM]

Application Development
STATE & LOCAL GOVERNMENT: 5 Tech Projects That Show Major Benefits Can
Come from Modest Investments. In these days of agile development, with Silicon
Valley preaching the virtues of failing fast and moving on, it’s hard to see a place
for the traditional great big IT procurement in government. Find out more
[GOVTECH.COM]
LEARN: How to Build an Agile Marketing Team Across Time Zones. Agile
marketing is focused around core teams that are always innovating, testing,
analyzing and revising, an approach that’s made even more challenging these days
by two fast-growing organizational trends: freelance employees and remote teams.
One result of these trends is that companies – even small ones – must find ways to
collaborate across time zones to deliver competitive marketing services to their
clients and customers. Here are four techniques for staying agile. Read more
[CMSWIRE.COM]

Big Data
TRENDS: 5 Trends Driving Big Data in 2017. The ways companies are using data is
changing, marking the advancement of tools and the investment from executive
leadership of forecasting more parts of the business. To touch on the changing Big
Data market, here are five major trends: Read more
[CIODIVE.COM]
INVESTING: Warren Buffett’s Disarmingly Simple Investment Strategy, Explained
by Big Data. In a fascinating new book, a former Google data scientist offers a
whole chapter about his brief misadventures in trying to apply big data – what we
know from massive amounts of Internet searches – to investing. There is also an
interesting analysis as to why Warren Buffett seems to always win big at investing.
Essentially, the data say, it’s because he’s a positive guy. Read the rest
[MARKETWATCH.COM]

Big Data
TECH: Big Oil Turns to Big Data to Save Big Money on Drilling. In today’s U.S. shale
fields, tiny sensors attached to production gear harvest data on everything from
pumping pressure to the heat and rotational speed of drill bits boring into the rocky
earth. The sensors are leading Big Oil’s mining of so-called big data, with some firms
envisioning billions of dollars in savings over time by avoiding outages, managing
supplies and identifying safety hazards. Find out more
[REUTERS.COM]

Big Data
LEARN: 3 Massive Big Data Problems Everyone Should Know About. Today, Big
Data gives us unprecedented insights and opportunities across all industries from
healthcare to financial to manufacturing and more. But, it also raises concerns and
questions that must be addressed. The relentless changes to technology and Big
Data are keeping everyone on their toes, and the reality is that organizations and
tech departments, government agencies, consumer protection groups and
consumers are struggling to keep up. For me, there are 3 Big Data concerns that
should keep people up at night: Data Privacy, Data Security and Data
Discrimination. Read more
[FORBES.COM]

Mobile
JOBS: How RMAD Tools Affect IT and Mobile Developer Jobs. Professionals who
use rapid mobile app development tools don’t need to know how to code, but
these products don’t take job opportunities away from mobile app developers.
Read more
[SEARCHMOBILECOMPUTING.TECHTARGET.COM]
ENTERPRISE: A New Generation of Enterprise Mobile App Development –
Welcome to RMAD 3.0. With the mass-market availability of these more
‘comprehensive’ RMAD 3.0 solutions, enterprises are beginning to adopt
technology that for many years they were skeptical of or adverse to. For those that
haven’t embraced RMAD 3.0 yet, a recent study found that more than a third of
companies are considering doing so. With momentum at its back, RMAD 3.0 seems
poised to become the enterprise mobile app development solution that even the
most skeptical organisations can trust. Here’s what you need to know. Read the rest
[APPSTECHNEWS.COM]

Mobile
MOBILE WEB: FCC, FEMA and SSA Retool Their Digital Services To Meet Rising
Expectations. How is federal IT changing to appease citizens who demand more
responsive and consumer-grade tech services? Find out more
MOBILE SECURITY: How to Secure Your Agency’s Increasingly Mobile Workforce.
Millennials expect increasingly remote working opportunities, but governments
need to ensure that smart home tech isn’t making government networks vulnerable
to attack. Read more
[STATETECHMAGAZINE.COM]

Programming & Scripting Development
Client & Server-Side

JAVASCRIPT: 10 JavaScript Concepts Every Node.js Programmer Must Master.
JavaScript can be a boon if used with care – or a bane if you are reckless. Following
structured rules, design patterns, key concepts, and basic rules of thumb will help
you choose the optimal approach to a problem. Which key concepts should
Node.js programmers understand? Here are 10 JavaScript concepts that are most
essential to writing efficient and scalable Node.js code. Read more
[INFOWORLD.COM]
JAVA: 7 Reasons Java Is Not Heading to Retirement. Three billion devices currently
run on Java, according to Oracle, the billion-dollar computer tech corporation that
champions the platform. But even with its worldwide popularity, skeptics challenge
the ability for Java to retain its predominance. However, arguments for
modernization don’t always translate into “out with the old and in with the new.”
Read the rest

PYTHON: The Python Programming Language Grows in Popularity. Stack
Overflow’s recently released Trends solution shows Python has grown 14.3% from
2015 and 2016. According to the Python Software Foundation (PSF), “Python is
being used in a variety of ways. Many computer programming languages have a
niche area that they serve. For example, Bash scripts focus on operating system
tasks, while Ruby focuses more on web development. It seems like Python is used
in every domain – system operations, web development, deployment, scientific
modeling, etc etc. There is no other language that is so versatile.” Find out more
[SDTIMES.COM]
SWIFT: Apple Launches a Curriculum for Schools Teaching Swift. Apple has
launched a curriculum for schools teaching app development using the company’s
beloved Swift programming language. Now available on the iBooks store, the ‘App
Development with Swift’ curriculum is a full-year course designed by Apple’s
engineers and educators which aims to help students get started with various
elements of app design. Read more
[DEVELOPER-TECH.COM]

FYI: 10 Up-and-Coming Programming Languages Developers Should Get to Know.
There are currently huge numbers of different programming languages in use by
software developers, with most jobs requiring the more familiar skills such as Java,
JavaScript, PHP and C#. However, as software demands evolve and grow, new and
less widely-accepted languages are gaining in prominence, offering developers the
right tool for certain jobs. Find out more
[TECHWORLD.COM]
OPEN SOURCE: Introduction to Functional Programming. Here’s an explanation of
what functional programming is, how to explore its benefits, and a list of resources
for learning functional programming. Find out more
[OPENSOURCE.COM]

JAVASCRIPT: WIRED Had a Potential Infosecurity Problem. Here’s What We Did
About It. On February 26th, WIRED’s security reporter Andy Greenberg received an
email from Sophia Tupolev, the head of communications at the security firm
Beame.io, saying she’d found a security issue on WIRED.com. Tupolev’s company
had discovered sensitive data in the source code on many pages on our site,
including obfuscated, “hashed” passwords and email addresses for current and
former WIRED writers. Here’s what WIRED did to solve the problem. Find out more
[WIRED.COM]

JAVA: Managing Both Acute and Chronic Web Application Security Issues. A new,
high-severity vulnerability emerged in the Apache Struts 2 open-source framework
used to build Java web applications. The flaw allows hackers to inject commands
into remote web servers. Within hours, organizations around the world reported
attacks exploiting CVE-2017-5638 while Struts 2 users scrambled to apply a patch
from the Apache Foundation. What are the practical effects of these events, and
what should government InfoSec leaders and practitioners do now? Find out more
[GCN.COM]

Cloud Computing
CLOUD WARS: Amazon Accuses Walmart of Bullying in Cloud Computing Clash.
Walmart, the US’s biggest retail chain, has been accused of trying to coerce its
technology suppliers into shunning Amazon’s cloud computing service. Amazon has
accused its rival of attempting to “bully” the IT companies into picking a rival
platform. The row follows a report by the Wall Street Journal, which said other
unnamed large retailers had also asked vendors to shun Amazon Web Services.
Read more
[BBC.CO.UK]

Cloud Computing
CLOUD SPEND: Report Affirms Continued Cloud Spend for US Businesses in 2017.
More than two thirds of businesses plan to increase their cloud computing spending
in 2017, according to a new report from B2B research provider Clutch. The report,
which polled 283 IT professionals at businesses across the United States, also found
that for almost half (47%) of organisations, increased cost is a key challenge with
their cloud provider. Read the rest
[CLOUDCOMPUTING-NEWS.NET]

Cloud Computing
TRENDS: 3 Things You Should Know About Cloud Computing Right Now. It is no
understatement to say that public cloud computing is revolutionizing how
technology is used. Executives from the top three public cloud providers – Amazon
Web Services, Microsoft Azure, and Google Cloud Platform – spoke at the GeekWire
Cloud Tech Summit in Bellevue, Wash in early June. Here are three lessons you need
to learn now. Find out more
[FORTUNE.COM]
NEW CLOUD REGION: Amazon.com to Open Second Government Cloud-Computing
Region. The cloud-computing unit of Amazon.com said the new AWS GovCloud
Region – which can include one or more data centers – is expected to open in 2018.
It will be located on the East Coast. Read more
[SEATTLETIMES.COM]

Announcement
Blue Mountain Data Systems DOL Contract Extended Another Six Months
The Department of Labor has extended Blue Mountain Data Systems Inc. contract
DOLOPS16C0017 for 6 months for network administration and application
support.
U.S. Dept. of Labor, Employee Benefits Security Administration
1994 to Present Responsible to the Office of Technology and Information Systems
for information systems architecture, planning, applications development,
networking, administration and IT security, supporting the enforcement of Title I
of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue
Mountain is responsible for design, development and support for its various
enforcement database management systems, as well as all case tracking and
customer service inquiry systems. Blue Mountain also provides IT security services
to the EBSA, in the form of FISMA Assessment and Authorization, System Security
Plans, Risk and vulnerability assessments, monitoring and investigation support.

IT Security | Cybersecurity
PETYA: Cyber-attack was About Data and Not Money, Say Experts. The Petya
malware variant that hit businesses around the world may not have been an
attempt to make money, suspect security experts. The malicious program demanded
a payment to unlock files it scrambled on infected machines. However, a growing
number of researchers now believe the program was launched just to destroy data.
Experts point to “aggressive” features of the malware that make it impossible to
retrieve key files. Read more
[BBC.COM]
OPINION: Why Cybersecurity Should Be The Biggest Concern Of 2017. Professional
hacker Cesar Cerrudo believes most technology is vulnerable and can be hacked.
Some experts predict that by 2020 there will be 200 billion connected things. Cars,
planes, homes, cities, and even animals are being connected. As technology
becomes more and more deeply integrated into our lives, Cerrudo believes our
dependence on technology makes us vulnerable if technology fails. Read more
[FORBES.COM]

IT Security | Cybersecurity
SECURITY THINK TANK: Patching is Vital and Essentially a Risk Management
Exercise. How should organisations address the need to keep software up to date
with security patches without it costing too much or being too labour intensive?
Find out more
[COMPUTERWEEKLY.COM]
MICROSOFT: Windows 10 Fall Creators Update – What’s Coming on the Security
Front. Microsoft will be adding a number of new security features to Windows 10
Fall Creators Update, but for Enterprise and Windows Server users only.
Read more
[ZDNET.COM]

From the Blue Mountain Data Systems Blog
Personal Tech
https://www.bluemt.com/personal-tech-daily-tech-update-october-28-2016
IT Management
https://www.bluemt.com/it-management-daily-tech-update-october-27-2016
https://www.bluemt.com/business-intelligence-daily-tech-update-october-26-
2016
Incident Response
https://www.bluemt.com/incident-response-daily-tech-update-october-25-2016

Security Patches
https://www.bluemt.com/security-patches-daily-tech-update-october-24-2016/
BYOD
https://www.bluemt.com/byod-daily-tech-update-october-21-2016/
Databases
https://www.bluemt.com/databases-daily-tech-update-october-20-2016/
Operating Systems
https://www.bluemt.com/operating-systems-daily-tech-update-october-19-
2016/

Encryption
https://www.bluemt.com/encryption-daily-tech-update-october-18-2016/
Cloud Computing
https://www.bluemt.com/cloud-computing-daily-tech-update-october-17-2016/
Programming & Scripting
https://www.bluemt.com/programming-scripting-daily-tech-update-october-14-
2016/
Incident Response
https://www.bluemt.com/incident-response-daily-tech-update-october-13-
2016/

Cybersecurity
https://www.bluemt.com/cybersecurity-daily-tech-update-october-12-2016/
Big Data
https://www.bluemt.com/big-data-daily-tech-update-october-11-2016/
Mobile Applications
https://www.bluemt.com/mobile-applications-daily-tech-update-october-7-
2016/
Cloud Computing
https://www.bluemt.com/cloud-computing-daily-tech-update-october-6-2016/

Open Source
https://www.bluemt.com/open-source-daily-tech-update-october-5-2016/
CTO, CIO and CISO
https://www.bluemt.com/cto-cio-ciso-daily-tech-update-october-4-2016/
Programming & Scripting
https://www.bluemt.com/programming-scripting-daily-tech-update-october-3-
2016/

Feds Report Mixed Responses to Shared Services
https://www.bluemt.com/feds-report-mixed-responses-to-shared-services
Federal Employees Are Not Security Experts
https://www.bluemt.com/federal-employees-are-not-security-experts
Survival Guide for Network Administrators
https://www.bluemt.com/survival-guide-for-network-administrators
DBaaS: OpenStack Trove Changes DB Management
https://www.bluemt.com/dbaas-openstack-trove-changes-db-management

Help Wanted: Certified Cybersecurity Professionals
https://www.bluemt.com/help-wanted-certified-cybersecurity-professionals
Cyber Threat Intelligence Integration Center Preview
https://www.bluemt.com/cyber-threat-intelligence-integration-center-preview/
Cloud Moves in 1-2-3
https://www.bluemt.com/cloud-moves-in-1-2-3/
Change Management for Disaster Recovery
https://www.bluemt.com/change-management-for-disaster-recovery/

Jeffersonian Advice For C-Suite Career Advancement
https://www.bluemt.com/jeffersonian-advice-for-c-suite-career-advancement/
Ways To Survive The “Mobile-Pocalypse”
https://www.bluemt.com/ways-to-survive-the-mobile-pocalypse/
Microsoft Cloud Services Receive FedRAMP Authority to Operate
https://www.bluemt.com/microsoft-cloud-services-receive-fedramp-authority-
to-operate/
Hiring Pentesters? Here Are 10 Things You Need to Know
https://www.bluemt.com/hiring-pentesters-here-are-10-things-you-need-to-
know/

Home Router Malware Alert
https://www.bluemt.com/home-router-malware-alert/
Threat Model Deconstruction
https://www.bluemt.com/threat-model-deconstruction/
Business Email Scam Nets $214 Million
https://www.bluemt.com/business-email-scam-nets-214-million/
How to Prevent Unauthorized Software from Taking Over Your Organization
https://www.bluemt.com/the-cios-guide-to-happy-end-users-2/

Digital Marketing Predictions for 2015
https://www.bluemt.com/digital-marketing-predictions-for-2015/
SDN: Network Administrator’s Friend or Foe?
https://www.bluemt.com/sdn-network-administrators-friend-or-foe/
Mobile Payments: A Must for Federal Agencies
https://www.bluemt.com/mobile-payments-a-must-for-federal-agencies/
Soft Skills Are A Must-Have For Careers In IT
https://www.bluemt.com/soft-skills-are-a-must-have-for-careers-in-it/

Security Risks Most Prevalent in Younger Workers
https://www.bluemt.com/security-risks-most-prevalent-in-younger-workers/
The Security World’s Maturation
https://www.bluemt.com/the-security-worlds-maturation/
Data Breach Concerns Keep CISOs Up At Night
https://www.bluemt.com/data-breach-concerns-keep-cisos-up-at-night/
Personalized Govt Equals Instant Gratification for Citizens
https://www.bluemt.com/personalized-govt-equals-instant-gratification-for-
citizens/

People-Centric Security
https://www.bluemt.com/people-centric-security/
Pentagon Tries BYOD To Strike Work/Life Balance
https://www.bluemt.com/pentagon-tries-byod-to-strike-worklife-balance/
Open Source Model Considered for MS Windows
https://www.bluemt.com/open-source-model-considered-for-ms-windows/
Open Internet: To Be or Not to Be?
https://www.bluemt.com/open-internet-to-be-or-not-to-be/

Malware Stays A Step Ahead Infecting One Third of Websites
https://www.bluemt.com/malware-stays-a-step-ahead-infecting-one-third-of-
websites/
Machine-Generated Data: Potential Goldmine for the CIO
https://www.bluemt.com/machine-generated-data-potential-goldmine-for-the-
cio/
Government Legacy Programs: Reuse vs. Replacement
https://www.bluemt.com/government-legacy-programs-reuse-vs-replacement/
It Takes a Whole Village to Protect Networks and Systems
https://www.bluemt.com/it-takes-a-whole-village-to-protect-networks-and-
systems/

Governance For the CIO
https://www.bluemt.com/governance-for-the-cio/
Help Desk Consolidation – Lessons Learned
https://www.bluemt.com/help-desk-consolidation-lessons-learned/
One Year Later, Companies Still Vulnerable to Heartbleed
https://www.bluemt.com/one-year-later-companies-still-vulnerable-to-
heartbleed/
Federal Projects Cultivate Worker Passion
https://www.bluemt.com/federal-projects-cultivate-worker-passion-2/

ABOUT US
Blue Mountain Data Systems Inc.
Blue Mountain Data Systems Inc. is dedicated to application
and systems development, electronic document management,
IT security support, and the automation of workflow processes.
Read more about our experience here:
>> http://bluemt.com/experience

Recent Experience
U.S. Dept. of Labor
Employee Benefits Security Administration
1994 to Present
Responsible to the Office of Technology and Information Systems for information
systems architecture, planning, applications development, networking,
administration and IT security, supporting the enforcement of Title I of the
Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue
Mountain is responsible for design, development and support for its various
enforcement database management systems, as well as all case tracking and
customer service inquiry systems. Blue Mountain also provides IT security services
to the EBSA, in the form of FISMA Assessment and Authorization, System Security
Plans, Risk and vulnerability assessments, monitoring and investigation support.

MANAGEMENT
Paul T. Vesely
Founder, President, CEO and Principal Architect
Mr. Vesely is a recognized thought leader in systems
architecture and delivery, having designed and
delivered many enterprise wide information and
document management solutions. Mr. Vesely’s history
includes 33 years experience in the information
systems industry, with Unisys, Grumman, PRC and a
host of clients in both government and private sectors.

CONTACT US
Contact Us Today to Discuss Your Next IT Project
HEADQUARTERS
366 Victory Drive
Herndon, VA 20170
PHONE 703-502-3416
FAX 703-745-9110
EMAIL
paul@bluemt.com
WEB
https://www.bluemt.com

Tech Update Summary from Blue Mountain Data Systems June 2017

Recomendados

Recomendados

Mais conteúdo relacionado

Último

Último (20)

Destaque

Destaque (20)

Tech Update Summary from Blue Mountain Data Systems June 2017