Tech Update Summary from Blue Mountain Data Systems November 2016

Blue Mountain
Data Systems
Tech Update
Summary
November 2016

For CTOs, CIOs & CISOs
Visit Blue Mountain Data Systems
https://www.bluemt.com

For CTOs, CIOs & CISOs
Every business day, we publish a Daily Tech Update for Federal & State CTOs ,CIOs & CISOs on the Blue
Mountain Data Systems Blog. We hope you will visit our blog for the latest information.
You can also receive these updates via email. Click here to subscribe.
Here’s the summary of the Daily Tech Updates for November 2016. Hope the information and ideas
prove useful.
Best,
Paul Vesely
President and Principal Architect
Blue Mountain Data Systems Inc.

Encyption
STATES: The Encryption Wars. Although the Federal Bureau of Investigation’s (FBI)
dispute with Apple dominated the news for months this spring, the real encryption
war may only now be simmering, as states battle the federal government over the
right to regulate encryption. Recently, some states have proposed legislation that
aims to require decryption, while members of Congress have started to propose
federal solutions that would directly oppose such state legislation. Read more
[REGBLOG.ORG]

Encyption
PODCAST: Thwarting Attempts to Defeat Encryption in POS Devices. Exclusive,
insightful audio interviews by Government Info Security staff with
government/security leading practitioners and thought-leaders. Find out more
[PODBAY.FM]
READ: Encryption Policy in the Modern Age: A Not So Simple Debate. Stanford
University researchers shared the fruits and frustrations of their efforts to clarify
the government’s current practices around the encryption of electronic devices
during a Crypto Policy Project event Nov. 2. Read the rest
[GOVTECH.COM]

Encyption
VIDEO: Apple CEO Tim Cook Refuses to Bypass Encryption on iPhone For FBI and
Federal Government. Apple (APPL) CEO Tim Cook refuses to allow the United
States Federal Government and the FBI to gain a “backdoor” to iOS in their
attempt to hack into the cellphone of the San Bernardino terrorists, who attacked
a Christmas Holiday party in December of 2015, killing 14 people. The Federal
Government, via US Magistrate Sheri Pym, ordered Apple to provide the necessary
information to crack the cellphone on Tuesday, February 16, 2016. Many see this
case as yet another battle in the constant war of security vs. privacy in the United
States. Some say that security should be tantamount to American patriotism, and
that it should be upheld at all costs, above all (über alles) as Donald Trump said.
There are others, such as former CIA employee Eric Snowden, who say that privacy
should not be sacrificed in the name of security, because at a certain point, it
becomes domestic spying. Find out more
[YOUTUBE.COM]

Federal, State & Local IT
FEDERAL: Accelerating Federal Digital Government in the Age of Trump. The
reality is that government customers expect anything they need to be available on
any device they’re using, at any hour - no matter who is in the White House. Read
more
[GOVTECH.COM]
ILLINOIS: 3 Ways Illinois IT is Preparing for the Future. With an eye for
partnerships and a passion for his work, Illinois CIO Hardik Bhatt is looking ahead
to new opportunities for his state. Find out more
[GOVTECH.COM]

CALIFORNIA: Tech Leaders Plan to Develop IT Procurement Road Map. California
CIO Amy Tong and Deputy CIO Chris Cruz aim to help navigate procurement
challenges and opportunities. Find out more
[GOVTECH.COM]
LOCAL: Banding Together - 6 Challenges Shared by City CIOs. CIOs from six cities in
New York convene annually to have open conversations in a closed, trusted space
to share ideas, discuss common challenges and brainstorm potential solutions. This
is a snapshot of selected conversations from the group’s annual meetings. Read
the rest
[GOVTECH.COM]

COLLABORATION: Technology Gives Police and Public Safety Agencies the Upper
Hand. Cities put common IT infrastructure to work in the ongoing effort to prevent
and reduce criminal activity. When a suspicious person or activity happens at
Newburgh, N.Y.’s City Hall, police are notified directly. City employees can push a
button to silently page the nearby police department in an emergency, one of
many new features available since the city upgraded its communications
infrastructure, adding new IP phones, paging and emergency notification software
on top of a new Cisco Systems phone system. Find out more
[STATETECHMAGAZINE.COM]

Databases
MySQL: Admins, Update Your Databases to Avoid the MySQL Bug. Two critical
privilege escalation vulnerabilities in MySQL, MariaDB, and Percona Server for
MySQL can help take control of the whole server, which is very bad for shared
environments. Read more
[INFOWORLD.COM]
SECURITY: Cerber Ransomware Now Targets Databases. Security company McAfee
warns that the cybercriminals behind the Cerber ransomware have begun to target
businesses as well as individuals by encrypting their databases until payment is
received. Find out more
[BETANEWS.COM]

Databases
FEDERAL GOVERNMENT: New DOJ Database to Track Police Shooting Deaths,
Address Implicit Bias. The U.S. Department of Justice is committing $750,000 to
establish a national database of police-related shootings. It will be the first of its
kind and, said Federal Bureau of Investigation Director James B. Comey, aims to
resolve an “embarrassing” predicament: The federal government often lacks up-to-
date information on police-involved shootings. Find out more
[TRIPLEPUNDIT.COM]

Databases
GAO: Agencies Need More Access to Databases to Stop Improper Payments. The
Government Accountability Office says agencies are only getting partial or no
access to information they need to help stop improper payments. The system
developed by the Treasury Department and Office of Management and Budget to
reduce improper payments doesn’t give agencies full access to databases they
need to do so. The Government Accountability Office said the Do Not Pay working
system offers only partial or no access to three of the six databases required by the
Improper Payments Elimination and Recovery Improvement Act of 2012. The
blockages mostly result from other regulations prohibiting unauthorized access to
information within those databases. Read the rest
[FEDERALNEWSRADIO.COM]

More About Blue Mountain
BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S.
Dept. of Labor, Employee Benefits Security Administration. Responsible to the
Office of Technology and Information Systems for information systems
architecture, planning, applications development, networking, administration and
IT security, supporting the enforcement of Title I of the Employee Retirement
Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for
design, development and support for its various enforcement database
management systems, as well as all case tracking and customer service inquiry
systems. Blue Mountain also provides IT security services to the EBSA, in the form
of FISMA Assessment and Authorization, System Security Plans, Risk and
vulnerability assessments, monitoring and investigation support. Read more.

Electronic Document Management

SECURE DOCUMENTS: 18 Ways to Secure Your Electronic Documents. Electronic
Document Management Systems (EDMS) are electronic repositories designed to
provide organized, readily retrievable, collections of information for the life cycle of
the documents. How can you keep these electronic files secure during the entire
chain of custody? Here are 18 security suggestions. Read more
[BLUEMT.COM]
LEGAL DEPT DOCUMENT MANAGEMENT: Investing in New Technologies: How
Corporate Legal Departments Are Leading the Way. Many departments are looking
to technology to assist with automation of processes, resource and budgetary
management, and tracking. Connie Brenton, co-founder of Corporate Legal
Operations Consortium (CLOC), a non-profit association of legal operations
executives, explains, “Corporate executives expect the GC’s office to be a business
counselor to the firm, and to discuss numbers, data and analytics. Efficiency is now
essential for legal departments, and this has advanced software’s role and
accelerated technology adoption.” Find out more
[INSIDECOUNSEL.COM]

CFPB: Looks to Embrace Cloud for Email, Office Application Needs. The Consumer
Financial Protection Bureau wants to move to a public cloud setup for some of its
core enterprise apps. The financial watchdog agency recently sent out a Request
for Information (RFI) on the process, technical requirements and costs of moving to
cloud services in fiscal year 2017. CFPB wants to establish a more complete
understanding on the costs associated with moving fully to a cloud solution for
email and office applications (e.g., documents, spreadsheets, presentations,
SharePoint and more).Read the rest
[FEDTECHMAGAZINE.COM]

ROI: 4 Ways Business Document Management Software Can Save You Money. Lisa
Croft, Group Product Marketing Manager at Adobe Document Cloud, talks about
the many ways business document management can save your company time,
space, and more importantly, loads of money. Here are the four most obvious ways
these tools provide excellent return-on-investment. Read more
[PCMAG.COM]

Security Patches
WHY: Users Should Avoid Microsoft’s Newly Released Preview Windows Patches.
Microsoft’s new monthly patching cadence include ‘previews’ that are not for
general consumption, including KB 3197869. Read more
[INFOWORLD.COM]
ANDROID: Linux users already got a fix for “Dirty Cow.” Android users aren’t so
fortunate. Find out more
[ARSTECHNICA.COM]

Security Patches
JAVA: Java SE 8u102 Update Is Latest Security Patch. If you’re wondering when
Java 9 will be released, it won’t be until March 2017, making Java 8 the latest
stable version available. However, despite its stable release, patches are
occasionally released to deal with situations as they arise. Find out more
[NEUROGADGET.NET]
ORACLE: Quarterly Critical Patch Update Is Another Whopper. Oracle Corp.’s
latest quarterly Critical Patch Update (CPU), issued in October, was the second-
largest ever, providing fixes for 253 security vulnerabilities for 76 of the company’s
products, including seven security updates for Java SE 6, 7 and 8, and eight for the
Java EE-based WebLogic and GlassFish application servers. Oracle’s July CPU
provided fixes for a record 276 security flaws in the company’s products. Read the
rest
[ADTMAG.COM]

Security Patches
WINDOWS: 5 Critical Updates for October Patch Tuesday. October’s change of
season brings a fundamental change to how Microsoft presents and delivers
updates to Windows 7 and 8.x systems. As of this month, Microsoft will now
follow the Windows 10 cumulative update model for all currently supported
versions of Windows platforms — including Windows 7 and 8.x systems. This is a
big departure from a more granular approach using individual updates and
patches. Microsoft will now “roll-up” security, browser and system component
(.NET) into aggregate patches. This month Microsoft has released ten updates
with five rated as critical, four rated as important and one update with a lower
security rating of moderate. This release cycle includes several “Patch Now”
updates for IE, Edge, Adobe Flash Player and a small component of Microsoft
Office. All of these patches will require a restart. Find out more
[COMPUTERWORLD.COM]

For the CIO, CTO & CISO
CTO: What We Can Do To Prevent The Next Major DDOS Attack? Steve Herrod,
Managing Director at General Catalyst, Former CTO of VMWare, answers the
question: “What Are the Biggest Issues in Cyber Security in 2016?” Read more
[FORBES.COM]
CIO: U.S. CIO Releases Proposed Guidance to Modernize Federal IT. The proposed
guidance asks agencies to develop and implement targeted modernization plans for
specific high-risk, high-priority systems, and to do so in four phases. Find out more
[GOVTECH.COM]

CIO, CTO & CISO
CISO: What the Federal CISO Needs to Get the Job Done. The selection of Brig.
Gen. Gregory J. Touhill (ret.) as the first federal chief information security officer
is a key part of the President’s Cybersecurity National Action Plan. With the
election a week away, it’s not clear how long Touhill will be holding the post.
Irrespective of who occupies the hot seat, however, the critical question is
whether the federal CISO will have at his or her disposal the tools and
authorities necessary to get the job done. Without them, the country will end up
with a CISO in name only. Find out more
[FCW.COM]

CIO, CTO & CISO
FUTURE: 3 Ways to Better Predict the Future in Your Enterprise. Data can help
governments solve specific problems and prepare for major events. Wayne
Gretzky once said, “A good hockey player plays where the puck is. A great hockey
player plays where the puck is going to be.” But how can government leaders
move from good to great with technology and security? Where will the “puck”
be for your business area? Read the rest
[GOVTECH.COM]

Penetration Testing
ANALYTICS: The New Security Mindset: Embrace Analytics To Mitigate Risk.
Merely conducting a penetration test may find a weakness. But conducting a
creative analysis of the network and carefully analyzing the results will truly
identify key areas of risk. Security professionals who can sniff out abnormalities
in their IT network and applications can foil intruders’ plans before they escalate.
This is a far different approach than simply finding a single weakness and then
declaring “mission accomplished.” Read more
[DARKREADING.COM]

Penetration Testing
HOW TO: Respond to Social Engineering Incidents: An Expert Interview. Steven
Fox is a top government cybersecurity expert, Distinguished Fellow with the
Ponemon Institute and frequent speaker at top security events all over America.
In this exclusive interview, Steven shares several low-tech but sophisticated
social engineering techniques that hackers use to gain (unauthorized) privileged
access into government systems and large and small company networks. Most
important, what can we do to prevent fraud and respond to incidents that do
occur? Find out more
[GOVTECH.COM]
TOOL: Where’s the BeEF? BeEF is short for The Browser Exploitation Framework.
It is a penetration testing tool that focuses on the web browser. Read more
[GITHUB.COM]

Penetration Testing
RISK MANAGEMENT: The Truth About Penetration Testing Vs. Vulnerability
Assessments. Vulnerability assessments are often confused with penetration
tests. In fact, the two terms are often used interchangeably, but they are worlds
apart. To strengthen an organization’s cyber risk posture, it is essential to not
only test for vulnerabilities, but also assess whether vulnerabilities are actually
exploitable and what risks they represent. To increase an organization’s
resilience against cyber-attacks, it is essential to understand the inter-
relationships between vulnerability assessment, penetration test, and a cyber
risk analysis. Find out more
[SECURITYWEEK.COM]

Open Source
HATCHIT: An Open Source Game Engine. More students are learning about the
world of open source through video games. Open source games like FreeCiv and
Minetest invite young gamers to dig into the source code, while projects like
SpigotMC empower them to write plugins to extend their favorite games.
Unfortunately, the open source tools used to build games do not share the same
prominence. Rochester Institute of Technology student Matt Guerrette hopes to
help change that with Hatchit, his open source gaming engine. Read more
[OPENSOURCE.COM]
WHITE HOUSE: Open-Sources Chatbot. The White House opened the source
code for the first government bot on Facebook Messenger in the hope that other
governments and developers will use it to build similar services and foster online
interactions with their citizens. Read the rest
[FCW.COM]

Open Source
NETWORKS: Securing the Future of Federal Networks with Open Standards.
Back in the early 1940s, General Dwight Eisenhower, while tasked to build an
Army, mandated the consolidation of weaponry, equipping soldiers with M1
Garand semi-automatic rifles. It was a controversial and disruptive move that
upended the traditional way things were done; the relationship between an
infantryman and his weapon was not one to be trifled with lightly. It was
necessary action that ultimately provided a sound foundational building block
for World War II combat and beyond. Today’s version of consolidation looks like
the Defense Information Systems Agency’s Joint Information Environment
initiative, which is converging various networks while bringing together disparate
technologies. Those technologies have to work together if DISA is to achieve its
ultimate goal of a consolidated and more efficient and cost-effective network.
Juniper’s Tim Solms explains why it’s important for modern mission-critical
systems to be built on open source code. Find out more
[FEDSCOOP.COM]

Open Source
TOOLS: Open Source Software Matches Benefits to Eligible Recipients. State
agencies can now leverage an open source tool to help ensure that individuals
eligible for income-based human service benefits actually receive them. The
software is Benefit Assist, and it was first launched in 2015 by Intuit for that
company’s TurboTax users. Benefit Assist sifts through tax information to help
determine a person’s eligibility for benefits from programs such as the
Supplemental Nutrition Assistance Program, Medicaid and Medicare.. Find out
more
[GCN.COM]

Business Intelligence
INFORMATION MANAGEMENT: Operational Business Intelligence Sees a Surge in
Use. This year saw a surge in the use of business intelligence in production and
operations departments, and customer analysis emerged as the number one
investment area for new business intelligence projects. Those are two of the finding
of the new BI Survey 16 from the Business Application Research Centre (BARC), and
analyst and consulting firm for enterprise software, with a focus on business
intelligence, data management, enterprise content management, customer
relationship management, and enterprise resource planning. Read more
[INFORMATION-MANAGEMENT.COM]

STUDY: Strong Data Governance Enables Business Intelligence Success, Says
Forbes Insights Study. According to a report by Forbes Insights, in association with
Qlik, “Breakthrough Business Intelligence: How Stronger Governance Becomes a
Force for Enablement,” organizations report that they are obtaining breakthrough
returns from investments in business intelligence (BI). Yet companies worry they
may be leaving too much potential BI-generated performance on the table; fewer
than half feel they are gaining full benefit from their programs. Key concerns: less
than optimal adoption rates, lingering silos, multiple “versions of the truth” and
security. Find out more
[FORBES.COM]

TRENDS 2017: Business Intelligence Trends for 2017. Analyst and consulting firm,
Business Application Research Centre (BARC), has come out with the top BI trends
based on a survey carried out on 2800 BI professionals. Compared to last year, there
were no significant changes in the ranking of the importance of BI trends, indicating
that no major market shifts or disruptions are expected to impact this sector. Find
out more
[READITQUIK.COM]
INTERVIEW: Enterprise Risk Management Properly Implemented Could
Strengthen Decision Making. Sheila Conley, deputy assistant secretary and deputy
chief financial officer at the Department of Health and Human Services, answers
the question, “What do you think is the most important change the government
needs to make in the next 5 years?” Read the rest

Operating Systems
FEDERAL TECHNOLOGY: 6 Items That Should Be on the New Federal CISO’s To-Do
List. In his final budget proposal, President Barack Obama highlighted cybersecurity
as a top priority and proposed a new position for the federal government: a chief
information security officer. Read more
[NEXTGOV.COM]
FEDERAL GOVERNMENT: U.S. Government Agencies Are Still Using Windows 3.1,
Floppy Disks and 1970s Computers. Lawmakers push US agencies to replace
outdated IT systems. Find out more
[PCWORLD.COM]

Operating Systems
PODCAST: Pacific Exchanges Podcast: Regulating Fintech in Singapore. The first
episode in the series of Pacific Exchanges examines the development of financial
technology – commonly known as “FinTech” – in Asia, assessing how technology
impacts the financial system, affects access to finance, and changes the competitive
landscape for banks. With experts like the Chief Fintech Officer of Singapore’s
central bank, a senior officer at the Bill & Melinda Gates Foundation involved in
technology-enhanced financial inclusion, and a Stanford University scholar focused
on FinTech’s potential for small business lending, we discuss what makes financial
technology in Asia so unique and exciting. Find out more
[FRBSF.ORG]

Operating Systems
MICROSOFT: Windows is the Most Popular Operating System in the US, According
to the Federal Government. According to the federal government’s Digital Analytics
Program (DAP), Windows is the most popular end-user operating system. According
to the analytics report, Windows is the top operating system with 58.4% of all
government website visitors in the United States. The analytics report also reveals
that the most popular Windows version is Windows 7 (41.5%), followed by
Windows 8 (9.8%) and XP (3.4%). Read the rest
[MSPOWERUSER.COM]

Incident Response
CYBERSECURITY: Finalizing Cyber Incident Response Might Be Easier Than
Deciding When to Use It. One of the provisions of Presidential Policy Directive 41 is
updating the interim National Cyber Incident Response Plan drafted in 2010. The
revised plan is on target to be completed by the end of the year, but one question it
cannot clearly address is the circumstances under which it should be put into
action. Read more
[FCW.COM]
PHISHING: 4 Strategies for Foiling Phishing Attacks. Organizations can throw more
technology at the problem but some phishing emails will still evade the filters.
Despite repeated warnings, employees continue to open email attachments or click
on links from unfamiliar sources. Here are four strategies for securing organizations
against phishing attacks. Find out more
[CSOONLINE.COM]

Incident Response
HEALTH IT SECURITY: HIMSS Praises DHS National Cybersecurity Response Plan.
The recent National Cyber Incident Response Plan from the Department of
Homeland Security is a critical step forward, but could be strengthened in a few
areas. Understanding the dimensions of potential cyber threats and providing
better clarification on what equates a significant cyber incident are two suggestions
the Healthcare Information Management Systems Society (HIMSS) provided to the
Department of Homeland Security (DHS) on its recent cybersecurity response plan.
Find out more
[HEALTHITSECURITY.COM]

Incident Response
DHS: Races to Get Obama’s Signature on Cyber Response Plan. The Homeland
Security Department wants to make sure an updated plan for how the government
responds to major cyberattacks is set in stone before President Barack Obama
leaves office. “The alternative is leaving the country with a 6-year-old interim plan
while a new presidential administration settles in and forcing final approval of the
new plan to battle for attention with hundreds of other priorities facing a new
administration,” said Bridgette Walsh, a cyber branch chief with DHS’ National
Protection and Programs Directorate. Read the rest
[NEXTGOV.COM]

Incident Response
DHS: Last Chance to Comment on DHS’s National Cyber Incident Response Plan.
The Department of Homeland Security is currently soliciting public feedback on its
National Cyber Incident Response Plan (NCIRP) refresh, a strategic framework
described as “a nationwide approach to cyber incidents, to talk about the important
role that private sector entities, states, and multiple federal agencies play in
responding to cyber incidents and how those activities all fit together.” Read more
[FEDERALTIMES.COM]
NETWORK SECURITY: 2 Do’s and 2 Don’ts of Incident Response and Anomaly
Detection. Anomaly detection is growing in popularity as organizations get
proactive about incident response. These practices help you get the most out of
anomaly detection. Find out more
[ESECURITYPLANET.COM]

Incident Response
PLANNING: Five Tips for Creating a Practical Incident Response Plan. Regardless of
the size of an organization, having a comprehensive approach to incident response
is essential if the company wishes to survive the attack and reduce the impact and
cost of recovery. Most importantly, the IR plan should be practical enough for the
organization to act rapidly and effectively in the event of a compromise. When
designing an incident response plan, organizations should start with these five tips.
Find out more
[ITPROPORTAL.COM]
LEGAL: Introducing the Cybersecurity Reference Model. Cybersecurity has
penetrated our everyday existence, entertainment, and individual concern, but little
has been written to help the legal community understand the roles and
opportunities within this burgeoning corner of the job market. Read the rest
[INSIDECOUNSEL.COM]

Tech Research News
MIT: Cache Management Improved Once Again. New version of breakthrough
memory management scheme better accommodates commercial chips. A year
ago, researchers from MIT’s Computer Science and Artificial Intelligence
Laboratory unveiled a fundamentally new way of managing memory on
computer chips, one that would use circuit space much more efficiently as chips
continue to comprise more and more cores, or processing units. In chips with
hundreds of cores, the researchers’ scheme could free up somewhere between
15 and 25 percent of on-chip memory, enabling much more efficient
computation. Their scheme, however, assumed a certain type of computational
behavior that most modern chips do not, in fact, enforce. Last week, at the
International Conference on Parallel Architectures and Compilation Techniques –
the same conference where they first reported their scheme – the researchers
presented an updated version that’s more consistent with existing chip designs
and has a few additional improvements. Read more
[NEWS.MIT.EDU]

Tech Research News
REPORT: Digital Readiness Gaps. According to Pew Research Center, Americans
fall along a spectrum of preparedness when it comes to using tech tools to
pursue learning online, and many are not eager or ready to take the plunge. Find
out more
[PEWINTERNET.ORG]
DOD: Ashton Carter – Cyber Tech, Automation, Biological Research Essential for
DoD Missions. Defense Secretary Ashton Carter has said automated systems,
cyber technology and biological research efforts are necessary to keep the
Defense Department moving forward. Find out more
[EXECUTIVEGOV.COM]

Tech Research News
FITNESS TRACKING: Weight Loss On Your Wrist? Fitness Trackers May Not Help.
Fitness trackers remain wildly popular, but do they make us fit? Maybe not,
according to a study that asked overweight or obese young adults to use the tiny
tracking tools to lose weight. Read the rest
[NPR.ORG]

Search Technology
SOLR: Not Just For Text Anymore. When Solr came out, it was supposed to be an
OpenSource text search engine. Now it has a big place in Big Data. Read what
Ness's CTO, Moshe Kranc has to say about how it has evolved. Read more
[DZONE.COM]
INGALLS: Spring Data 'Ingalls' Release Train Leaves Station. The Spring Data team
has announced the first milestone release of the Ingalls Release Train. This
coordinated release of subprojects under the Spring Data umbrella ships with 230
fixes and a number of new features. Find out more
[ADTMAG.COM]

Search Technology
GOOGLE: Announces New Cloud Natural Language API While Cloud Search API Goes
Beta. Google says that the Cloud Natural Language API gives developers access to
three Google-powered engines– sentiment analysis, entity recognition, and syntax
analysis. The service is currently available in open beta and is based on the
company’s natural language understanding research. It will initially support three
languages– English, Spanish and Japanese and will help developers reveal the
structure and meaning of your text in the given language. Read more
[THETECHPORTAL.COM]
AMAZON: Amazon EC2 Container Service Now Supports Networking Modes and
Memory Reservation. Docker networks provide isolation for your containers. It is
important to have control over the networks your applications run on. With
Amazon ECS, you can now specify an optional networking mode for your containers
that cater towards different use cases. Find out more
[DABCC.COM]

Application Development
IoT: Why App Development Is The Key To Unlocking The IoT Vault. Solution
providers are positioning themselves for success in the lucrative Internet of Things
market by bolstering their application development teams. Companies bringing IoT
solutions to market face several hurdles, including interoperability, security and
data management challenges – and staffing up with IoT application developers is
critical for tackling these issues. Read more
[CRN.COM]
SDKS: How Imaging SDKs Can Solve Today’s Application Development Challenges. In
a mobile-first world, developers understand the importance of creating a next-
generation app that fits in with client or user expectations. Developers should
consider the myriad of SDK options if they want to improve functionality for the
user, especially imaging SDKs. Although they are a niche market, these SDKs can
add better imaging capabilities and target industry-related problems that
companies are trying to tackle. Find out more
[SDTIMES.COM]

Application Development
SECURITY: Application Security Requires More Talk Than Tech. If you think
application security only involves installing a tool, or scanning a few apps and
moving on, you’re wrong. Application security is a unique security initiative, and its
success hinges on people as much as technology. Read more
[INFOWORLD.COM]
SPEED: How to Speed Enterprise App Development and Meet Digital
Transformation Demands. Low-code platforms are key in accelerating digital
transformation with rapid application development. Find out more
[INFORMATION-AGE.COM]

BYOD
FEDERAL BYOD: The Mobile Security Conundrum. There are currently more than 7.7
billion mobile connections around the world. Thanks to the Internet of Things, it is
predicted that the number of connected devices will reach an astounding 20.8 billion
by 2020. With the average number of mobile devices owned per person currently
estimated at 3.64, those devices are becoming necessary equipment for today’s
workers. Read more
[GCN.COM]
VIDEO: The BYOD Initiative: How Public and Private Sector Industries Manage
BYOD. In today’s digital IT landscape, one trend that will continue to garner heavy
steam and frequent notice is the consumerization of IT, where personal and popular
consumer market technologies and devices make their way into a workplace that
supports the Bring Your Own Device (BYOD) initiative. Find out more
[YOUTUBE.COM]

BYOD
IT STRATEGY: Employees Feel Pressure to Use Personal Smartphones at Work.
Businesses are encouraging employees to use personal devices for work purposes,
but according to a recent survey, without a proper BYOD strategy and reimbursement
plan in place, it might be decreasing productivity. Find out more
[CIO.COM]
READ: Federal Agencies Behind the Curve: IoT and BYOD. The rate at which
technology evolves has increased rapidly in past years. The pace of change presents a
challenge to all levels of government that must quickly react to nascent technologies.
Bring Your Own Device (BYOD) and the Internet of Things (IoT) are two such
technological trends that have transformed how business operates in the United
States and should change the way that government functions as well. Read the rest
[BROOKINGS.EDU]

Big Data
CASE STUDY: You Don’t Need Big Data – You Need the Right Data. Our relentless
focus on the importance of big data is often misleading. Yes, in some situations,
deriving value from data requires having an immense amount of that data. But the
key for innovators across industries is that the size of the data isn’t the most critical
factor – having the right data is. Read more
[HBR.ORG]
SECURITY: Mitigating the Security Risks of Big Data. Big data implementations are
complex, multi-level stacks, encapsulating some of an organization’s most
important and sensitive data. As such, when these deployments go into production,
they create a high-risk asset. And herein lies the challenge for IT organizations:
securing access to big data while still providing end user access for extracting
valuable business insights. Here are three big data security risks and a simple
approach to mitigating them. Find out more
[CIO.COM]

Big Data
LITTLE DATA: Forget Big Data – Little Data Is Making Learning Personal. According
to Bob Wise, president of the Alliance for Excellent Education, a nonprofit that
advocates for high school education reform, little data – and how teachers use it –
is the key to making learning as individualized as possible. Classroom technologies
make it easier than ever to collect information on students. Now, teachers must
figure out the best way to analyze that data and put it to good use. Find out more
[WIRED.COM]
UPDATES: 5 Key Points When Presenting Big Data Project Updates to the Board.
It’s easy to be so focused on the daily chores of managing a big data project that
you forget to keep the board in the loop. Never take the board’s endorsement for
granted. Read the rest
[TECHREPUBLIC.COM]

Mobile Applications
INTERVIEW: Why Developers Benefit When Implementing a Cloud Backend into
Apps. Here’s an interview with Ashruti Singh, Product Marketing Manager for SAP
HANA Cloud Platform at SAP, who discusses how app developers stand to benefit
from implementing mobile cloud back ends into their programs and where she sees
the future of mobile app development heading in 2017. Read more
[APPDEVELOPERMAGAZINE.COM]
FED TECH: Why Citizen Input is Crucial to the Government Design Process. As
digital technology practices such as modular procurement and DevOps become
widely adopted across government, the gap between IT and operations is closing
and benefits from the new approach are becoming clearer each day. Now,
government must take the next step: close the gap between citizen-specific needs
and the process for designing, developing and deploying digital government.
Find out more
[NEXTGOV.COM]

Mobile Applications
MANAGEMENT: Organizations Need to Balance Value and Security When
Adopting New Mobile Devices. As new products hit the market, enterprises must
decide whether to introduce the device or wait. Find out more
[FEDTECHMAGAZINE.COM]
CLOUD: Will Digital Economy Create A Developer Shortage? As more companies
seek to transform themselves digitally and effectively become software companies,
some are going to have trouble filling “the developer gap,” according to a Cloud
Foundry report. Read the rest
[INFORMATIONWEEK.COM]

IT Management
PERFORMANCE: Why Performance Management Is Dead & Performance
Motivation Is Here To Stay. How's your team performing? Before you start the
process of performance evaluations, take 10 minutes and discover why performance
management is dead and performance motivation is here to stay. Read more
[FORBES.COM]
CXO: 3 Survival Skills for Reluctant IT Managers. Textbook management practices
don't always work in IT disciplines. Here are some strategies for tech professionals
who find themselves in a management role. Find out more
[TECHREPUBLIC.COM]

IT Management
LEGAL: How to Avoid Failure by Design. When it comes to technology projects,
lawyers have a dual role. Firstly, to help the parties convert the commercial deal into
a robust contract. Secondly, to help identify what could go wrong and make sure that
the contract has appropriate mechanisms to deal with failures and disputes. This
second role is particularly essential because the evidence shows that many
technology projects do fail. Projects are delayed, exceed budget, and/or don’t deliver
technology that meets the customer's needs. Find out more
[COMPUTERWORLDUK.COM]

IT Management
SLIDESHOW: Why Managers Lack Confidence in Their Firm's Data. Nearly all
managers lack complete confidence in their company's data, according to a recent
survey from Experian Data Quality. The accompanying report, "Building a Business
Case for Data Quality," indicates that, despite the trust issues, it often takes many
months for companies to approve data quality initiatives. Meanwhile, IT managers
overseeing these efforts struggle to deal with large data volumes, human error and a
lack of data standardization. Read the rest
[BASELINEMAG.COM]

Programming & Scripting Development
Client & Server-Side

JAVA & JAVASCRIPT: PurpleJS Unites Java, JavaScript Development. The
framework lets developers write apps in JavaScript that run on the JVM using Java
as the runtime. Read more
[INFOWORLD.COM]
PHP: Peachpie Open Source PHP to .NET Compiler. Peachpie is a new open source
PHP language to .NET compiler, which aims at full PHP 7 compatibility. Looking at it
gave us the opportunity to revisit the state of dynamic language interoperability on
the .NET platform and consider the practical advantages that arise out of this
atypical symbiosis of dynamic and static languages under the same roof. Find out
more
[I-PROGRAMMER.INFO]

PYTHON: 5 Wicked-Fast Python Frameworks You Have to Try. Faster, simpler,
more “Pythonic” — those are the rallying cries for each new web framework in the
Python ecosystem. There’s nothing wrong with tried-and-true solutions, but the
big leap from Python 2 to Python 3 has brought all sorts of potential
improvements, including a powerful asynchronous event framework that’s perfect
for network libraries. Here are five recently minted web and network frameworks
for Python that ramp up the speed, take advantage of new breakthroughs, and
provide fresh spins on old ideas. Find out more
[INFOWORLD.COM]

C#: Projects Seek To Extend Reach of C#. Apple’s young Swift programming
language is getting a lot of attention and being put to new uses as it evolves, but
Microsoft’s .NET stalwart C# language isn’t exactly sitting still. For example, several
projects seek to extend the reach of the language by converting C# code into other
languages, such as C++ and JavaScript. Here’s a look at two of those projects
recently in the news that provide such translation, albeit for quite different
purposes: CoreRT and Bridge.NET. Read the rest
[ADTMAG.COM]

Cloud Computing
FED GOVERNMENT: Microsoft Eyes Most-Trusted Status in Government Cloud
Computing. Microsoft Corp. will open two isolated cloud-computing centers in Texas
and Arizona this year to securely host sensitive U.S. Department of Defense data,
providing insight into the company’s federal business strategy. Read more
[ABOUT.BGOV.COM]
VIDEO: Microsoft Cloud for Government. Doug Hauger, General Manager for
National Cloud Programs at Microsoft, announces the launch of Microsoft Azure
Government, the upcoming availability of CRM Online Government, and Office 365
Government. Together, they make up the Microsoft Cloud for Government which
meets the requirements and addresses the needs of U.S. Federal, State, and Local
Government organizations. Find out more
[YOUTUBE.COM]

Cloud Computing
PODCAST: Cloud Computing: The Security Concerns. Exclusive, insightful audio
interviews by Government Info Security staff with government/security leading
practitioners and thought-leaders. Find out more
[PODBAY.FM]
FEDERAL AGENCIES: Cloud Adoption Finally on the Rise. Cloud adoption by U.S.
government agencies is rising fast, with Amazon seeing growth of 221 percent year-
on-year for its Amazon Web Services (AWS) GovCloud since it launched in late 2011,
according to Fortune. Similarly, Microsoft has seen high levels of growth, with 5.2
million users of Microsoft Cloud for Government. Interest is particularly high for
capabilities that government agencies are lacking in-house, such as cloud computing
for big data analytics, deep learning and natural language processing capabilities to
examine data for patterns and anomalies. Read the rest
[INSIGHTS.SAMSUNG.COM]

Cloud Computing
TRENDS: 6 Trends That Will Shape Cloud Computing in 2017. Public, private and
hybrid cloud implementations will accelerate in 2017 as CIOs seek to take advantage
of the cloud’s economies of scale to build core applications. Read more
[CIO.COM]
AMAZON: Cloud Computing Remains Secure. Amazon.com Inc.’s top cloud
computing executive said that even with last week’s massive internet outages, the
web remains the most secure place for companies to run their computing. Amazon
Web Services CEO Andy Jassy said that for most companies, security is “priority
zero.” Find out more
[WSJ.COM]

Cloud Computing
NETWORKS: Your Network, IoT, Cloud Computing and the Future. Anyone in charge
of a network has to think about how that network will evolve. Find out more
[NETWORKWORLD.COM]
READ: Cloud Investments & the Future of Cloud Computing. The cloud industry is
evolving – a point that is made abundantly clear by the scope of industry
investments being made today. In the early days of cloud, investments went toward
companies that were working to create acceptable usable cloud experiences for
users. These companies were focused on fundamentals, such as cloud security and
cloud maintenance. Read the rest
[ENTERPRISETECH.COM]

Personal Tech
NEW TECH: Top 10 Emerging Technologies in the Digital Workplace. Multiple
industry dynamics are aligning to create the conditions for an explosion of
employee-facing technology. Developments in text analytics, natural-language
processing, data science and the Internet of Things (IoT), for example, can be
combined in novel ways to produce work tools capable of creating substantial
competitive advantage. Read more
[FORBES.COM]
VIDEO: How to Salvage Your Worn iPhone Cords. Are you sick of spending money
on new iPhone cables? WSJ’s Michael Hsu has a festive fix for cords that need
mending. Find out more
[WSJ.COM]

Personal Tech
LISTEN: Gadget Lab Podcast from Wired.com – Human Enough. We’re spending a
lot of time talking to our devices. They’re talking back, too – products like Google
Home and Amazon Echo can answer questions, give us helpful information, and tell
stupid jokes. But what’s the end result of all this gabbing? Smarter AI assistants,
sure. But the way we bark commands at our voice-controlled tech and treat the
devices like lowly machines … is that making us ruder? Should we design the
computers to talk to us more like humans in order to encourage empathy, or should
we keep them cold and machine-like so we don’t get unhealthily attached? Is this
even a problem? Find out more
[WIRED.COM]
GOOD QUESTION: What About the Personal Data on Those Millions of Recalled
Note7s? Expert notes ‘unprecedented’ recall where users were told to stop using
Note7, leaving no time to delete info. Read the rest
[COMPUTERWORLD.COM]

Personal Tech
TIPS: Cybersecurity Awareness Month Tips for Online Security. Never forget that
any kind of business or work you do online — including email, shopping, social
media sites, and surfing – warrants some level of scrutiny. So spend some time
during Cybersecurity Awareness Month thinking about what you need to do to make
yourself less vulnerable to attack as you use the Internet. Find out more
[COMPUTERWORLD.COM]

IT Security | Cybersecurity
MARKETS: Wall Street Frets About Cybersecurity as U.S. Demands More Data.
Firms say numerous breaches at federal agencies are a cause of concern that
government won’t be able to safeguard information. Read more
[WSJ.COM]
PRACTICAL TIPS: For Cybersecurity This Cyber Monday. Cyber Monday has become
so embedded in our online shopping culture that many may not remember a time
without it – yet it’s quite a contemporary holiday tradition. As ubiquitous as its
current presence, so too are its security warnings. For most of us, these warnings
are mainstays of the modern online era. Here’s a quick refresher. Find out more
[FORBES.COM]

IT Security | Cybersecurity
FEDERAL GOVERNMENT: Government Resiliency: Pillars of Cybersecurity.
Innovation and cybersecurity are in a head-on collision in the federal government.
The growing use of connected devices under the moniker Internet of Things (IoT),
the move to the cloud and what seems to be the ever growing expansion of mobile
devices is causing government and industry alike to rethink how to be cyber secure,
while also not stifling innovation at the same time. Find out more
SECURITY: Government in Competition with Private Sector for Cybersecurity
Experts. In the federal government’s push to expand cybersecurity training, it has
targeted all levels of education and designated nearly 200 colleges and universities
as National Centers of Academic Excellence in Cyber Defense. Read the rest
[GOVTECH.COM]

From the Blue Mountain Data Systems Blog
Personal Tech
https://www.bluemt.com/personal-tech-daily-tech-update-october-28-2016
IT Management
https://www.bluemt.com/it-management-daily-tech-update-october-27-2016
https://www.bluemt.com/business-intelligence-daily-tech-update-october-26-
2016
Incident Response
https://www.bluemt.com/incident-response-daily-tech-update-october-25-2016

Security Patches
https://www.bluemt.com/security-patches-daily-tech-update-october-24-2016/
BYOD
https://www.bluemt.com/byod-daily-tech-update-october-21-2016/
Databases
https://www.bluemt.com/databases-daily-tech-update-october-20-2016/
Operating Systems
https://www.bluemt.com/operating-systems-daily-tech-update-october-19-
2016/

Encryption
https://www.bluemt.com/encryption-daily-tech-update-october-18-2016/
Cloud Computing
https://www.bluemt.com/cloud-computing-daily-tech-update-october-17-2016/
Programming & Scripting
https://www.bluemt.com/programming-scripting-daily-tech-update-october-14-
2016/
Incident Response
https://www.bluemt.com/incident-response-daily-tech-update-october-13-
2016/

Cybersecurity
https://www.bluemt.com/cybersecurity-daily-tech-update-october-12-2016/
Big Data
https://www.bluemt.com/big-data-daily-tech-update-october-11-2016/
Mobile Applications
https://www.bluemt.com/mobile-applications-daily-tech-update-october-7-
2016/
Cloud Computing
https://www.bluemt.com/cloud-computing-daily-tech-update-october-6-2016/

Open Source
https://www.bluemt.com/open-source-daily-tech-update-october-5-2016/
CTO, CIO and CISO
https://www.bluemt.com/cto-cio-ciso-daily-tech-update-october-4-2016/
Programming & Scripting
https://www.bluemt.com/programming-scripting-daily-tech-update-october-3-
2016/

Feds Report Mixed Responses to Shared Services
https://www.bluemt.com/feds-report-mixed-responses-to-shared-services
Federal Employees Are Not Security Experts
https://www.bluemt.com/federal-employees-are-not-security-experts
Survival Guide for Network Administrators
https://www.bluemt.com/survival-guide-for-network-administrators
DBaaS: OpenStack Trove Changes DB Management
https://www.bluemt.com/dbaas-openstack-trove-changes-db-management

Help Wanted: Certified Cybersecurity Professionals
https://www.bluemt.com/help-wanted-certified-cybersecurity-professionals
Cyber Threat Intelligence Integration Center Preview
https://www.bluemt.com/cyber-threat-intelligence-integration-center-preview/
Cloud Moves in 1-2-3
https://www.bluemt.com/cloud-moves-in-1-2-3/
Change Management for Disaster Recovery
https://www.bluemt.com/change-management-for-disaster-recovery/

Jeffersonian Advice For C-Suite Career Advancement
https://www.bluemt.com/jeffersonian-advice-for-c-suite-career-advancement/
Ways To Survive The “Mobile-Pocalypse”
https://www.bluemt.com/ways-to-survive-the-mobile-pocalypse/
Microsoft Cloud Services Receive FedRAMP Authority to Operate
https://www.bluemt.com/microsoft-cloud-services-receive-fedramp-authority-
to-operate/
Hiring Pentesters? Here Are 10 Things You Need to Know
https://www.bluemt.com/hiring-pentesters-here-are-10-things-you-need-to-
know/

Home Router Malware Alert
https://www.bluemt.com/home-router-malware-alert/
Threat Model Deconstruction
https://www.bluemt.com/threat-model-deconstruction/
Business Email Scam Nets $214 Million
https://www.bluemt.com/business-email-scam-nets-214-million/
How to Prevent Unauthorized Software from Taking Over Your Organization
https://www.bluemt.com/the-cios-guide-to-happy-end-users-2/

Digital Marketing Predictions for 2015
https://www.bluemt.com/digital-marketing-predictions-for-2015/
SDN: Network Administrator’s Friend or Foe?
https://www.bluemt.com/sdn-network-administrators-friend-or-foe/
Mobile Payments: A Must for Federal Agencies
https://www.bluemt.com/mobile-payments-a-must-for-federal-agencies/
Soft Skills Are A Must-Have For Careers In IT
https://www.bluemt.com/soft-skills-are-a-must-have-for-careers-in-it/

Security Risks Most Prevalent in Younger Workers
https://www.bluemt.com/security-risks-most-prevalent-in-younger-workers/
The Security World’s Maturation
https://www.bluemt.com/the-security-worlds-maturation/
Data Breach Concerns Keep CISOs Up At Night
https://www.bluemt.com/data-breach-concerns-keep-cisos-up-at-night/
Personalized Govt Equals Instant Gratification for Citizens
https://www.bluemt.com/personalized-govt-equals-instant-gratification-for-
citizens/

People-Centric Security
https://www.bluemt.com/people-centric-security/
Pentagon Tries BYOD To Strike Work/Life Balance
https://www.bluemt.com/pentagon-tries-byod-to-strike-worklife-balance/
Open Source Model Considered for MS Windows
https://www.bluemt.com/open-source-model-considered-for-ms-windows/
Open Internet: To Be or Not to Be?
https://www.bluemt.com/open-internet-to-be-or-not-to-be/

Malware Stays A Step Ahead Infecting One Third of Websites
https://www.bluemt.com/malware-stays-a-step-ahead-infecting-one-third-of-
websites/
Machine-Generated Data: Potential Goldmine for the CIO
https://www.bluemt.com/machine-generated-data-potential-goldmine-for-the-
cio/
Government Legacy Programs: Reuse vs. Replacement
https://www.bluemt.com/government-legacy-programs-reuse-vs-replacement/
It Takes a Whole Village to Protect Networks and Systems
https://www.bluemt.com/it-takes-a-whole-village-to-protect-networks-and-
systems/

Governance For the CIO
https://www.bluemt.com/governance-for-the-cio/
Help Desk Consolidation – Lessons Learned
https://www.bluemt.com/help-desk-consolidation-lessons-learned/
One Year Later, Companies Still Vulnerable to Heartbleed
https://www.bluemt.com/one-year-later-companies-still-vulnerable-to-
heartbleed/
Federal Projects Cultivate Worker Passion
https://www.bluemt.com/federal-projects-cultivate-worker-passion-2/

ABOUT US
Blue Mountain Data Systems Inc.
Blue Mountain Data Systems Inc. is dedicated to application
and systems development, electronic document management,
IT security support, and the automation of workflow processes.
Read more about our experience here:
>> http://bluemt.com/experience

Recent Experience
U.S. Dept. of Labor
Employee Benefits Security Administration
1994 to Present
Responsible to the Office of Technology and Information Systems for information
systems architecture, planning, applications development, networking,
administration and IT security, supporting the enforcement of Title I of the
Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue
Mountain is responsible for design, development and support for its various
enforcement database management systems, as well as all case tracking and
customer service inquiry systems. Blue Mountain also provides IT security services
to the EBSA, in the form of FISMA Assessment and Authorization, System Security
Plans, Risk and vulnerability assessments, monitoring and investigation support.

MANAGEMENT
Paul T. Vesely
Founder, President, CEO and Principal Architect
Mr. Vesely is a recognized thought leader in systems
architecture and delivery, having designed and
delivered many enterprise wide information and
document management solutions. Mr. Vesely’s history
includes 33 years experience in the information
systems industry, with Unisys, Grumman, PRC and a
host of clients in both government and private sectors.

CONTACT US
Contact Us Today to Discuss Your Next IT Project
HEADQUARTERS
366 Victory Drive
Herndon, VA 20170
PHONE 703-502-3416
FAX 703-745-9110
EMAIL
paul@bluemt.com
WEB
https://www.bluemt.com

Tech Update Summary from Blue Mountain Data Systems November 2016

Recomendados

Recomendados

Mais conteúdo relacionado

Último

Último (20)

Destaque

Destaque (20)

Tech Update Summary from Blue Mountain Data Systems November 2016