Tech Update Summary from Blue Mountain Data Systems April 2017

Blue Mountain Data Systems Tech Update Summary
April 2017

For CTOs, CIOs & CISOs
Visit Blue Mountain Data Systems
https://www.bluemt.com

For CTOs, CIOs & CISOs
Every business day, we publish a Daily Tech Update for Federal & State CTOs ,CIOs & CISOs on the Blue
Mountain Data Systems Blog. We hope you will visit our blog for the latest information.
You can also receive these updates via email. Click here to subscribe.
Here’s the summary of the Daily Tech Updates for April 2017. Hope the information and ideas prove
useful.
Best,
Paul Vesely
President and Principal Architect
Blue Mountain Data Systems Inc.

Encyption
FEDERAL GOVERNMENT: Suing to See the Feds’ Encrypted Messages? Good Luck.
The conservative group Judicial Watch is suing the Environmental Protection
Agency under the Freedom of Information Act, seeking to compel the EPA to hand
over any employee communications sent via Signal, the encrypted messaging and
calling app. In its public statement about the lawsuit, Judicial Watch points to
reports that EPA staffers have used Signal to communicate secretly, in the face of
an adversarial Trump administration. But encryption and forensics experts say
Judicial Watch may have picked a tough fight. Delete Signal’s texts, or the app
itself, and virtually no trace of the conversation remains. “The messages are pretty
much gone,” says Johns Hopkins crypotgrapher Matthew Green, who has closely
followed the development of secure messaging tools. “You can’t prove something
was there when there’s nothing there.” Find out more
[WIRED.COM]

Encyption
WHY: We Need to Encrypt Everything. Many major websites already encrypt by
default. Here’s why encryption and multifactor authentication should be
everywhere. Find out more
[INFOWORLD.COM]
NEWS: Make Encryption Ubiquitous, Says Internet Society. The Internet Society
has urged the G20 not to undermine the positive role of encryption in the name of
security, claiming it should provide the foundation of all online transactions. Find
out more
[INFOSECURITY-MAGAZINE.COM]

Encyption
FBI: $61M to Fight Cybercrime, Encryption in Trump Budget Proposal. President
Donald Trump’s budget blueprint for the federal government proposes a $61
million increase for the FBI and Justice Department in fiscal 2018 to better track
terrorist communications and combat cybercriminals. Find out more
[FEDSCOOP.COM]

Encyption
ENCRYPTION: Usage Grows Again, but Only at Snail’s Pace. Deployment pains and
problems with finding data in the corporate maze are being blamed for business’
lack of interest in crypto. Read more
[ZDNET.COM]
ATTACKS/BREACHES: The Long Slog To Getting Encryption Right. Encryption
practices have improved dramatically over the last 10 years, but most organizations
still don’t have enterprise-wide crypto strategies. Read the rest
[DARKREADING.COM]

Encyption
ENTERPRISE: Keeping the Enterprise Secure in the Age of Mass Encryption. How
can businesses ensure enterprise security in a world with mass encryption, given
Mozilla’s revelations recently that over half of webpages loaded by Firefox use
HTTPS. Find out
[INFORMATION-AGE.COM]
READ: Encryption Won’t Stop Your Internet Provider From Spying on You. Data
patterns alone can be enough to give away what video you’re watching on
YouTube. A 2016 Upturn report sets out some of the sneaky ways that user activity
can be decoded based only on the unencrypted metadata that accompanies
encrypted web traffic—also known as “side channel” information. Read more
[THE ATLANTIC.COM]

Databases
FPGAs: Shaking Up Stodgy Relational Databases. So you are a system architect,
and you want to make the databases behind your applications run a lot faster.
There are a lot of different ways to accomplish this, and now, there is yet another –
and perhaps more disruptive – one. Read more
[NEXTPLATFORM.COM]
DATA BREACHES: If You Want to Stop Big Data Breaches, Start With Databases.
Over the past few years, large-scale data breaches have become so common that
even tens of millions of records leaking feels unremarkable. One frequent culprit
that gets buried beneath the headlines? Poorly secured databases that connect
directly to the internet. Read the rest
[WIRED.COM]

Databases
TRENDS: Top Databases in 2017: Trends for SQL, NoSQL, Big Data, Fast Data.
What are the most in demand tools for data storage and processing this year? Find
out
[JAXENTER.COM]
IBM: Jumps on Bandwagon for Cloud Databases. Responding to what it says is
growing demand for deploying SQL databases in the cloud, IBM this week rolled
out a transactional database as a service on its SoftLayer cloud infrastructure. The
move reflects the steady advance of cloud-native data platforms along with a
growing number of analytics and transaction databases provisioned in the cloud.
Read more
[ENTERPRISETECH.COM]

More About Blue Mountain
BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S.
Dept. of Labor, Employee Benefits Security Administration. Responsible to the
Office of Technology and Information Systems for information systems
architecture, planning, applications development, networking, administration and
IT security, supporting the enforcement of Title I of the Employee Retirement
Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for
design, development and support for its various enforcement database
management systems, as well as all case tracking and customer service inquiry
systems. Blue Mountain also provides IT security services to the EBSA, in the form
of FISMA Assessment and Authorization, System Security Plans, Risk and
vulnerability assessments, monitoring and investigation support. Read more.

Electronic Document Management

SECURE DOCUMENTS: 18 Ways to Secure Your Electronic Documents. Electronic
Document Management Systems (EDMS) are electronic repositories designed to
provide organized, readily retrievable, collections of information for the life cycle of
the documents. How can you keep these electronic files secure during the entire
chain of custody? Here are 18 security suggestions. Read more
[BLUEMT.COM]
LEGAL DEPT DOCUMENT MANAGEMENT: Investing in New Technologies: How
Corporate Legal Departments Are Leading the Way. Many departments are looking
to technology to assist with automation of processes, resource and budgetary
management, and tracking. Connie Brenton, co-founder of Corporate Legal
Operations Consortium (CLOC), a non-profit association of legal operations
executives, explains, “Corporate executives expect the GC’s office to be a business
counselor to the firm, and to discuss numbers, data and analytics. Efficiency is now
essential for legal departments, and this has advanced software’s role and
accelerated technology adoption.” Find out more
[INSIDECOUNSEL.COM]

CFPB: Looks to Embrace Cloud for Email, Office Application Needs. The Consumer
Financial Protection Bureau wants to move to a public cloud setup for some of its
core enterprise apps. The financial watchdog agency recently sent out a Request
for Information (RFI) on the process, technical requirements and costs of moving to
cloud services in fiscal year 2017. CFPB wants to establish a more complete
understanding on the costs associated with moving fully to a cloud solution for
email and office applications (e.g., documents, spreadsheets, presentations,
SharePoint and more).Read the rest
[FEDTECHMAGAZINE.COM]

ROI: 4 Ways Business Document Management Software Can Save You Money. Lisa
Croft, Group Product Marketing Manager at Adobe Document Cloud, talks about
the many ways business document management can save your company time,
space, and more importantly, loads of money. Here are the four most obvious ways
these tools provide excellent return-on-investment. Read more
[PCMAG.COM]

Security Patches
MOBILE: March Android Security Update Breaks SafetyNet, Android Pay. An issue
with the March Android over-the-air security update has been resolved after
Nexus 6 users complained that Android Pay no longer worked after installation of
the update. The update in fact broke Android’s SafetyNet API which provides a
constant check on device integrity, blocking access to certain features – such as
Android Pay – if it believes a device has been rooted. A Google representative
confirmed to Threatpost that the issue was resolved and the OTA update re-issued,
even for devices that had already installed the bad update. Find out more
[THREATPOST.COM]

Security Patches
ADOBE: Flash Player New Security Update. On March 14, Adobe Flash Player
users should receive a new security update instead of the February patches. This
is because Microsoft has engaged to its earlier plan to defer and deliver the
updates at a later date even if the security patches are now available. On February
2017, Adobe has addressed the issue and found a solution in which a patch was
able to deal with the security problem. For this reason, users are given access to
both MS17-005 Security Update for the Adobe Flash Player. This is due to the
update from Adobe and the provision by Microsoft. This vulnerability has been
considered a critical issue due to the permission that it can grant the attackers. In
a report by security specialists, such a vulnerability indicates that attackers are
granted control of the machine that was infected. This is in the sense that they are
allowed to send remote commands.. Find out more
[TNHONLINE.COM]

Security Patches
SECURITY: After CIA Leaks, Tech Giants Scramble to Patch Security Flaws. Apple,
Microsoft, and Google are analyzing leaked CIA documents to see if their products
are affected, but security researchers say that most of the flaws have long been
fixed. Find out more
[ZDNET.COM]
CMS: WordPress Finally Patches 6 Glaring Security Issues. WordPress is the most
popular CMS in the world – and the most hacked. Just last month, hackers
engaged in a “feeding frenzy” at the expense of WordPress sites across the web,
exploiting a vulnerability found in the WP REST API plugin. After patching that
security issue, Automattic, the company behind WordPress, rolled out yet another
security patch this week in the form of WordPress 4.7.3. Find out more
[CMSWIRE.COM]

Security Patches
ORACLE: Oracle Releases Nearly 300 Security Patches. Apache Struts fixes take
the lead in the patch-Tuesday, which also includes fixes for various Shadow
Brokers leaks. Read more
[SCMAGAZINE.COM]
MICROSOFT: Patch Tuesday New Security Update Guide Gets Mixed Reviews.
Microsoft’s April Patch Tuesday finally revealed the company’s new approach in
rolling out and informing the industry on the security updates for the month and
at best has received mixed reviews from several industry insiders. Read the rest
[SCMAGAZINE.COM]

Security Patches
ANDROID: Pixel XL Devices Accidentally Receive ‘Googlers-only OTA’ of Next
Android Security Update. Google frequently uses their employees to dogfood
updates before they are released to the public. Earlier this evening, a “confidential
Googlers-only OTA” appears to have inadvertently been pushed to some Pixel XL
devices. Find out
[9TO5GOOGLE.COM]
READ: Shadow Brokers Lessons…First, Don’t Panic. If you’re worried about zero-
days and hacking tools but not outdated software and obsolete systems in your
network, then you’re doing security wrong. Read more
[INFOWORLD.COM]

For the CIO, CTO & CISO
CIO: Federal CIOs’ 5 Key Steps to IT Modernization. There’s an urgent need to
modernize federal agencies’ technology. At least two-thirds – and in some cases
more – of the federal IT budget in recent years has gone toward the operations and
maintenance of outdated legacy systems that are often older than some of the
personnel in charge of their upkeep. Find out more
[FEDSCOOP.COM]
CTO: White House Selects Deputy CTO From Peter Thiel’s Rolodex. One of PayPal’s
cofounders and early Facebook investor Peter Thiel’s aides will step into the role of
White House deputy chief technology officer. The White House tapped Michael
Kratsios, principal and chief of staff at Thiel Capital, for the post in the Office of
Science and Technology, according to Politico. Kratsios’ prior roles include chief
financial officer and chief compliance officer at Clarium Capital Management –
another Thiel-funded investment firm – and roles as an analyst at Lyford Group
International and Barclays Capital. Find out more
[NEXTGOV.COM]

CIO, CTO & CISO
CISO: Think Like a Hacker, Says Former CISO. “We need to think like a hacker” to
protect federal networks, Greg Touhill said at a March 30 cybersecurity
conference in Washington. “We haven’t even been thinking like an accountant”
when it comes to federal IT, he said. “We need to do a bit of both” to maximize
security and efficiency for the federal networking dollars. Find out more
[FCW.COM]
INSIGHTS: Acting CIOs May Slow Government Technology Push. A lack of action
by the Trump administration has left 10 of 25 federal chief information officer
positions vacant, which may slow plans to upgrade cybersecurity and
information technology systems across the federal government. Find out more
[ABOUT.BGOV.COM]

Penetration Testing
BEWARE: Penetration Tests Are Being Ignored by Enterprises Living
Dangerously. Organizations are ignoring the recommendations of penetration
testers, even when they find serious vulnerabilities in their clients’ systems,
according to the Black Report from Nuix. Find out more
[SCMAGAZINEUK.COM]
SECURITY: Apache Struts Vulnerability Under Attack. An easy-to-exploit remote
code execution flaw discovered in the widely used open-source Apache Struts 2
framework has been patched, but that’s not stopping attackers from attempting
to exploit vulnerable systems. Find out more
[EWEEK.COM]

Penetration Testing
FINANCIAL: Testing Finds ‘100 Percent’ of Mobile Banking Apps Hackable.
Mobile banking applications produced by 50 of the world’s largest 100 banks
were all vulnerable to hacking attacks which could allow password capture or
surveillance of users, according to new research from a European mobile
security outfit. Find out more
[CYBERSCOOP.COM]

Penetration Testing
LEARN: The Top 5 Security Functions To Outsource. There is a cybersecurity
talent shortage. According to some sources, there are currently up to 200,000
unfilled security positions in the United States, and an estimated one million
open positions globally. By 2019, experts say there could be 1.5 million unfilled
cybersecurity jobs. Given this scarcity in the cybersecurity market, combined
with the daunting task of staffing a diversely skilled security team, a prudent
question is which security functions can be effectively outsourced for the short-,
medium-, or long-term. Here are five of the most logical security areas to
outsource. Find out more
[FORBES.COM]

Open Source
READ: The Rise Of Open-Source Malware And IoT Security. With 2017 well
underway, security professionals are scrambling to understand emerging
cyberthreats that will be prevalent in the coming year, and the appropriate
mitigation techniques. I’ve found that this is particularly true for
communications service providers (CSPs), who have to protect their networks as
well as business and consumer subscribers from attacks. While ransomware,
data breaches and global hacking events will continue to grab headlines, a major
area of focus in the cybersecurity world in 2017 will undoubtedly be internet of
things (IoT) devices. Based on recent attacks, these devices seem easy to hack,
and can be used to launch global attacks with devastating outcomes. Find out
more
[FORBES.COM]

Open Source
DOD: New DOD Software Coding Will Increase Private-Sector Involvement. The
Department of Defense (DOD) has unveiled a software coding initiative that could
transform the creation and quality of DOD software projects, and the interactions
between federal, private sector, and individual software developers. The initiative,
known as Code.mil, is headed by the Defense Digital Service (DDS), a team
representing DOD’s effort to increase public-private collaboration in the software
industry. Code.mil represents the next step in this endeavor with its objective of
connecting the vast amount of individual coding talent and skill with DOD software
projects open to improvements. Find out more
[DEFENSESYSTEMS.COM]
CLONES: Welcome in Scientific Hardware. Learn why a firm is open sourcing their
testing equipment. Find out more
[OPENSOURCE.COM]

Open Source
MICROSOFT: To Shut CodePlex Open Source Project Site. The company
acknowledges that GitHub is the go-to option for project hosting and will shutter
CodePlex at the end of this year. Find out more
[INFOWORLD.COM]
GIS: Unlocking Business Value with Open Source GIS. Proprietary geospatial
software generally consists of subscriptions that determine how many data
sources can be considered and how much it will cost to determine optimal
routing. Open-source geospatial software, on the other hand, allows
organizations to leverage geospatial data without incurring per-user, per-login or
per-CPU cycle costs. Additionally, users are not penalized for increasing their
number of users or conducting as much analysis as is required to determine
ideal routing. Here’s a look at the most prominent benefits of open-source
software. Find out more
[DATA-INFORMED.COM]

Business Intelligence
DISCOVER: 7 Forces Driving Modern Business Intelligence Growth. The number of
organizations embracing business intelligence platforms continues to grow, but
more focus is being placed on business-led, agile analytics and self-service features
rather than IT-led system-of-record reporting. That is the finding of a recent study
by Gartner, which looked at market trends in business intelligence and analytics
overall, and differences between traditional BI investments and modern BI. Find out
more
[INFORMATION-MANAGEMENT.COM]
GOOGLE: The AI Talent Race Leads Straight to Canada. America’s biggest tech
companies are remaking the internet through artificial intelligence. And more than
ever, these companies are looking north to Canada for the ideas that will advance AI
itself. Find out more
[WIRED.COM]

READ: The Unmistakable Conviction of Visual Business Intelligence. Visual business
intelligence represents the summation of BI’s time-honored journey from the
backrooms of IT departments to the front offices of business analysts and C level
executives alike. It seamlessly merges the self-service movement’s empowerment
of the business via user-friendly technology with the striking data visualizations
servicing everything from data preparation to analytics results. Find out more
[KMWORLD.COM]
NGA: Looks to “Reinvent security’ with Fast-Churn Cloud Architecture. To better
protect the nation’s intelligence networks, the National Geospatial-Intelligence
Agency is moving most of its IT operations to the cloud and looking to “reinvent
security” in the process. Jason Hess, the NGA’s chief of cloud security, wants to take
advantage of cloud’s flexibility to tear down the agency’s IT architecture and rebuild
it every day so that would-be attackers will confront a confusing operating
environment and enjoy limited time-on-target. Find out more
[GCN.COM]

Operating Systems
WINDOWS 10: Is Windows 10 an Operating System or an Advertising Platform?
Windows 10 has certainly gotten its share of lumps since it was released. Some
users really liked it, while other detested the changes made by Microsoft. Windows
10 has proven to be a great example of beauty being in the eye of the beholder.
One writer at BetaNews recently wondered if Windows 10 was an operating system
or an advertising platform. Find out more
[INFOWORLD.COM]

Operating Systems
MOBILE: Android is Set to Overtake Windows as Most Used Operating System.
After more than eight years in the hands of consumers, Android is poised to
overtake Windows as the most used operating system in the world. This
measurement comes by way of web analytics firm StatCounter, which follows
trends in worldwide web traffic. Microsoft Windows holds the slimmest of margins
over Android, and they could trade positions very soon if current trends continue.
Find out more
[EXTREMETECH.COM]

Operating Systems
PERSONAL TECH: Just What Was in That iOS System Update? When you get the
notice of a software update for iOS, there’s usually a link to read about the security
content of the update. But where does Apple officially tell you about all other things
that change in these upgrades? Find out more
[NYTIMES.COM]
LEARN: The Best Alternatives Operating Systems. For most people, the only
operating systems they know of are Windows, macOS, Android and iOS. However,
there are other operating systems you can consider. Here’s a list of six alternative
operating systems for your review. Find out more
[HACKREAD.COM]

Incident Response
ENERGY DEPT: Exercise Reveals ‘Gaps’ in Major Cyber Incident Response.
Department of Energy exercise last year found shortcomings in the way that federal,
state and local governments would work with industry to respond to a major cyber
incident affecting energy infrastructure on the East Coast. Read more
[THEHILL.COM]
OPINION: Complete Security Deception Includes Detection and Incident Response.
Finding a threat solves only part of the problem. A complete deception solution will
also enable better incident response. Read the rest
[NETWORKWORLD.COM]

Incident Response
BRIEFS: Threats, Violent Incidents at Federal Facilities Assessed. Read a recent CRS
report examining violent incidents at federal facilities, including a tally of nearly
1,000 incidents in recent years that it says probably represents only a small portion
of such incidents. Find out
[FEDWEEK.COM]
READ: Will Congress Help Fund New State and Local Cyber Programs? Back in early
March, a bipartisan group introduced the State Cyber Resiliency Act. If passed and
funded, the legislation would provide grants for state and local governments to
improve cybersecurity protections and incident response. Here’s what you need to
know. Read more
[GOVTECH.COM]

Cybersecurity
CITIES: As Cities Get Smarter, Hackers Become More Dangerous. This Could Stop
Them. As governments create smarter cities, they need cybersecurity measures
built from the ground up – or they risk costly data breaches which could
compromise the privacy of their citizens. Find out more
[CNBC.COM]
FEDERAL GOVERNMENT: Looking to the Feds for Help in Fighting Cybercriminals.
Cybercriminals are unrelenting in their attacks on state and local government
computer networks, which contain detailed personal and business information —
such as birth certificates, driver’s licenses, Social Security numbers and even bank
account or credit card numbers — on millions of people and companies. Now, state
and local officials are hoping Congress will give them some help in fending off the
constant threat. Find out more
[GCN.COM]

Cybersecurity
INSURANCE: How AIG’s Cyber Security Gamble Could Pay Off. American
International Group (AIG) has recently begun offering personal cyber security
insurance plans to individuals. The company appears to be riding a wave of
individuals’ fears about losing online data or having their bank accounts emptied,
and should find success with wealthier customers who have a lot to lose. But it
remains to be seen whether ordinary consumers will come to regard cyber security
insurance as a necessary expense. Find out more
[FORTUNE.COM]

Cybersecurity
NIST: Must Audit Federal Cybersecurity Because DHS Isn’t, Hill Staffer Says. A
senior House science committee staffer Friday defended controversial legislation
expanding the authorities of the government’s cybersecurity standards agency,
saying it’s necessary because other agencies aren’t stepping up to the job. The bill,
which passed the committee nearly entirely with Republican support earlier this
month, would direct the National Institute of Standards and Technology to audit
agencies’ cyber protections within two years, giving priority to the most at-risk
agencies. Find out more
[NEXTGOV.COM]

Cybersecurity
STATES: Rhode Island Names First State Cybersecurity Officer. Mike Steinmetz
brings a wealth of public- and private-sector experience to the Ocean State, where
he will serve as the first cybersecurity officer. Read more
[GOVTECH.COM]
MANAGEMENT: NASCIO Midyear 2017 – Cybersecurity, Agile Take Center Stage.
Mitigating hacking attacks, implementing more nimble procurement methods and
more will be explored at this year’s National Association of State Chief Information
Officer’s Midyear Conference. Read the rest
[STATETECHMAGAZINE.COM]

Cybersecurity
WHY: You Must Build Cybersecurity Into Your Applications. One of the largest
changes underway in the way we create software is that cybersecurity is no longer
an afterthought, but instead is being built into every application. The challenge
many companies face is how to keep up and make sure the software they create is
just as safe as the products they buy. Find out
[FORBES.COM]
NETWORKS: Trump’s Cybersecurity Mystery: 90 Days In, Where’s the Plan? An
executive order was shelved without explanation, and a promised cybersecurity
report hasn’t materialized. Read more
[NETWORKWORLD.COM]

Cybersecurity
SECURITY: Greg Touhill’s Cyber Advice – Think Like a Hacker. DHS aims to get ahead
of cybersecurity adversaries via automation tools, but the former U.S. CISO
recommends a change of mindset as well. Read more
[FEDTECHMAGAZINE.COM]
OPINION: Here’s Why Agencies Shouldn’t Give Up on Firewalls. There has been a
lot of talk lately about the death of the security perimeter for computer networks,
which is an especially sensitive topic for the federal government that helped to
create the concept. Everyone seems to think it’s now impossible within
cybersecurity to draw a line and keep bad guys on one side and authorized users on
the other. Read the rest
[NEXTGOV.COM]

Cybersecurity
ENTERPRISE: Keeping the Enterprise Secure in the Age of Mass Encryption. How
can businesses ensure enterprise security in a world with mass encryption, given
Mozilla’s revelations recently that over half of webpages loaded by Firefox use
HTTPS. Find out
COMMENT: Securing the Government Cloud. What many government network
defenders have forgotten is that security in a cloud environment is a shared
responsibility. The cloud provider secures the internet and physical infrastructure,
but the cloud customer is responsible for protecting its own data. FedRAMP and
third-party certifications assure that the cloud provider is doing its part. But it is
ultimately up to customers to ensure they’re taking steps to prevent, detect and
respond to cyber adversaries during the attack lifecycle. Read more
[FCW.COM]

Project Management
GUIDE: Scrum Agile Project Management: The Smart Person’s Guide. Here’s a
go-to guide on scrum, a popular agile project management framework. You’ll
learn scrum terminology, how to use the methodology in software and product
development projects, and more. Find out more
[TECHREPUBLIC.COM]
TOOLS: 7 Project Management Tools Any Business Can Afford. There’s no
shortage of project management solutions for mid-size and large businesses.
Startups, though, have limited budgets and simply can’t afford high-priced
project management software. Here are seven affordable options. Find out more
[CIO.COM]

Project Management
RISK: Open Source Project Management Can Be Risky Business. Learn how
open source code is a huge factor in mitigating risk. Find out more
[OPENSOURCE.COM]
FEDERAL GOVERNMENT: Get on the Same Platform, CIO Council Urges. Taking a
government-as-a-platform approach to IT service delivery by leveraging cloud-
supported solutions can help modernize and digitize federal agencies, according
to a new report from the CIO Council. Find out more
[GCN.COM]

Project Management
FITNESS TRACKING: Weight Loss On Your Wrist? Fitness Trackers May Not Help.
Fitness trackers remain wildly popular, but do they make us fit? Maybe not,
according to a study that asked overweight or obese young adults to use the tiny
tracking tools to lose weight. Read the rest
[NPR.ORG]

Application Development
IoT: Why App Development Is The Key To Unlocking The IoT Vault. Solution
providers are positioning themselves for success in the lucrative Internet of Things
market by bolstering their application development teams. Companies bringing IoT
solutions to market face several hurdles, including interoperability, security and
data management challenges – and staffing up with IoT application developers is
critical for tackling these issues. Read more
[CRN.COM]
SDKS: How Imaging SDKs Can Solve Today’s Application Development Challenges. In
a mobile-first world, developers understand the importance of creating a next-
generation app that fits in with client or user expectations. Developers should
consider the myriad of SDK options if they want to improve functionality for the
user, especially imaging SDKs. Although they are a niche market, these SDKs can
add better imaging capabilities and target industry-related problems that
companies are trying to tackle. Find out more
[SDTIMES.COM]

Application Development
SECURITY: Application Security Requires More Talk Than Tech. If you think
application security only involves installing a tool, or scanning a few apps and
moving on, you’re wrong. Application security is a unique security initiative, and its
success hinges on people as much as technology. Read more
[INFOWORLD.COM]
SPEED: How to Speed Enterprise App Development and Meet Digital
Transformation Demands. Low-code platforms are key in accelerating digital
transformation with rapid application development. Find out more

Big Data
KAFKA: Channels the Big Data Firehose. Kafka has emerged as the open source
pillar of choice for managing huge torrents of events. The challenge is refining the
tooling and raising the game on security beyond basic authentication. Read more
[ZDNET.COM]
EUROPE: Big Data, Robotics and AI Fuelling VC Investment in London. Despite the
Brexit result last year, London tech companies have attracted over £1 billion in
emerging technologies since the referendum vote. Read the rest

Big Data
E-COMMERCE: 5 Ways Big Data Analytics Can Help Your eCommerce Business. The
words ‘Big data’ are thrown around a lot these days, but there is no definition that
is universally accepted. The best definition of Big data comes from analyst Doug
Laney, who said in 2001 that Big data is defined by ‘The 3Vs’ – including velocity,
variety and volume. This means that Big data is a large amount of content that is
varied and being produced quickly. Here are five ways that Big data analytics can
help your online company. Find out
[INSIDEBIGDATA.COM]
PODCAST: Big Data for Small Businesses. In the latest episode of the Microsoft
Partner Network Podcast, listen to CEO of Neal Analytics, Dylan Dias, as he talks
about the business of Big Data. Neal Analytics is a Microsoft partner focused on
solving business problems with analytics and a management consulting
perspective. Dylan was able to shed some light on what it takes for businesses to hit
a fast-moving target like Big Data. Read more
[BLOGS.PARTNER.MICROSOFT.COM]

Mobile
JAVASCRIPT: Using NodeJS and JSON in Mobile App Development. For those who
are new to application development, older technologies such as PHP and SQL were
used to create web based applications based on databases and these were
confirmed by a lack of scalability, and often needed a complete redevelopment in
order to expand the platform. The emergence of Javascript and associated libraries
and frameworks has meant that as software applications have become more data
intensive and real time updates have occurred then technologies have been
developed to allow for the increase of the use of these technologies. Read more
[JOSIC.COM]

Mobile
HOW TO: Effectively Collect User Feedback in Mobile Application. According to
lean development principles, developing a mobile application is a process that
includes a sequence of phases — design, development, release, feedback
collection, modification to redesign, and so on — with the aim of ensuring the
successful development of an app at a minimal cost. User feedback is an
indispensable part of the product life cycle and the basis to determine its evolution.
Read the rest
[INFOQ.COM]
DHS: Releases Government Guide for Mobile App Development. The Department
of Homeland Security has released its Mobile Applications Playbook, giving federal
agencies a roadmap for creating, testing and deploying apps that will be shared
across the government. The 39-page guide can be used anywhere along an
application’s development lifecycle, giving development teams a path forward
when they are stuck on an issue related to an application’s progress. Find out
[FEDSCOOP.COM]

Mobile
FEDERAL AGENCIES: Progressive Web Apps: The Mobile Future. Agencies that
can’t afford to pay a developer to build and maintain an app may want to consider
progressive web apps, which offer advantages over traditional mobile applications
and even browser-based apps because of their ability to work across multiple
devices, their speed and the ease with which they can be developed and deployed.
Read more
[GCN.COM]

Programming & Scripting Development
Client & Server-Side

FYI: 10 Up-and-Coming Programming Languages Developers Should Get to Know.
There are currently huge numbers of different programming languages in use by
software developers, with most jobs requiring the more familiar skills such as Java,
JavaScript, PHP and C#. However, as software demands evolve and grow, new and
less widely-accepted languages are gaining in prominence, offering developers the
right tool for certain jobs. Find out more
[TECHWORLD.COM]
OPEN SOURCE: Introduction to Functional Programming. Here’s an explanation of
what functional programming is, how to explore its benefits, and a list of resources
for learning functional programming. Find out more
[OPENSOURCE.COM]

JAVASCRIPT: WIRED Had a Potential Infosecurity Problem. Here’s What We Did
About It. On February 26th, WIRED’s security reporter Andy Greenberg received an
email from Sophia Tupolev, the head of communications at the security firm
Beame.io, saying she’d found a security issue on WIRED.com. Tupolev’s company
had discovered sensitive data in the source code on many pages on our site,
including obfuscated, “hashed” passwords and email addresses for current and
former WIRED writers. Here’s what WIRED did to solve the problem. Find out more
[WIRED.COM]
JAVA: Managing Both Acute and Chronic Web Application Security Issues. A new,
high-severity vulnerability emerged in the Apache Struts 2 open-source framework
used to build Java web applications. The flaw allows hackers to inject commands
into remote web servers. Within hours, organizations around the world reported
attacks exploiting CVE-2017-5638 while Struts 2 users scrambled to apply a patch
from the Apache Foundation. What are the practical effects of these events, and
what should government InfoSec leaders and practitioners do now? Find out more
[GCN.COM]

JAVASCRIPT: WIRED Had a Potential Infosecurity Problem. Here’s What We Did
About It. On February 26th, WIRED’s security reporter Andy Greenberg received an
email from Sophia Tupolev, the head of communications at the security firm
Beame.io, saying she’d found a security issue on WIRED.com. Tupolev’s company
had discovered sensitive data in the source code on many pages on our site,
including obfuscated, “hashed” passwords and email addresses for current and
former WIRED writers. Here’s what WIRED did to solve the problem. Find out more
[WIRED.COM]

JAVA: Managing Both Acute and Chronic Web Application Security Issues. A new,
high-severity vulnerability emerged in the Apache Struts 2 open-source framework
used to build Java web applications. The flaw allows hackers to inject commands
into remote web servers. Within hours, organizations around the world reported
attacks exploiting CVE-2017-5638 while Struts 2 users scrambled to apply a patch
from the Apache Foundation. What are the practical effects of these events, and
what should government InfoSec leaders and practitioners do now? Find out more
[GCN.COM]

Cloud Computing
READ: Cloud Computing Governance and Compliance. To ensure a successful cloud
deployment, cloud computing governance and compliance procedures must
encompass all the necessary considerations. Find out more
[DATAMATION.COM]
FEDERAL GOVERNMENT: Tech Leaders’ Top Recommendations for Fixing Federal IT
Challenges. Last September, U.S. Comptroller General Gene Dodaro convened more
than a dozen tech experts and current and former federal officials to offer solutions
to the challenges the federal government faces in IT acquisition and operations. Find
out more
[NEXTGOV.COM]

Cloud Computing
INDUSTRY INSIGHT: Four Reasons for Agencies to Embrace the Cloud Instead of
Fearing It. Cloud computing has existed for about as long as hashtags, YouTube
videos and iPhones. Today, the latter items are firmly embedded not only within our
technological universe, but our cultural identity and daily conversations. And for
private industry and consumers, the cloud too has emerged as a familiar, reliable
resource for business tasks and work/life assistance. So why does the cloud so often
still inspire the classic symptoms of FUD — fear, uncertainty and doubt — among
federal agencies? Find out more
[GCN.COM]

Cloud Computing
CIO COUNCIL: Wants Agencies to Consider: ‘The Best Code Ever Written is the
Code that is Never Written’. Shawn McCarthy, research director for IDC
Government Insights, said public cloud services will account for about half of the
$2.15 billion spending in 2017. By 2021, agency spending on public cloud is
projected to increase to $1.9 billion out of the $3.3 billion. Find out more
[FEDERALNEWSRADIO.COM]

Announcement
Blue Mountain Data Systems DOL Contract Extended Another Six Months
The Department of Labor has extended Blue Mountain Data Systems Inc. contract
DOLOPS16C0017 for 6 months for network administration and application
support.
U.S. Dept. of Labor, Employee Benefits Security Administration
1994 to Present Responsible to the Office of Technology and Information Systems
for information systems architecture, planning, applications development,
networking, administration and IT security, supporting the enforcement of Title I
of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue
Mountain is responsible for design, development and support for its various
enforcement database management systems, as well as all case tracking and
customer service inquiry systems. Blue Mountain also provides IT security services
to the EBSA, in the form of FISMA Assessment and Authorization, System Security
Plans, Risk and vulnerability assessments, monitoring and investigation support.

IT Security | Cybersecurity
INTERVIEW: Cybersecurity in the Federal Government. Alex Grohmann, founder
and resident of Sicher Consulting, John Dyson from Deloitte, and Brian Gay,
president, Think Forward Consulting talk about the concept of a cybersecurity
framework for the federal government. Read more
[FEDERALNEWSRADIO.COM]
TECH INSIDER: Priorities for Enhancing National Cybersecurity. Presidential
transitions are a time of considerable change in government, including new agency
leaders and evolving policy priorities. But many issues persist, and this is certainly
the case with cybersecurity. Advancing the nation's cybersecurity posture must be a
key priority for the Trump administration, especially if we are to maximize the
benefits of digital transformation. Read more
[NEXTGOV.COM]

IT Security | Cybersecurity
NEWS: National Guard Expects Expanded Role in Cybersecurity. The National
Guard’s role in cybersecurity began in 1999 thanks to the uncertainty created by
Y2K. With concerns of potential computer chaos looming when dates on systems
turned over to 2000, the National Guard was given a new force structure called a
computer network defense team. Renamed Defensive Cyber Operations Elements,
the eight-to 10-person teams are organized on the state level, while support for the
10 Federal Emergency Management Agency regions is handled by Cyber Protection
Teams, Lt. Col. Brad Rhodes, the commander of the Colorado National Guard's Cyber
Protection Team 178, said in a recent interview. Find out more
[GCN.COM]
PEOPLE: U.S. Rep. Bob Latta Named Chairman of Panel that Oversees Data,
Cybersecurity. The House Subcommittee on Digital Commerce and Consumer
Protection has a great range of jurisdiction -- everything from IoT policies to
overseeing the Federal Trade Commission. Find out more
[GOVTECH.COM]

From the Blue Mountain Data Systems Blog
Personal Tech
https://www.bluemt.com/personal-tech-daily-tech-update-october-28-2016
IT Management
https://www.bluemt.com/it-management-daily-tech-update-october-27-2016
https://www.bluemt.com/business-intelligence-daily-tech-update-october-26-
2016
Incident Response
https://www.bluemt.com/incident-response-daily-tech-update-october-25-2016

Security Patches
https://www.bluemt.com/security-patches-daily-tech-update-october-24-2016/
BYOD
https://www.bluemt.com/byod-daily-tech-update-october-21-2016/
Databases
https://www.bluemt.com/databases-daily-tech-update-october-20-2016/
Operating Systems
https://www.bluemt.com/operating-systems-daily-tech-update-october-19-
2016/

Encryption
https://www.bluemt.com/encryption-daily-tech-update-october-18-2016/
Cloud Computing
https://www.bluemt.com/cloud-computing-daily-tech-update-october-17-2016/
Programming & Scripting
https://www.bluemt.com/programming-scripting-daily-tech-update-october-14-
2016/
Incident Response
https://www.bluemt.com/incident-response-daily-tech-update-october-13-
2016/

Cybersecurity
https://www.bluemt.com/cybersecurity-daily-tech-update-october-12-2016/
Big Data
https://www.bluemt.com/big-data-daily-tech-update-october-11-2016/
Mobile Applications
https://www.bluemt.com/mobile-applications-daily-tech-update-october-7-
2016/
Cloud Computing
https://www.bluemt.com/cloud-computing-daily-tech-update-october-6-2016/

Open Source
https://www.bluemt.com/open-source-daily-tech-update-october-5-2016/
CTO, CIO and CISO
https://www.bluemt.com/cto-cio-ciso-daily-tech-update-october-4-2016/
Programming & Scripting
https://www.bluemt.com/programming-scripting-daily-tech-update-october-3-
2016/

Feds Report Mixed Responses to Shared Services
https://www.bluemt.com/feds-report-mixed-responses-to-shared-services
Federal Employees Are Not Security Experts
https://www.bluemt.com/federal-employees-are-not-security-experts
Survival Guide for Network Administrators
https://www.bluemt.com/survival-guide-for-network-administrators
DBaaS: OpenStack Trove Changes DB Management
https://www.bluemt.com/dbaas-openstack-trove-changes-db-management

Help Wanted: Certified Cybersecurity Professionals
https://www.bluemt.com/help-wanted-certified-cybersecurity-professionals
Cyber Threat Intelligence Integration Center Preview
https://www.bluemt.com/cyber-threat-intelligence-integration-center-preview/
Cloud Moves in 1-2-3
https://www.bluemt.com/cloud-moves-in-1-2-3/
Change Management for Disaster Recovery
https://www.bluemt.com/change-management-for-disaster-recovery/

Jeffersonian Advice For C-Suite Career Advancement
https://www.bluemt.com/jeffersonian-advice-for-c-suite-career-advancement/
Ways To Survive The “Mobile-Pocalypse”
https://www.bluemt.com/ways-to-survive-the-mobile-pocalypse/
Microsoft Cloud Services Receive FedRAMP Authority to Operate
https://www.bluemt.com/microsoft-cloud-services-receive-fedramp-authority-
to-operate/
Hiring Pentesters? Here Are 10 Things You Need to Know
https://www.bluemt.com/hiring-pentesters-here-are-10-things-you-need-to-
know/

Home Router Malware Alert
https://www.bluemt.com/home-router-malware-alert/
Threat Model Deconstruction
https://www.bluemt.com/threat-model-deconstruction/
Business Email Scam Nets $214 Million
https://www.bluemt.com/business-email-scam-nets-214-million/
How to Prevent Unauthorized Software from Taking Over Your Organization
https://www.bluemt.com/the-cios-guide-to-happy-end-users-2/

Digital Marketing Predictions for 2015
https://www.bluemt.com/digital-marketing-predictions-for-2015/
SDN: Network Administrator’s Friend or Foe?
https://www.bluemt.com/sdn-network-administrators-friend-or-foe/
Mobile Payments: A Must for Federal Agencies
https://www.bluemt.com/mobile-payments-a-must-for-federal-agencies/
Soft Skills Are A Must-Have For Careers In IT
https://www.bluemt.com/soft-skills-are-a-must-have-for-careers-in-it/

Security Risks Most Prevalent in Younger Workers
https://www.bluemt.com/security-risks-most-prevalent-in-younger-workers/
The Security World’s Maturation
https://www.bluemt.com/the-security-worlds-maturation/
Data Breach Concerns Keep CISOs Up At Night
https://www.bluemt.com/data-breach-concerns-keep-cisos-up-at-night/
Personalized Govt Equals Instant Gratification for Citizens
https://www.bluemt.com/personalized-govt-equals-instant-gratification-for-
citizens/

People-Centric Security
https://www.bluemt.com/people-centric-security/
Pentagon Tries BYOD To Strike Work/Life Balance
https://www.bluemt.com/pentagon-tries-byod-to-strike-worklife-balance/
Open Source Model Considered for MS Windows
https://www.bluemt.com/open-source-model-considered-for-ms-windows/
Open Internet: To Be or Not to Be?
https://www.bluemt.com/open-internet-to-be-or-not-to-be/

Malware Stays A Step Ahead Infecting One Third of Websites
https://www.bluemt.com/malware-stays-a-step-ahead-infecting-one-third-of-
websites/
Machine-Generated Data: Potential Goldmine for the CIO
https://www.bluemt.com/machine-generated-data-potential-goldmine-for-the-
cio/
Government Legacy Programs: Reuse vs. Replacement
https://www.bluemt.com/government-legacy-programs-reuse-vs-replacement/
It Takes a Whole Village to Protect Networks and Systems
https://www.bluemt.com/it-takes-a-whole-village-to-protect-networks-and-
systems/

Governance For the CIO
https://www.bluemt.com/governance-for-the-cio/
Help Desk Consolidation – Lessons Learned
https://www.bluemt.com/help-desk-consolidation-lessons-learned/
One Year Later, Companies Still Vulnerable to Heartbleed
https://www.bluemt.com/one-year-later-companies-still-vulnerable-to-
heartbleed/
Federal Projects Cultivate Worker Passion
https://www.bluemt.com/federal-projects-cultivate-worker-passion-2/

ABOUT US
Blue Mountain Data Systems Inc.
Blue Mountain Data Systems Inc. is dedicated to application
and systems development, electronic document management,
IT security support, and the automation of workflow processes.
Read more about our experience here:
>> http://bluemt.com/experience

Recent Experience
U.S. Dept. of Labor
Employee Benefits Security Administration
1994 to Present
Responsible to the Office of Technology and Information Systems for information
systems architecture, planning, applications development, networking,
administration and IT security, supporting the enforcement of Title I of the
Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue
Mountain is responsible for design, development and support for its various
enforcement database management systems, as well as all case tracking and
customer service inquiry systems. Blue Mountain also provides IT security services
to the EBSA, in the form of FISMA Assessment and Authorization, System Security
Plans, Risk and vulnerability assessments, monitoring and investigation support.

MANAGEMENT
Paul T. Vesely
Founder, President, CEO and Principal Architect
Mr. Vesely is a recognized thought leader in systems
architecture and delivery, having designed and
delivered many enterprise wide information and
document management solutions. Mr. Vesely’s history
includes 33 years experience in the information
systems industry, with Unisys, Grumman, PRC and a
host of clients in both government and private sectors.

CONTACT US
Contact Us Today to Discuss Your Next IT Project
HEADQUARTERS
366 Victory Drive
Herndon, VA 20170
PHONE 703-502-3416
FAX 703-745-9110
EMAIL
paul@bluemt.com
WEB
https://www.bluemt.com

Tech Update Summary from Blue Mountain Data Systems April 2017

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Empfohlen

Empfohlen (20)

Tech Update Summary from Blue Mountain Data Systems April 2017