September 2018: For CTOs, CIOs & CISOs Every business day, we publish a Daily Tech Update for Federal & State CTOs ,CIOs & CISOs on the Blue Mountain Data Systems Blog. We hope you will visit our blog for the latest information >> https://bluemt.com/blog/

1. Blue Mountain Data Systems
Tech Update Summary
September 2018

3. For CTOs, CIOs & CISOs
Visit Blue Mountain Data Systems
https://www.bluemt.com

4. For CTOs, CIOs & CISOs
Every business day, we publish a Daily Tech Update for Federal & State CTOs ,CIOs & CISOs on the Blue
Mountain Data Systems Blog. We hope you will visit our blog for the latest information.
You can also receive these updates via email. Click here to subscribe.
Here’s the summary of the Daily Tech Updates for September 2018. Hope the information and ideas
prove useful.
Best,
Paul Vesely
President and Principal Architect
Blue Mountain Data Systems Inc.

5. Network Security

6. Network Security
IT WATCH: Finding and Fixing Security On Your Network Perimeter. Networks
need multiple layers of security. However, with the complexity inherent in the
internal layers, many folks pay short shrift to the perimeter. That’s a mistake and
here’s why. Read more
[PCMAG.COM]
SOFTWARE: Linux Kernel 4.18: Better Security, Leaner Code. The latest version of
the Linux kernel cleans out nearly 100K lines of code, adds file encryption and the
Berkeley Packet Filter, plus makes a nod to gamers and mobile devices. Read more
[NETWORKWORLD.COM]

7. Network Security
NETWORK DESIGN: Machine Learning Is Becoming a Must in Data Center
Network Security. The volume of data traveling on networks and sophistication of
attack tools are outpacing human experts’ capabilities. Read more
[DATACENTERKNOWLEDGE.COM]
SECURITY: Think Like an Attacker…Three Network Security Points to Identify and
Protect. Pulling the plug on the Internet is often jokingly referred to as the best
solution for network security. All kidding aside, anything you can do to make it
harder for the bad guys to gain access to your network can have a positive impact
on your overall security posture. That begs the question: with so many cyber
security threats and attack methods to worry about – and so many hardware and
software solutions to consider – where should you focus? Read more
[SECURITYBOULEVARD.COM]

8. Encryption

9. Encyption
INDUSTRY INSIGHT: Encryption Management in Government Hyperconverged IT
Networks. Hyperconvergence is becoming more widely accepted in government IT
infrastructure, with agencies like the Department of State and the Government
Accountability Office moving to the solution. A hyperconverged infrastructure (HCI)
enables organizations to scale IT in the cloud while maintaining the performance,
reliability and availability of an on-premises data center. It combines storage,
compute, networking and a hypervisor into a single solution for a fully functional
data center. But it’s not without its particular set of problems – for example,
ensuring that sensitive data is properly encrypted and encryption keys are
appropriately managed. Read more
[GCN.COM]

10. Encyption
SECURITY: Flaw Can Leak Intel ME Encryption Keys. Intel has released updates for
Intel ME, SPS, and TXE firmware to address encryption key-spilling flaw. Read more
[ZDNET.COM]

11. Databases

12. Databases
SQL SERVER: 2 Ways to Attach SQL Server Database Files to Linux Containers. SQL
Server files can be stored outside of Docker containers in host directories or
volumes. Here’s how to set up SQL Server on Linux databases and attach them to
containers. Read more
[SEARCHSQLSERVER.TECHTARGET.COM]
MICROSOFT: 5 SQL Server Components You Should Be Using. Microsoft’s rapid-
fire release cycle for SQL Server means it’s easy for database admins to miss useful
new features. Here are some recent additions that might otherwise fly under the
radar. Read more
[REDMONDMAG.COM]

13. Databases
REVIEW: MongoDB Takes on the World. MongoDB 4.0 beefs up with global cloud
clusters, multi-document ACID transactions, and HIPAA compliance. Read more
[INFOWORLD.COM]
HOW TO: Fix Corrupted Microsoft Access Databases. Access is one of the
industry’s foremost database applications that’s included within the Microsoft
Office suite. Access databases might be essential files for some users as they retain
records, so it’s a good idea to keep a database backup as a precaution for file
corruption. Yet, there are probably some users who don’t back up their database
files; and they’ll need to repair corrupted Access MDB or ACCDB files. If your
Access database is corrupted, and you don’t have a backup handy, check out some
of these fixes. Read more
[WINDOWSREPORT.COM]

14. More About Blue Mountain
BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S.
Dept. of Labor, Employee Benefits Security Administration. Responsible to the
Office of Technology and Information Systems for information systems
architecture, planning, applications development, networking, administration and
IT security, supporting the enforcement of Title I of the Employee Retirement
Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for
design, development and support for its various enforcement database
management systems, as well as all case tracking and customer service inquiry
systems. Blue Mountain also provides IT security services to the EBSA, in the form
of FISMA Assessment and Authorization, System Security Plans, Risk and
vulnerability assessments, monitoring and investigation support. Read more.

15. Electronic Document Management

16. Electronic Document Management
FINANCIAL: 5 Ways CPAs Can Benefit From Mobile Document Management. The
global mobile workforce is expected to rise to 1.87 billion by 2022, according to the
Global Mobile Workforce Forecast Update 2016-2022 from Strategy Analytics, and
with the right tools in hand, remote workers can boost productivity and build client
loyalty. Arming your staff with mobile document management is less a technology
issue and increasingly an important business strategy for forward-looking firms.
Read more
[ACCOUNTINGWEB.COM]

17. Electronic Document Management
PRODUCTIVITY: The Biggest Obstacle to Better Productivity Might Well Be Your
Documents. About $10,000 is wasted on mismanaging digital assets each year. Like
financial asset management, digital asset management (DAM) is all about
spreading the wealth and organizing all digital assets in a cohesive way that makes
sense for your company. DAM can be a money-saving tool. Read more
[MARTECHADVISOR.COM]

18. Electronic Document Management
TRENDING: Global Digital Transaction Management Market by 2025 -The
Adoption of Technology Among the Players Operating in the Market is Trending
in the Industry. Digital Transaction Management is a category of cloud services
designed to digitally manage document-based transactions. DTM removes the
friction inherent in transactions that involve people, documents, and data to create
faster, easier, more convenient, and secure processes. DTM goes beyond content
and document management to include e-signatures, authentication and non-
repudiation; enabling co-browsing between the customer and the business ;
document transfer and certification; secure archiving that goes beyond records
management; and a variety of meta-processes around managing electronic
transactions and the documents associated with them. Read more
[THEBUSINESSINVESTOR.COM]

19. Electronic Document Management
FEDERAL GOVERNMENT: 5 E-Discovery Hurdles For Government Agencies.
Electronic discovery is a challenging process for even the most experienced law
firms and corporations, but the challenges faced by government agencies may be
even more daunting. A 2017 Deloitte survey reveals that nearly a quarter (23
percent) of attorneys, paralegals, records managers and IT professionals within the
federal government feel their agency is “not at all effective” in dealing with the
challenges of e-discovery today, and the same percentage of survey respondents
say they are “not at all” confident that, if challenged, their agency could
demonstrate that their ESI is “accurate, accessible, complete and trustworthy.”
Read more
[LAW360.COM – REGISTRATION REQUIRED FOR ACCESS]

20. Section 508 Compliance & WCAG 2.1

21. Section 508 Compliance & WCAG 2.1
QUESTION: Is Your Job Application Process Accessible And Inclusive? Job
candidate and application accessibility matters. Accessibility improvements can be
as simple as extending the length of time for timed assessments, alt-tagging
images, captioning videos, labeling elements such as buttons and other minor
adjustments. The problem is: Many employers don’t take accessibility into
consideration when building career sites. Read more
[FORBES.COM]
GOOGLE LIGHTHOUSE: Monitor Site Performance, SEO, Accessibility. Lighthouse
is Google’s free, open source, and automated site monitoring tool. It can help
ecommerce businesses track site load times, accessibility, and search engine
optimization. Read more
[PRACTICALECOMMERCE.COM]

22. Section 508 Compliance & WCAG 2.1
ECOMMERCE: 10 Things People With Disabilities Wish Online Retailers Knew.
Many shoppers would be just fine if they could never set foot in a retail store
again. After all, everything is available online: books, groceries, pizza, household
necessities, even big ticket items like mattresses and cars. However, 15 percent of
people worldwide have a disability that affects their daily life, according to the
United Nations, and many retailers are unaware that their websites are not always
accessible to them. The longer retailers wait to create an inclusive online shopping
experience, the more money they could lose to their competitors, as perhaps 15
percent of their potential customers are forced to find accessible alternatives. This
is especially important now, since many in the large Baby Boomer population
segment may be starting to experience disabilities related to age. Although
technical abilities and access needs are unique to each individual, here are 10
common things that customers with disabilities wish online retailers knew.
Read more
[ECOMMERCETIMES.COM]

23. Section 508 Compliance & WCAG 2.1
FEDERAL GOVERNMENT: House Panel Examines Bill on VA Website Accessibility.
A new bill in front of the House Veterans’ Affairs Committee Health Subcommittee
would put pressure on the Department of Veterans Affairs (VA) to make its
websites and digital tools more accessible to the visually impaired. H.R. 6418, the
VA Website Accessibility Act of 2018, would require the VA to review its websites
for compliance with section 508 of the Rehabilitation Act of 1973, submit a report
to Congress, and create a plan to remedy each issue. Read more
[MERITALK.COM]

24. Security Patches

25. Security Patches
MICROSOFT: Patches Recent ALPC zero-day in September 2018 Patch Tuesday
Updates. The monthly Microsoft security updates –known as the Patch Tuesday
updates– are out, and this month, the OS maker has fixed 62 security flaws,
including a recent zero-day vulnerability that was dumped on Twitter last month,
and later adopted by a malware campaign. Patches were made available for
products such as Microsoft Windows, Microsoft Edge, Internet Explorer, ASP.NET,
the .NET Framework, Edge’s ChakraCore component, Adobe Flash Player,
Microsoft.Data.OData, Microsoft Office, and Microsoft Office Services and Web
Apps. Read more
[ZDNET.COM]

26. Security Patches
APPLE: iOS 12 Patches Memory Bugs, Safari 12 Fixes Data Leaks. A new round of
security updates is available from Apple, fixing bugs in Safari, watchOS, tvOS, and
iOS. Some of the vulnerabilities were disclosed ahead of these releases, creating a
window of opportunity for ill-intended users. Apple released its newest version of
iOS on September 17, and apart from adding a performance boost to older iPhone
models, it also comes with solutions for security problems. Read more
[BLEEPINGCOMPUTER.COM]
VPNs: Popular VPNs Contained Code Execution Security Flaws, Despite Patches.
Patches applied to a vulnerability in ProtonVPN and NordVPN builds led to the
discovery of separate bugs which had to be resolved quickly in recent updates.
Read more
[ZDNET.COM]

27. Security Patches
NETWORKS: The Top 5 Security Threats & Mitigations for Industrial Networks.
While vastly different than their IT counterparts, operational technology
environments share common risks and best practices. Read more
[DARKREADING.COM]

28. CIO, CTO & CISO

29. For the CIO, CTO & CISO
CIO: What Boards and CEOs Should Be Asking CIOs. Boards and CEOs are more
tech-savvy than they once were, but they still don’t always know the best questions
to ask CIOs. With the push for digital transformation they need to be armed with
the right questions at the right time. Read more
[INFORMATIONWEEK.COM]
CTO: IBM Security CTO on the Changing Shape of Innovation. According to IBM
Security’s CTO, Sridhar Muppidi, “the CTO’s role has fundamentally evolved from
being purely responsible for the technology in an organisation to a position that is
responsible for a business’ organisational structure.” Read more
[INFORMATION-AGE.COM]

30. CIO, CTO & CISO
CISO: New Equifax CISO Tightens Structure Post-Breach. Equifax Inc.’s new chief
information security officer is adopting organizational changes meant in part to
help correct some of the circumstances that led to the customer data breach
reported by the company in September 2017. Read more
[WSJ.COM]
STATES: Sharing Vital Cyberinformation: An Interview with the New Jersey
CISO. CISO Michael Geraghty wears many hats with one challenging mission: to
defend New Jersey’s digital density. He directs the NJCCIC — a one-stop shop for
cybersecurity information sharing, threat analysis and incident reporting. And his
team does so much more — offering global reach and meaningful cyberimpact.
Here’s how. Read more
[GOVTECH.COM]

31. Penetration Testing

32. Penetration Testing
READ: The Beginner’s Guide to External Penetration Testing Reconnaissance.
External penetration testing reconnaissance is a critical first step in a
professional security assessment. By using the same methods and resources that
attackers use to get into networks, along with open source intelligence, pen
testers can get a much richer profile of an organization’s security strengths and
weaknesses and conduct more successful and accurate assessments. Read more
[SECURITYBOULEVARD.COM]
WHY, WHEN & HOW: Often Should You Pen Test? Read this executive summary
where the pen testers explain the process and findings in a high-level manner.
You will also find a technical summary with more in-depth details. Read more
[SECURITYINTELLIGENCE.COM]

33. Penetration Testing
OPEN SOURCE TOOL: New Pen Test Tool Tricks Targets with Microsoft WCX Files.
A new open-source penetration testing tool, dubbed Firework, will let pen testers
collect sensitive data by tricking their targets into opening Microsoft WCX files.
Read more
[DARKREADING.COM]
PERSPECTIVES: Cybersecurity the Right Way. Read how IT security leaders from
across government bring organization and prioritization to their many
cybersecurity efforts. Read more
[FCW.COM]

34. Open Source

35. Open Source
PREDICTIONS: Open Source – The Next 20 Years. As the open source community
continues to grow, it’s important that users keep in mind that the people writing
software are doing what they can to keep it working and to support it, probably
on their own time. Isaac Murchie, Head of Open Source at Sauce Labs explains
where Sauce Labs sees open source heading in the 20 years ahead. Read more
[JAXENTER.COM]
RESEARCH & IDEAS: The Hidden Benefit of Giving Back to Open Source
Software. Should firms allow employees on company time to make updates and
edits to the software for community use that could be used by competitors?
New research by Assistant Professor Frank Nagle, a member of the Strategy Unit
at Harvard Business School, shows that paying employees to contribute to such
software boosts the company’s productivity from using the software by as much
as 100 percent, when compared with free-riding competitors. Read more
[HBSWK.HBS.EDU]

36. Open Source
NEW: Open Mainframe Project Announces Open Source Framework for
Modernization. The Open Mainframe Project has announced Zowe, an open source
software framework that bridges the divide between modern applications and the
mainframe, intended to provide easier interoperability and scalability among
products and solutions from multiple vendors. Zowe is the first open source project
based on z/OS. Read more
[DBTA.COM]
SOFTWARE: Open-Source Licensing War – Commons Clause. A new open-source
license addendum, Commons Clause, has lawyers, developers, businesses, and
open-source supporters fighting with each other. Read more
[ZDNET.COM]

37. Operating Systems

38. Operating Systems
DISCOVER: The Most Popular Browsers and Operating Systems for PCs and
Smartphones. NetMarketShare data for August 2018 shows that Google Chrome
remains the most popular browser on PC and mobile, while Windows 7 remains
slightly ahead of Windows 10 in the OS desktop scene. Read more
[MYBROADBAND.CO.ZA]
PODCAST: Justin Cormack on Decomposing the Modern Operating System. Justin
Cormack of Docker discusses how the modern operating system is being
decomposed with toolkits and libraries such as LinuxKit, eBPF, XDP, and what the
kernel space service mesh Cilium is doing. Read more
[INFOQ.COM]

39. Operating Systems
AMAZON: Allows Real-Time Operating System to be Updated Remotely. Last year,
Amazon announced it would take over the FreeRTOS operating system for
microcontrollers running inside low-powered devices including wearables and
industrial sensors. The company is putting its stamp on the software with libraries
to support communication with the company’s cloud. Now it is lowering the bar for
keeping the operating system protected against security vulnerabilities. In early
September Amazon said that it had added ability to remotely update the real-time
operating system, which has better reliability and more accurate timing than
general-purpose software. With it, security holes can be closed and new firmware
can be loaded in millions of embedded devices remotely and automatically.
Without it, customers would have to disconnect electronic devices and update
them manually, which could be prohibitively expensive or impossible without
recalling the products. Read more
[ELECTRONICDESIGN.COM]

40. Operating Systems
INDUSTRY INSIGHT: The Container Future is Here. It’s Just Not Evenly Distributed.
Linux containers are not only a viable option for government agencies, they may
very well be necessary for their digital transformation strategies. Containers can
help agencies accelerate application development and support their migration to
the cloud and automation. Additionally, agencies that have adopted DevOps and
agile development processes can use containers to get applications into production
even faster. Read more
[GCN.COM]

41. Incident Response

42. Incident Response
CYBERSECURITY: Drilling for a Tight Incident Response. How developed is your
cybersecurity muscle memory? Chances are you have an outline, script or idea of
how to respond to a cybersecurity incident, but the efficacy of the response may be
uncertain. Read more
[SECURITYINTELLIGENCE.COM]
MANAGE: Incident Response Frameworks for Enterprise Security Teams. After a
security breach, incident response practices become crucial to minimize and
contain the damage. Learn about incident response frameworks with guest David
Geer. Read more
[SEARCHSECURITY.TECHTARGET.COM]

43. Incident Response
ENTERPRISE: Atlassian Launches Jira Ops for Incident-Response Management. The
company describes Jira Ops as a hub for modern incident management, because
many response teams need a central control to find the right tools and practices to
solve new-gen issues. Read more
[EWEEK.COM]
CALIFORNIA: Creates Elections Security Office. Working with federal, state and
local agencies, the Office of Elections Cybersecurity will share information on
election threats, risk assessment and threat mitigation, develop best practices for
election security and incorporate cyber incident response into emergency
preparedness plans for elections. Read more
[GCN.COM]

44. Cybersecurity

45. Cybersecurity
READ: A CTO Guide: The Main Challenges Facing the Cyber Security Industry. In
this guide, five CTOs provide their view on the main challenges facing the cyber
security industry, with insights on how to overcome them. Read more
[INFORMATION-AGE.COM]
APPLE: Company Will Unveil New Portal to Help Law Enforcement Submit
Requests for Customer Data. According to a letter the company sent to Sen.
Sheldon Whitehouse (D-R.I.) obtained by The Washington Post, Apple will also form
a dedicated team to train law enforcement on digital evidence, while also offering
online training for investigators about how to submit their requests. Read more
[WASHINGTONPOST.COM]

46. Cybersecurity
WHY: Email Threats Must Take Top Priority in Cybersecurity. Email is the most
significant threat vector of a corporate network, and thus should be priority when
setting up a risk management strategy. Read more
[SECURITYBOULEVARD.COM]
MEDICAL: FDA to Step-up Cybersecurity Scrutiny in Med Device Clearances. The
FDA is taking steps to increase its scrutiny of efforts taken by medical device
developers to limit cybersecurity vulnerabilities in their connected products, but
may need to take extra steps, according to a newly released report from the US
Dept. of Health and Human Services’ Office of Inspector General. Read more
[MASSDEVICE.COM]

47. Cybersecurity
EDUCATION: 10 Tactics For Teaching Cybersecurity Best Practices To Your Whole
Company. Smart leaders know that their entire team needs to be well-educated on
the importance and best practices of cybersecurity if they hope to protect their
data. Unfortunately, this is easier said than done, especially when it comes to
training your non-tech employees. Using too much jargon and technical terms will
only disengage them, leaving them less prepared and less vigilant. While you don’t
necessarily need to “dumb down” cybersecurity training for non-techies, you do
need to present the information in a way that’s relatable and easy to understand.
Here’s how the members of Forbes Technology Council recommend approaching
this task. Read more
[FORBES.COM]

48. Cybersecurity
FEDERAL GOVERNMENT: Congress Poised to Allow DHS to Take the Lead on
Federal Cybersecurity. After years of debate, Congress is poised to vote on
legislation that would cement the Department of Homeland Security’s role as the
government’s main civilian cybersecurity authority. The Cybersecurity and
Infrastructure Security Agency Act, which has been in the works since the Obama
administration, would give the department a stand-alone cybersecurity agency with
the same stature as other DHS units, such as the Federal Emergency Management
Agency. The Senate could vote on the bill, which passed in the House last year, as
early as this week as it takes up a slew of cybersecurity-related legislation. Read
more
[WASHINGTONPOST.COM]

49. Cybersecurity
ROUNDTABLE: Chicago’s Tech Experts Answer Three Critical Cybersecurity
Questions. Earlier this summer a group of security-minded executives in Chicago,
long a hub for legal and financial tech, sat down for a panel discussion on
anticipating and combating cybercrime. Read more
[LAW.COM]
CTO GUIDE: Cyber Security Best Practice Tips. In this guide, five CTOs provide their
cyber security best practice tips – to ensure the best protection against cyber
attacks and human error. Read more
[INFORMATION-AGE.COM]

50. Project Management

51. Project Management
ENTERPRISE APP: Inefficient Collaboration Tools Hindering Project Management
Teams. With project management emerging as a common role for professionals
these days, better strategies and tech tools are required to enable teams to
collaborate more effectively, according to a recent survey from Planview. Read
more
[EWEEK.COM]
READ: Three-Step Conflict Resolution For Project Managers. Conflict is an issue
that will inevitably arise in any grouping of individuals, regardless of the context.
One of the most important and difficult aspects of a project manager’s job is to
identify and resolve these conflicts because even the smallest argument can stop a
promising project in its tracks. Fortunately, there are some effective tips that
project managers in any industry can adopt in order to prevent this from
happening. Read more
[FORBES.COM]

52. Project Management
DIFFERENCE: Project Management vs. Product Management. Search USAJobs
under the keyword “project management” and you will find hundreds of
postings, Chris Johnston and Kelly O’Connor of the U.S. Digital Service write in a
new blog post. But search under “product management,” they note, and you will
come up empty. Why? Read more
[FCW.COM]
GOOGLE: Says The Best Managers Have These 10 Qualities. Google sought to
identify the common threads among Google’s highest performing managers.
Based on internal research, Google then applied its findings to its manager
development programs. Here are the 10 behaviors that make a great manager at
Google. Read more
[FORBES.COM]

53. Application Development

54. Application Development
CLOUD: Google Cloud Platform Reveals Updated Tools to Make Application
Development Faster and More Secure. Google announced today a series of new
features for its cloud services, designed to enhance the experience for developers
as the company continues to battle for an edge in an increasingly competitive
space. Those new Google Cloud Platform tools start with code search via the
company’s redesigned Cloud Source Repositories. The search feature was built for
internal use, but employees say they found it so effective that they wanted to make
it available to all developers on the cloud platform. Read more
[VENTUREBEAT.COM]

55. Application Development
5G: A New Era of Application Development and Edge Computing. The next
generation of networking and mobile technology, 5G, will deliver vastly greater
data capacity and speed than previous generations. By comparison, 5G
connections will deliver 1,000 times the data rates of 4G. This dramatic leap will
involve a number of new mobile technologies working together, including
transmission at much higher frequencies (30–300GHz), deployment of many small-
cell low-power base stations, MIMO (supporting many more ports per base
station), beam forming (which enables more-efficient use of spectrum and reduces
interference) and full-duplex transmission. Read more
[DATACENTERJOURNAL.COM]

56. Application Development
LOW-CODE: Is Low-Code the Future of Application Development? How Can It Be
Relevant to You? Recently, the shift to low-code platforms for business needs has
been nothing short of a technological revolution. But there are some companies
that aren’t willing to make the jump without a guarantee of a certain level of
future-proofing low-code can offer them. The hesitation is understandable.
Everyone wants a product that can serve them for a long time. If it’s going to be
outdated or defunct in a few years, it’s not an investment, just a liability. Read
more
[SG.NEWS.YAHOO.COM]
DISCOVER: 7 Benefits of Using PaaS to Support Your Application Lifecycle.
Deploying and managing applications in the cloud will help you innovate faster,
more cost effectively and with less risk. Consider these seven benefits to using
PaaS to support your cloud-based application lifecycle. Read more
[DEVPROJOURNAL.COM]

57. Internet of Things (IoT)

58. Internet of Things (IoT)
STATES: California Bill Regulates IoT for First Time in US. California looks set to
regulate IoT devices, becoming the first US state to do so and beating the Federal
Government to the post. The State legislature approved ‘SB-327 Information
privacy: connected devices’ last Thursday and handed it over to the Governor to
sign. The legislation introduces security requirements for connected devices sold in
the US. It defines them as any device that connects directly or indirectly to the
internet and has an IP or Bluetooth address. That covers an awful lot of devices.
Read more
[NAKEDSECURITY.SOPHOS.COM]
NETWORKS: 3 IoT Challenges That Keep Data Scientists Up at Night. Data scientists
are the MVPs of any IoT program, but difficulties preparing and leveraging data
threaten how quickly they can deliver. Knowing what’s lurking in the shadows can
streamline the most difficult processes. Read more
[NETWORKWORLD.COM]

59. Internet of Things (IoT)
WHY: Data Drives Design – Conversations In IoT Architectural Design. In 2015,
there were 15.41 billion connected Internet of Things (IoT) devices around the
world. By 2020, just two years from now, that number will nearly double to 30.73
billion.1 Manufacturing, healthcare and insurance are the top three industries that
have the most to gain from IoT. Read more
[FORBES.COM]
BUSINESS: 5 Ways IoT Is Reinventing Businesses Today. The Internet of Things (IoT)
means more than simply establishing connections between devices and systems—it
is opening up opportunities for creating new products and services not previously
thought possible. In fact, according to a recent Forbes Insights survey of 700
executives, 60% of enterprises are, with the help of their IoT initiatives, expanding
or transforming with new lines of business, while 36% are considering potential
new business directions. In addition, 63% are already delivering new or updated
services directly to customers thanks to their IoT capabilities. Read more
[FORBES.COM]

60. Personal Tech

61. Personal Tech
GOOGLE: Make Several Gmail Addresses Out of One. Thanks to the way Google
processes your mail, you can modify part of your address for different situations
and still get all your messages. Read more
[NYTIMES.COM]
SURVEY: Faculty Members Voice Concerns About Student Reliance on Tech.
Personal technology use on campus is not expected to slow down. That has
presented several concerns among faculty and administrators regarding the impact
of technology dependence on student learning and on the reliability and security of
the related infrastructure. Read more
[EDUCATIONDIVE.COM]

62. Personal Tech
HOW TO: Give Your Old Computer New Life. If you’re not ready to buy a whole new
system, you might be able to add new parts and upgrade your aging machine for
less than a few hundred dollars. Read more
[NYTIMES.COM]
APPLE: Help a Fellow Mac User With Remote Tech Support. Just like Windows
users, Mac owners have ways to share and control another computer over the
internet to give a quick assist online. Read more
[NYTIMES.COM]

63. Mobile Applications

64. Mobile
NIST: Updating Recommendations for Mobile App Security. The National Institute
of Standards and Technology is working on updating its recommendations for how
organizations and developers can keep mobile applications secure. The updated
recommendations are being made to the Special Publication (SP) 800-163, Vetting
the Security of Mobile Applications document that was initially released in January
2015. The 50-page draft revision includes additional clarity and details on how to
minimize mobile app risks. Read more
[EWEEK.COM]
OUR HISTORY WITH MOBILE: A Prescient Steve Jobs Predicted Our Obsession with
Mobile Apps. Though even he might have undersold it a little. Read more
[ENGADGET.COM]

65. Mobile
SECURITY: Team Finds Many Mobile Applications Are Open to Web API Hijacking.
Smartphones, tablets, iPads—mobile devices have become invaluable to the
everyday consumer. But few consider the security issues that occur when using
these devices. Modern mobile applications or “apps” use cloud-hosted HTTP-based
application programming interface (API) services and heavily rely on the internet
infrastructure for data communication and storage. To improve performance and
leverage the power of the mobile device, input validation and other business logic
required for interfacing with web API services are typically implemented on the
mobile client. However, when a web service implementation fails to thoroughly
replicate input validation, it gives rise to inconsistencies that could lead to attacks
that can compromise user security and privacy. Developing automatic methods of
auditing web APIs for security remains challenging. Read more
[PHYS.ORG]

66. Mobile
CYBERSECURITY: Risky Mobile Apps No Fun for Entertainment Sector. In case it’s
not already on your risk radar, it’s time to add mobile apps to the growing list of
threat vectors. Mobile apps are risky across all sectors, but more specifically, those
that come from media and entertainment businesses are putting users at risk.
BitSight recently released the results of its research that looked at data from more
than 1,000 companies offering apps on iOS and Google Play and found
vulnerabilities across the board. Read more
[SECURITYBOULEVARD.COM]

67. Programming & Scripting Development
Client & Server-Side

68. Programming & Scripting Development
Client & Server-Side
JAVASCRIPT: The Solo JavaScript Developer Challenging Google and Facebook.
Google’s Angular and Facebook’s React are the two most popular frameworks for
building applications with JavaScript, the standard language for writing code that
runs in your browser, as opposed to on a company’s server. But a growing number
of developers are flocking to Vue, a JavaScript framework developed by
independent programmer Evan You and funded by donations from individual users
and sponsorships from small companies. At the end of 2017, Vue was tied for
third-most-downloaded JavaScript framework with the more established Ember,
behind Facebook’s React and Google’s Angular, according to data compiled by the
startup NPM, which offers tools for installing and managing packages of JavaScript
code. Read more
[WIRED.COM]

69. Programming & Scripting Development
Client & Server-Side
CETTIA: A Java Server for Building Real-Time Web Apps. Solve tricky problems
with WebSocket, JSON and switch statements with Cettia, a full-featured web app
framework for Java that allows developers to exchange events between the server
and client in real-time. Read more
[JAXENTER.COM]
JDK 12 ROADMAP: Java 12 Gets First Targeted Features. Switch expressions
capability would improve coding, allow pattern matching; raw string literals would
simplify multiline expressions. Read more
[INFOWORLD.COM]
C# 8: Async Streams in C# 8. C# 8 adds Async Streams, which allows an async
method to return multiple values broadening its usability. Async streams are an
alternative to the reactive programming model used in Java and JavaScript. Read
more
[INFOQ.COM]

70. Programming & Scripting Development
Client & Server-Side
C# 8: Async Streams in C# 8. C# 8 adds Async Streams, which allows an async
method to return multiple values broadening its usability. Async streams are an
alternative to the reactive programming model used in Java and JavaScript. Read
more
[INFOQ.COM]

71. Cloud Computing

72. Cloud Computing
RESEARCH: Cloud Computing Is Helping Smaller, Newer Firms Compete. Is digital
technology a democratizing force, allowing smaller, newer companies to compete
against giant ones? Or does it provide even greater advantage to incumbents? Some
of the latest research suggests that technology can in fact provide an advantage to
small and new firms. Find out how. Read more
[HBR.ORG]
ENTERPRISE: State Of Enterprise Cloud Computing, 2018. 77% of enterprises have at
least one application or a portion of their enterprise computing infrastructure in the
cloud. More technology-dependent industries including manufacturing, high-tech,
and telecom are being led by executive management to become 100% cloud. These
and many other fascinating insights are from the 2018 IDG Cloud Computing Study
published earlier this month by IDG. Read more
[FORBES.COM]

73. Cloud Computing
CNCF: Cloud Native Computing Foundation to Fully Operate Kubernetes – with
Help of Google Cloud Grant. Google Cloud is cutting the umbilical cord further when
it comes to Kubernetes. The company is helping fund the move to transfer
ownership and management of the technology’s resources to the Cloud Native
Computing Foundation (CNCF) with the help of a $9 million grant. The move will see
the CNCF, as well as Kubernetes community members, taking responsibility for all
day-to-day project operations. This will include testing and builds, as well as
maintenance and operations for Kubernetes’ distribution. Read more
[CLOUDCOMPUTING-NEWS.NET]

74. Cloud Computing
DOD: A Closer Look at DOD’s Cloudy JEDI Contract. On July 26, the Department of
Defense released the final request for proposals for the Joint Enterprise Defense
Infrastructure cloud computing contract. Darth Vader has not yet weighed in on the
JEDI proposal, but Yoda would call the protracted process leading up to the RFP
itself a lesson in how to do not procurement in the federal government. Read more
[FCW.COM]

75. Announcement

76. IT Security | Cybersecurity

77. IT Security | Cybersecurity
SECURITY: 5 Things You Need to Know About the Future of Cybersecurity. Terrorism
researchers, AI developers, government scientists, threat-intelligence specialists,
investors and startups gathered at the second annual WIRED conference to discuss
the changing face of online security. These are the people who are keeping you safe
online. Their discussions included Daesh’s media strategy, the rise of new forms of
online attacks, how to protect infrastructure, the threat of pandemics and the
dangers of hiring a nanny based on her Salvation Army uniform. Read more
[WIRED.CO.UK]
IT MANAGEMENT: Top 5 Cybersecurity Mistakes IT Leaders Make, and How to Fix
Them. Cybersecurity teams are largely understaffed and underskilled. Here’s how to
get the most out of your workers and keep your business safe. Read more.
[TECHREPUBLIC.COM]

78. IT Security | Cybersecurity
FEDERAL GOVERNMENT: Rep. Hurd Champions Modernizing Federal Cybersecurity.
The federal government is and will continue to be a target of cyber crimes.
According to the Identity Theft Resource Center, U.S. companies and government
agencies suffered a total of 1,093 data breaches in 2016. Mid-year numbers for 2017
show 791 incidents as of the end of June – a 29 percent increase over the same
period in 2016. With that said, is the government doing enough to prepare for cyber
threats? On this episode of CyberChat, host Sean Kelley, former Environmental
Protection Agency chief information security officer and former Veterans Affairs
Department deputy chief information officer, spoke with Rep. Will Hurd (R-Texas)
about initiatives to modernize the federal cybersecurity space. Read more
[FEDERALNEWSRADIO.COM]

79. IT Security | Cybersecurity
STATE GOVERNMENT: To Simplify Cybersecurity Regulations, State Groups Ask
Federal Government for Help. A letter to the Office of Management and Budget
says that today’s regulatory environment “hampers” states in their pursuit of cost
savings and IT optimization. Find out more
STATESCOOP.COM]

80. ABOUT US
Blue Mountain Data Systems Inc.
Blue Mountain Data Systems Inc. is dedicated to application
and systems development, electronic document management,
IT security support, and the automation of workflow processes.
Read more about our experience here:
>> http://bluemt.com/experience

81. Recent Experience
U.S. Dept. of Labor
Employee Benefits Security Administration
1994 to Present
Responsible to the Office of Technology and Information Systems for information
systems architecture, planning, applications development, networking,
administration and IT security, supporting the enforcement of Title I of the
Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue
Mountain is responsible for design, development and support for its various
enforcement database management systems, as well as all case tracking and
customer service inquiry systems. Blue Mountain also provides IT security services
to the EBSA, in the form of FISMA Assessment and Authorization, System Security
Plans, Risk and vulnerability assessments, monitoring and investigation support.

82. MANAGEMENT
Paul T. Vesely
Founder, President, CEO and Principal Architect
Mr. Vesely is a recognized thought leader in systems
architecture and delivery, having designed and
delivered many enterprise wide information and
document management solutions. Mr. Vesely’s history
includes 33 years experience in the information
systems industry, with Unisys, Grumman, PRC and a
host of clients in both government and private sectors.

83. CONTACT US
Contact Us Today to Discuss Your Next IT Project
HEADQUARTERS
366 Victory Drive
Herndon, VA 20170
PHONE 703-502-3416
FAX 703-745-9110
EMAIL
paul@bluemt.com
WEB
https://www.bluemt.com