Tech Update Summary from Blue Mountain Data Systems August 2016

Tech Update Summary
August 2016
Blue Mountain Data Systems

For CTOs, CIOs & CISOs
Visit Blue Mountain Data Systems
https://www.bluemt.com

For CTOs, CIOs & CISOs
Every business day, we publish a Daily Tech Update for Federal & State CTOs ,CIOs & CISOs on the Blue
Mountain Data Systems Blog. We hope you will visit our blog for the latest information.
You can also receive these updates via email. Click here to subscribe.
Here’s the summary of the Daily Tech Updates for August 2016. Hope the information and ideas prove
useful.
Best,
Paul Vesely
President and Principal Architect
Blue Mountain Data Systems Inc.

Federal, State & Local IT
FEDERAL: The White House Releases Policy to Help Government Agencies Go Open
Source. The White House (led by United States Chief Information Officer Tony
Scott) has been pretty vocal about using technology to improve how government
operates. They want to make sure code helps, not hurts, government agencies, and
that the U.S. government can use technology just as effectively as a private
company can. Read the rest
[TECHCRUNCH.COM]
MISSOURI: Missouri CISO Michael Roling on the Front Lines of Cybersecurity.
Roling shares how he makes sure his staff — and the state workforce in general —
is prepared for today’s threats. Find out more
[GOVTECH.COM]

Federal, State & Local IT
WEST VIRGINIA: Inside The Government Centers Where The FBI Shares Intel With
Police. In a drab room in a drab office block in West Virginia, a bank of screens
display news and law enforcement agency insignias. On an average day, there
might be seven staffers around the tables, and while it’s nothing much to look at,
its director believes a group like this in a room like this could probably have
stopped 9/11, had they been meeting at the time. Read more
[VOCATIV.COM]
CITY: Homeland Security to Silicon Valley: We Need Drones. The Department of
Homeland Security is hiring in Silicon Valley — for drones. Last week, technology
entrepreneurs filled a Menlo Park conference room, where officials spelled out
their needs — drones small and light enough to launch easily and fly over vast
stretches of desert. The machines would look for questionable activity, scan faces
of suspects and compare them against a database for prior criminal history. Read
more [SFCHRONICLE.COM]

Encyption
NSA: Shadow Brokers Leak Just Revealed How The NSA Broke American-Made
Encryption. If the Shadow Brokers’ leak of NSA files is legit, as is now all but
confirmed, they have offered a glimpse into how the intelligence agency exploited
security systems created by American tech vendors. And one of the vulnerabilities
has offered proof of just how the US’ finest digital spies were able to snoop on
encrypted communications, in particular those provided by Virtual Private
Networks (VPNs). Read more
[FORBES.COM]

Encyption
APPLE: Researchers Find Another Flaw in Apple’s iMessage Encryption.
Cryptography researchers at John Hopkins University have found another flaw in
the encryption used by Apple’s iMessage. The good news? The flaw has already
been patched; you just need to update iOS. Find out more
[GIZMODO.COM]
HOSPITALITY TECH: Ensuring Privacy Through Security Best Practices. Increasingly,
hotels are collecting, analyzing, using, and storing guest data, including personally
identifiable data (PII), to facilitate guest engagement and great service. Personal
data is being harnessed in conjunction with loyalty, CRM, PMS, and other
technology—and the more it is leveraged, the more vulnerable it becomes. Here
are six keys to not sacrificing security while leveraging customer data for improved
service and operations. Find out more
[HOSPITALTECHNOLOGY.EDGL.COM]

Encyption
DoD: Pentagon Relying on a Different Kind of FBI to Fight Cyber Attacks. The
Defense Department’s big data approach to cybersecurity is paying big dividends.
Through better analytics, DoD’s cyber experts have seen a 500 percent increase in
the number of counter measures they can apply to thwart hackers. What’s
different for DoD isn’t the data, but the tools on top of the information, and the
military’s cyber experts’ ability to use them in near real-time. According to Dave
Mihelcic, the chief technology officer at the Defense Information Systems Agency,
“One of the biggest applications today is called Fight by Indicator (FBI). FBI gives
our analysts the ability to not only take the data about that attack and compare it
against all known data and then be able to pick the best cybersecurity mitigation
mechanism and actually directly task that mechanism. It has improved our
effectiveness in being able to detect, diagnose and mitigate attacks by 500
percent.” Read more
[FEDERALNEWSRADIO.COM]

Databases
GRAPH: IBM Releases Graph, a Service That Can Outperform SQL Databases. IBM
has announced the general availability of Graph, a service for the Bluemix cloud
offering that the company said helps set up a relatively new, high-performing type
of database. Graph databases differ from traditional SQL databases in that they
store both data and the relationships among the data. The relationships among
data points are as important as the data points themselves. Unlike SQL databases,
which can require complex queries to extract conclusions from data, graph
databases execute queries more efficiently, and their advantage over SQL
databases increases with the complexity of the query. Graph databases, which
have become more popular in the last decade, are often used in apps that make
recommendations about music or restaurants. Read the rest
[GEEKWIRE.COM]

Databases
ADMINS: It’s the Data, Stupid – Why Database Admins Are More Important Than
Ever. It may not be all about the tables anymore, but the DBA role is still essential –
even if the person doing it doesn’t have the title. Specialized databases, cloud, and
DevOps expand, not eliminate, the role of the DBA. Find out more
[ARSTECHNICA.COM]
NoSQL: Three NoSQL Databases You’ve Never Heard Of. There’s a certain class of
data problem that is elegantly addressed by NoSQL databases, which is why the
market for NoSQL databases is growing faster than the overall market. The market
is led by the Big Four, including Couchbase, Datastax, MarkLogic, and MongoDB,
but there’s a long tail of other players in the NoSQL market, including some older
products that are still going strong. Read more
[DATANAMI.COM]

Databases
OPEN SOURCE: Why Open Source Graph Databases Are Catching On. Graph
databases, which use graph structures for semantic queries, came into prominence
through social networks like Facebook and Twitter. But they’re used for far more
now than just linking connections between friends and relatives. Read more
[ENTERPRISEAPPSTODAY.COM]
MongoDB: Atlas Best Practices. MongoDB announced Atlas, its DBaaS platform,
earlier this year. Take a look at the best ways to use it. Find out more
[DZONE.COM]

Databases
GOOGLE: Cloud Databases Reach General Availability. Emerging from beta,
Google’s cloud databases are ready for business workloads. Cloud SQL, Cloud
Bigtable, and Cloud Datastore — databases offered through the Google Cloud
Platform (GCP) — are set to shed their beta designation, a scarlet letter among
enterprises, and enter general availability. In so doing, they will qualify for SLAs like
other production-ready GCP services. Read more
[INFORMATIONWEEK.COM]

Databases
GRAPH: 5 Factors Driving the Graph Database Explosion. There’s no denying it:
Graph databases are hot. Graph databases have outgrown every other type of
database in popularity since 2013, and not by a small margin either. It’s clear that
developers, data scientists, and IT pros are just beginning to explore the potential
of graph databases to solve new classes of big data analytic and transaction
challenges. Find out more
[DATANAMI.COM]
NoSQL: Current State of NoSQL Databases. With the emergence of time series data
being generated from Internet of Things (IoT) devices and sensors, it’s important to
take a look at the current state of NoSQL databases and learn about what’s
happening now and what’s coming up in the future for these databases. Read
more
[INFOQ.COM]

More About Blue Mountain
BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S.
Dept. of Labor, Employee Benefits Security Administration. Responsible to the
Office of Technology and Information Systems for information systems
architecture, planning, applications development, networking, administration and
IT security, supporting the enforcement of Title I of the Employee Retirement
Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for
design, development and support for its various enforcement database
management systems, as well as all case tracking and customer service inquiry
systems. Blue Mountain also provides IT security services to the EBSA, in the form
of FISMA Assessment and Authorization, System Security Plans, Risk and
vulnerability assessments, monitoring and investigation support. Read more.

Electronic Document Management

CFPB: Looks to Embrace Cloud for Email, Office Application Needs. The Consumer
Financial Protection Bureau wants to move to a public cloud setup for some of its
core enterprise apps. The financial watchdog agency recently sent out a Request
for Information (RFI) on the process, technical requirements and costs of moving to
cloud services in fiscal year 2017. CFPB wants to establish a more complete
understanding on the costs associated with moving fully to a cloud solution for
email and office applications (e.g., documents, spreadsheets, presentations,
SharePoint and more).Read the rest
[FEDTECHMAGAZINE.COM]

SECURE DOCUMENTS: 18 Ways to Secure Your Electronic Documents. Electronic
Document Management Systems (EDMS) are electronic repositories designed to
provide organized, readily retrievable, collections of information for the life cycle of the
documents. How can you keep these electronic files secure during the entire chain of
custody? Here are 18 security suggestions. Read more
[BLUEMT.COM]
ROI: 4 Ways Business Document Management Software Can Save You Money. Lisa
Croft, Group Product Marketing Manager at Adobe Document Cloud, talks about the
many ways business document management can save your company time, space, and
more importantly, loads of money. Here are the four most obvious ways these tools
provide excellent return-on-investment. Read more
[PCMAG.COM]

LEGAL DEPT DOCUMENT MANAGEMENT: Investing in New Technologies: How
Corporate Legal Departments Are Leading the Way. Many departments are looking
to technology to assist with automation of processes, resource and budgetary
management, and tracking. Connie Brenton, co-founder of Corporate Legal
Operations Consortium (CLOC), a non-profit association of legal operations
executives, explains, “Corporate executives expect the GC’s office to be a business
counselor to the firm, and to discuss numbers, data and analytics. Efficiency is now
essential for legal departments, and this has advanced software’s role and
accelerated technology adoption.” Find out more
[INSIDECOUNSEL.COM]

Security Patches
MICROSOFT: Microsoft patches 27 flaws in Windows, Office, IE, and Edge. Many of
the flaws could allow for remote code execution attacks through websites and
malicious documents. Read the rest
[PCWORLD.COM]
ANDROID: AOSP Changelogs Posted for August Security Patches. The odds are
pretty good that if you’re using a still-supported Nexus device, it’s probably
running August’s security update by now. The factory images became available on
August 1 and OTAs have been intermittently rolling out since then. The push to
AOSP took a little longer and finally included a couple of other tags that were
behind schedule. All of the changes have been compiled into their respective lists
and the changelogs are ready for perusal. Find out more
[ANDROIDPOLICE.COM]

Security Patches
MORE ANDROID: ‘Quadrooter’ Flaws Affect Over 900 Million Android Phones.
All versions of Android are vulnerable to these flaws, which won’t be fully
patched until the September security release next month. Four previously
undisclosed security vulnerabilities found in Android phones and tablets that
ship with Qualcomm chips could let a hacker take full control of an affected
device. Almost a billion Android devices are affected by the “high” risk privilege
escalation vulnerabilities, dubbed “Quadrooter,” say researchers at security firm
Check Point. Read more
[ZDNET.COM]
APPLE: Apple Security Bug Lets Hackers Nab Your Mac and iPhone Passwords
With 1 Text. Apple software contains flaws that could allow hackers to steal
people’s passwords by doing nothing more than sending a single nefarious
message. Apple patched the vulnerabilities in its July 20 batch of software
updates. Still, it is incumbent upon people to download the updates. Read more
[FORTUNE.COM]

For the CIO, CTO & CISO
CIO OPINION: CIOs Must Undertake Digital Initiatives, Even the Hard Parts. As
businesses today face ever-increasingly competitive markets, many react by trying
to leverage the new opportunities from digital technologies. In fact, the world is
awash in digital technology offerings. But many businesses don’t reap the
anticipated ROI of their digital investments. Read the rest
[CIO.COM]
CISO: Hired Guns: The Rise of the Virtual CISO. When is the right time to rent
yourself a CISO? The enterprise is facing a dangerous combination of mounting
cybersecurity threats of increasing subtlety—and a widening gap in the skills
required to identify and combat them. Read more
[NETWORKWORLD.COM]

CIO, CTO & CISO
NASA CTO: Deborah Diaz to Retire in September. A three-time Federal 100
winner, Diaz has held a wide range of IT leadership posts across the government,
including stints at the U.S. Patent and Trademark Office, the Department of
Homeland Security, the General Services Administration and the U.S. Agency for
International Development. At NASA, where Diaz has served since 2009, she
managed a massive IT infrastructure consolidation program and helped create
the International Space Apps Challenge hackathon and NASA’s Datanauts
program, among many other initiatives. Diaz’ final day at NASA will be Sept. 30.
She said she was still weighing options for “the next technology innovation
opportunity” she would pursue. Find out more
[FCW.COM]

CIO, CTO & CISO
CSO: A Gentler Way to Hack Back. A father-son team argues that hacking back
doesn’t have to lead to the cyber equivalent of World War III – if it’s done by
professionals and doesn’t attempt to corrupt or destroy anyone’s networks.
Read more
[CSOONLINE.COM]

Penetration Testing
IBM: Unleashes X-Force Red. IBM Security has formed an elite team of security
professionals and ethical hackers, dubbed IBM X-Force Red. The group is tasked
to uncover vulnerabilities in computer networks, hardware and software
applications, in a block-and-tackle move to get ahead of cybercriminals. The
team also examines human security vulnerabilities in daily processes and
procedures – social engineering opportunities or privileged access routes that
attackers often use to circumvent security controls. Read the rest
[INFOSECURITY-MAGAZINE.COM]
SECURITY STRATEGY: The Evolution Of The Penetration Test. Toby Scott-Jackson,
senior security consultant at SureCloud explores how penetration testing has
changed – and how it must continue changing in the future. Find out more
[INFORMATIONSECURITYBUZZ.COM]

Penetration Testing
TOOL: Open Source Penetration Testing Toolkit. Sqlmap is an open source
penetration testing tool that automates the process of detecting and exploiting
SQL injection flaws and taking over of database servers. It comes with a powerful
detection engine, many niche features for the ultimate penetration tester and a
broad range of switches lasting from database fingerprinting, over data fetching
from the database, to accessing the underlying file system and executing
commands on the operating system via out-of-band connections. Full support
for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM
DB2, SQLite, Firebird, Sybase, SAP MaxDB and HSQLDB database management
systems. Read more
[SQLMAP.ORG]

Penetration Testing
Q&A: Tom Eston, Manager of Penetration Testing, Veracode. Tom Eston leads a
team of highly skilled penetration testers. For the last several years, he’s co-
hosted what is now known as the Shared Security Podcast – a usually monthly
podcast that explores how technology affects the security and privacy of our
personal lives and businesses. Eston talks about how companies can keep their
data safe even if they can’t afford a big security budget. It turns out the best
advice he could give is to stay vigilant. Read more
[CRAINSCLEVELAND.COM]

Open Source
DHS: Explores Wearable Tech for First Responders. A FitBit for first responders?
Google Glass for firemen? That’s what the Homeland Security Department’s
Science and Technology Directorate is looking for. DHS S&T kicked off EMERGE
2016: Wearable Technology. It’s seeking state of the art wearable technologies
on the commercial market that can be modified for first responders. The goal is
to find these commercial devices that can help first responders create a
comprehensive dataset more easily. DHS S&T is asking for vendors to submit
applications to be one of two dozen firms to participate in the accelerator and
receive help in early market validation, test and evaluation opportunities and
paths to introduce their technology to a variety of markets. Find out more

Open Source
THE PEOPLE’S CODE: Federal Source Code Policy to Support Improved Access to
Custom-Developed Federal Source Code Released. The White House’s Chief
Information Officer, Tony Scott, has released the Federal Source Code policy to
support improved access to custom software code developed by or for the
Federal Government. Read the rest
[WHITEHOUSE.GOV]
FCC: Forces TP-Link to Support Open Source Firmware on Routers. Networking
hardware vendor TP-Link admitted violating US radio frequency rules by selling
routers that could operate at power levels higher than their approved limits. In a
settlement with the Federal Communications Commission, TP-Link agreed to pay
a $200,000 fine, comply with the rules going forward, and to let customers install
open source firmware on routers. Read more
[ARSTECHNICA.COM]

Open Source
BUG FIXES: How to Fix a Bug in Open Source Software. How open source
software is supported is just as important as how well it works. Given the choice
between building awesome new features or carefully reading and responding to
10 bug reports, which would you choose? Which is more important? Read more
[OPENSOURCE.COM]

Operating Systems
FUCHSIA: Meet Fuchsia, a New Operating System in the Works at Google. Nobody
quite knows what it’s for (yet), but according to Android Police, Fuchsia can run on
just about any kind of device. Read more
[PCWORLD.COM]
UNTANGLE: Announces Revolutionary Wi-Fi Router Operating System. New OS for
Home Wi-Fi Routers Includes Full NGFW Features. Find out more
[DARKREADING.COM]

Operating Systems
TAILS: Getting Started with Tails (The Amnesic Incognito Live System), the
Encrypted, Leave-No-Trace Operating System. A step-by-step guide on how to
download, install, and start using Tails, the world’s most secure platform. Read
more
[TECHREPUBLIC.COM]
MICROSOFT: Confirms Freezing Issues After Upgrading to Windows 10 Anniversary
Update. Microsoft launched the Windows 10 Anniversary Update earlier this
month. The company is still rolling out the update to users worldwide, but a good
amount of users already have the Anniversary Update. Now, a lot of users have
been reporting about freezing issues after installing the Windows 10 Anniversary
Update on their PCs. Thankfully though, Microsoft is aware of the issue and are
working on addressing it. Find out more
[MSPOWERUSER.COM]

Incident Response
CYBER PAIN POINTS: Failure to Get Buy-In for Incident Response Plan (IRP) in the
Top 10! A recent report indicated that IRPs "are frequently developed from within
departmental silos, for example, within the organization's IT security function, and
do not address the considerations of business units or cross functional areas
needed to coordinate and operate together during a response." Read the Top 10
Incident Pain Points in Delta Risk's April 2016 report. Read more
[LEXOLOGY.COM]

Incident Response
FEDERAL GOVERNMENT: U.S. Government Announces Framework for Responding
to Critical Infrastructure Cyber Incidents. On July 26, 2016, the White House issued
the United States Cyber Incident Coordination Directive (Presidential Policy
Directive PPD-41, including an Annex). The Directive sets forth the principles
governing the Federal Government’s response to cyber incidents, including
incidents affecting private entities that are part of U.S. critical infrastructure. The
Directive is designed to improve coordination between government agencies and to
clarify inter-departmental involvement in response to a cyber incident. Find out
more
[DATAPROTECTIONREPORT.COM]

Incident Response
MANAGEMENT: Why Cybersecurity Is a Management Problem for Campaigns.
Republicans have made hay out of the Democrats’ recent hacking woes, but the
GOP isn't immune from cybersecurity breaches. Last week there were reports of
Russian hackers dumping emails from Republican campaigns and operatives. The
campaign community should follow that lead and demand that cybersecurity
receive real consideration by the candidates, mangers and chairmen and
chairwomen, and top aids and advisors. Read more
[CAMPAIGNSANDELECTIONS.COM]

Incident Response
SOLUTION: Orchestrating Security Intelligence for Faster and More Effective
Incident Response. Today’s sophisticated, targeted attacks, coupled with increasing
network complexity, mobility and the phenomenal growth of non-traditional
devices can present incredibly difficult challenges. Nobody can afford to have an
incident response system that isn’t using all of its intelligence and powers of
communication. A new type of cyber security solution is required - one that goes
well beyond traditional network access control (NAC) capabilities. Find out more
[ITPROPORTAL.COM]

Program Management
MICROSOFT: Microsoft Launches Planner, a Project-Management Tool Part of
Office 365. Microsoft has launched Office 365 Planner, a new project-
management tool for teams. The company will be rolling out Planner worldwide
to Office 365 users, including Office 365 Enterprise E1–E5, Business Essentials,
Premium, and Education subscription plans. The Planner tile will appear in your
Office 365 app launcher, meaning Office 365 admins don’t need to take any
action. Read more
[VENTUREBEAT.COM]

Program Management
NASA: When Project Management Really is Rocket Science: A Lesson from NASA.
A recent GAO assessment of major NASA projects shows that 18 of the
organization’s biggest projects received very positive reviews – with project
management receiving credit for some of that success. What has proven to be
extremely effective for NASA is utilizing standards and adapting tools and
processes to the needs of the agency, while satisfying considerations of such
leading practices as EVM, project costing, baseline establishment and blending
of engineering disciplines into projects. Read the rest
[FEDERALTIMES.COM]

Program Management
ADVICE: 6 Ways to Be a Better Project Manager. Project management is a
complex — and critical — function. Here are six pieces of advice to help project
managers improve their craft. Find out more
[CIO.COM]
IT CAREERS: What’s Going On with IT Hiring? Analysts have been generally
cautious this year about IT hiring trends. Although the unemployment rate for IT
professionals is about half the national average of 4.7%, said CompTIA, some
analysts use terms ranging from “modest” to “pre-recession” to describe IT
hiring. Read more
[COMPUTERWORLD.COM]

Search Technology
SOLR: Not Just For Text Anymore. When Solr came out, it was supposed to be an
OpenSource text search engine. Now it has a big place in Big Data. Read what
Ness's CTO, Moshe Kranc has to say about how it has evolved. Read more
[DZONE.COM]
INGALLS: Spring Data 'Ingalls' Release Train Leaves Station. The Spring Data team
has announced the first milestone release of the Ingalls Release Train. This
coordinated release of subprojects under the Spring Data umbrella ships with 230
fixes and a number of new features. Find out more
[ADTMAG.COM]

Search Technology
GOOGLE: Announces New Cloud Natural Language API While Cloud Search API Goes
Beta. Google says that the Cloud Natural Language API gives developers access to
three Google-powered engines– sentiment analysis, entity recognition, and syntax
analysis. The service is currently available in open beta and is based on the
company’s natural language understanding research. It will initially support three
languages– English, Spanish and Japanese and will help developers reveal the
structure and meaning of your text in the given language. Read more
[THETECHPORTAL.COM]
AMAZON: Amazon EC2 Container Service Now Supports Networking Modes and
Memory Reservation. Docker networks provide isolation for your containers. It is
important to have control over the networks your applications run on. With
Amazon ECS, you can now specify an optional networking mode for your containers
that cater towards different use cases. Find out more
[DABCC.COM]

Application Development
IoT: Why App Development Is The Key To Unlocking The IoT Vault. Solution
providers are positioning themselves for success in the lucrative Internet of Things
market by bolstering their application development teams. Companies bringing IoT
solutions to market face several hurdles, including interoperability, security and
data management challenges – and staffing up with IoT application developers is
critical for tackling these issues. Read more
[CRN.COM]
SDKS: How Imaging SDKs Can Solve Today’s Application Development Challenges. In
a mobile-first world, developers understand the importance of creating a next-
generation app that fits in with client or user expectations. Developers should
consider the myriad of SDK options if they want to improve functionality for the
user, especially imaging SDKs. Although they are a niche market, these SDKs can
add better imaging capabilities and target industry-related problems that
companies are trying to tackle. Find out more
[SDTIMES.COM]

Application Development
SECURITY: Application Security Requires More Talk Than Tech. If you think
application security only involves installing a tool, or scanning a few apps and
moving on, you’re wrong. Application security is a unique security initiative, and its
success hinges on people as much as technology. Read more
[INFOWORLD.COM]
SPEED: How to Speed Enterprise App Development and Meet Digital
Transformation Demands. Low-code platforms are key in accelerating digital
transformation with rapid application development. Find out more
[INFORMATION-AGE.COM]

BYOD
EMC/DELL MERGER: BYOD May Be Coming to an End at EMC as Dell Merger Looms.
As Dell and EMC prepare to complete their merger, EMC purportedly issued a
statement insisting that customers of the two companies only see Dell laptops during
meetings and consulting engagements. EMC workers that use Apple products as part
of that company’s existing BYOD policy will need to leave them at the office,
according to the report. Read the rest
[CIODIVE.COM]
FEDERAL GOVERNMENT: Federal Government Exec Gives Advice on Enterprise BYOD
Implementations. Josh Moulin, a chief information security officer (CISO) for a
federal US national security agency, has detailed in a post the process of a proposal
to move an agency to BYOD – and why it was eventually disallowed. Find out more
[APPSTECHNEWS.COM]

BYOD
MARINE CORPS: Marines Work to Join Enterprise Network to JIE. The Marine Corps
expeditionary mission set continues to challenge efforts to join the Corps with the
Department of Defense’s Joint Information Environment (JIE). In a further effort to
align its present networking policies with those of JIE, the Corps is taking a hard look
at Bring Your Own Device, or BYOD. The service is moving forward on a pilot project
which will use drive certificates as a means to create secure software containers on
some 250 test mobile devices by the end of the fiscal year. Read more
[GOVTECHWORKS.COM]

BYOD
ENTERPRISE: Enterprise Mobility: BYOD, EMM, and New Security Approaches.
Today’s enterprise employees increasingly expect to be productive wherever they
may be, on whatever device they choose, which raises multiple management and
security issues for IT departments. The Ponemon Institute’s 2016 survey report
reveals some telling insights about enterprise mobile security — many of them
clearly driven by the BYOD trend of recent years. Read more
[ZDNET.COM]

Big Data
SPARK: Big Data Brawlers: 4 Challengers to Spark. Spark isn’t the only option for
handling big data at scale and in memory. Here are four projects…Apache Apex,
Heron, Apache Flink & Onyx…emerging as possible competition for Spark, with new
approaches to handling the conventional in-memory batch processing Spark is
famous for and the streaming Spark continues to work on. Read the rest
[INFOWORLD.COM]
LATEST NEWS: Big Data Roundup. Microsoft has infused Office 365 with machine
learning. Tableau is putting data visualization control back in IT hands. GE is
supplying an IoT developer kit for its Predix offering. Snowflake Computing has
updated its cloud-based data warehouse, and Teradata has acquired Big Data
Partnership. Find out more
[INFORMATIONWEEK.COM]

Big Data
FEDERAL AGENCIES: Ransomware Moves to the Big Time For a Long Time. As
ransomware exploits and their perpetrators become more sophisticated,
ransomware is climbing up the ladder – moving beyond targeting local agencies for
a few hundred dollars and into the federal ranks and beyond. Read more
[GCN.COM]
CUSTOMER SERVICE: Can We Stop Talking About Big Data And Start Talking About
Business And Customer Outcomes? Recently, the business world has been awash
with stories about the possibilities and applications of big data, analytics,
automation and artificial intelligence technologies. However, when reading many of
these stories, reports, case studies and pieces of research, you may find yourself
slightly conflicted by it all. Here are a few examples that illustrate the growing
sophistication, application and potential of these technologies. Read more
[FORBES.COM]

Mobile Applications
INDUSTRY INSIGHT: Federal BYOD: The Mobile Security Conundrum. While the
private sector has been quick to establish Bring-your-own-device policies, the public
sector has lagged behind because of security and privacy concerns. Despite several
initiatives — including a White House-issued BYOD toolkit and two National
Institute of Standards and Technology documents (800-124 and 800-164) giving
guidance on securing devices that connect with government networks — many
federal agencies are still reluctant to establish BYOD policies. This is largely due to a
number of common threats linked to mobile devices. Read more
[GCN.COM]
LOCAL MOBILE: Naperville, Illinois Integrates Life-Saving Mobile App Into Its
Services. Tapping into the proximity and talents of nearby CPR-certified volunteers,
the city’s PulsePoint app is Uber-ifying emergency services. Find out more
[STATETECHMAGAZINE.COM]

Mobile Applications
NIST: First to Ask: ‘What is Internet of Things Anyway?’ When computer scientist
Jeffrey Voas set out to determine the security implications of the Internet of Things
for the National Institute of Standards and Technology, he ran into an unusual
complication. Read more
CHECKLIST: Defining Your Mobile Application Architecture. Many mobile projects
are agile, and application development begins without having an architecture
strategy in place. Given the wide range of technology available in the mobile space
and the rapidly evolving nature of a mobile enterprise, it is important to go through
a process to define the application architecture blueprint. Find out more
[MOBILEBUSINESSINSIGHTS.COM]

Personnel Management
STAFF RETENTION: 16 Ways to Retain Technical Staff. A recent study indicates that
companies in the IT industry (amongst the Fortune 500) experience the highest
turnover rate. Good employees quit because they feel undervalued, underwhelmed,
underpaid, or overworked. As a result, employee turnover is costing your
organization more time and money than you think. Believing that technical
employees are “replaceable” may appear to be satisfactory to some firms. In the long
term, however, you may sacrifice more than money; customer satisfaction, business
knowledge, and team morale. Read more
[BLUEMT.COM]

BEST PRACTICES: Managing a Software-as-a-Service Vendor Relationship. Here are
eight tips to make sure your company gets the most out of a SaaS vendor, from the
beginning to the end of the relationship. Find out more
[ZDNET.COM]
LEADERSHIP: How Minimizing Management Supervision Can Maximize Employee
Performance. What if, instead of stretch goals, employees were given goals that only
specify the minimum level of performance outcomes required, and leave everything
else loose or undefined? Sounds impractical, even crazy? Not really if you consider
what’ s changing in today’s workforce. Read more
[FORBES.COM]

REMOTE TEAMS: 13 Tips for Successfully Managing Remote Teams. The advantages
to working remotely are plentiful for telecommuting workers, which include
increased productivity, greater work-life balance, more efficient time management,
fewer out-of-pocket costs, and less stress. Implementing a remote workforce doesn’t
come without its challenges, however. There are four key areas to consider when
building and successfully managing your remote team. Find out more
[REMOTE.CO]

Programming & Scripting Development
Client & Server-Side

JAVASCRIPT: HyperLoop Lets You Access All Native Mobile API’s Using Javascript.
With Hyperloop, the need for OS-specific modules disappears. What happens as
the platform vendors release new versions and APIs? Those too are instantly
available via Hyperloop. Read more
[APPDEVELOPERMAGAZINE.COM]
JAVA: Microservices, Java-on-Java Top Oracle’s JVM Design Goals. Oracle’s plans for
the Java Virtual Machine include greater language support, as well as
accommodations for microservices and a heavier reliance on Java programming
itself. Read the rest
[INFOWORLD.COM]

VIDEO: C# Today and Tomorrow. In this video, Mads Torgersen discusses how C# is
evolving, how the teams work in the open source space, and some of the future
features and changes to the language (C# 7). Read more
[INFOQ.COM]
HTML5: Google Nixes Flash, Embraces HTML5 in Chrome Browser. Adobe’s Flash
Player, a stalwart technology for rich Internet media applications for years,
continues to lose its prominence, with Google set to designate HTML5 as the
preferred option in its Chrome browser. In December, Chrome 55 will make HTML5
the browser’s default experience, except with sites that only support Flash. Google
says that HTML5, often seen as the industry-standard replacement for proprietary
technology like Flash, will give performance benefits. Find out more
[INFOWORLD.COM]

JAVA: HTTP/2 Client - Java 9. The web has changed a lot since the 90s. With Java 9,
the developers have updated the HTTP-API in the JDK and come up with an entirely
new API for HTTP/2 and Websocket. This new API will replace the old
HTTPURLConnection API, which is as old as HTTP/1.1 itself. Read more
[BLOG.OIO.DE]
HTML5 & SEO: HTML5 Is Not a Google Ranking Factor. SEOs are always looking for
that extra edge to help their Google rankings, and there have been a few who
claimed that switching to HTML5 led to increased rankings in Google. Google had
said as far back as 2010 that HTML5 was not any kind of ranking signal, so it is
likely other reasons that led to the increased rankings in those cases. Along those
same lines, having valid HTML is not a ranking factor either. Find out more
[THESEMPOST.COM]

JAVASCRIPT: Nginx Web Server Upgrade Focuses on Web Security, JavaScript
Configuration. Nginx Plus Release 10 adds a web app firewall, IP transparency, and
support for the nginScript configuration and control language. Nginx Plus Release
10 also introduces JavaScript-based scripting for configuration, IP transparency,
and DSR (Direct Server Return) load-balancing. Read more
[INFOWORLD.COM]
VISUAL STUDIO: Version 15 Preview 4 Adds TypeScript, C++ Improvements.
Microsoft's fourth preview of its Visual Studio IDE is anchored by a smaller, faster
installation as well as improvements in TypeScript and C++ development. Also
offered are a revamped Start Page and bug fixes. Find out more
[INFOWORLD.COM]

Cloud Computing
AMAZON: Amazon Enjoys Comfortable Lead in the Cloud Infrastructure Services
Market. Amazon’s competition is growing at a rapid clip. Yet, despite their progress, it
may be a long while before the company’s rivals unseat the cloud-computing giant.
Read the rest
[DATAMATION.COM]
PRICING: Cloud Computing Pricing – Beware the Bill Shock. Do you really know what
you’re paying for when it comes to your cloud package? Cloud services have many
advantages, and can save your organization money — but there are also potential
pitfalls and additional costs to watch out for. Find out more
[ZDNET.COM]

Cloud Computing
GOOGLE: Races to Catch Up in Cloud Computing. When it comes to cloud
computing, Google is in a very unfamiliar position: seriously behind. Google is
chasing Amazon and Microsoft for control of the next generation of business
technology, in enormous cloud-computing data centers. Cloud systems are cheap
and flexible, and companies are quickly shifting their technologies for that
environment. According to analysts at Gartner, the global cloud-computing business
will be worth $67 billion by 2020, compared with $23 billion at the end of this year.
Read more
[NYTIMES.COM]

Cloud Computing
GROWTH: Cloud Growth is Amazing, But Still A Small Part of Overall IT Spending.
The financial results that the big cloud leaders reported over the past couple of
weeks show that cloud computing is growing at an amazing clip. While that makes
complete sense, it still seems clear that cloud computing has a long way to go. Read
more
[FORWARDTHINKING.PCMAG.COM]

Personal Tech
GOOGLE: Personalized Traffic Alerts From Google. Google pulls in traffic data from
multiple sources for its Maps app, including information from police and local
transportation departments. Many reports concerning real-time events – like cars
stopped on the highway shoulder, debris on the road, construction, congestion
and accidents – come from the users of its Waze service. Read more
[NYTIMES.COM]
MOBILE PHONES: Give Old iPhones and iPads a New Lease on Life. Save money
and spare landfills by putting old smartphones and tablets to work as home
security systems, picture frames, alarm clocks and more. Read more
[WSJ.COM]

Personal Tech
OFF TO COLLEGE: Maybe These Devices Should Go Along. Back-to-school shopping
for technology gadgets has become increasingly complex for parents. In the past, the
dilemma for most students was whether to get a Windows PC or a Mac. Now,
because of a proliferation of different computing forms with the rise of mobile
devices, the debate has shifted toward whether to buy a computer or a tablet – and
which operating system on top of that. Here’s a guide to some of the best back-to-
school products, including computers, mobile devices, audio accessories and food
gadgets. Find out more
[NYTIMES.COM]

Personal Tech
PRESENTATIONS: The Best Apps for Improving Your Public Speaking. Americans
supposedly fear it more than death: public speaking. Does your smartphone hold
the cure? Now there are apps that can help shore up the delivery: settle your nerves
a bit, keep you within your time limit, help you to not get lost. You can also
download a teleprompter onto your phone. Find out more
[TOPTECHNEWS.COM]

IT Security | Cybersecurity
CYBER GRAND CHALLENGE: Supercomputers Give a Glimpse of Cybersecurity’s
Automated Future. Giant refrigerator-sized supercomputers battled each other in a
virtual contest to show that machines can find software vulnerabilities. The result:
the supercomputers time and time again detected simulated flaws in software. It
represents a technological achievement in vulnerability detection, at a time when it
can take human researchers on average a year to find software flaws. The hope is
that computers can do a better job and perhaps detect and patch the flaws within
months, weeks, or even days. Read the rest
[INFOWORLD.COM]

FEDERAL GOVERNMENT: OPM Lays Out Timeline for ID’ing Cybersecurity Workforce.
The Office of Personnel Management laid out new requirements for agencies to
comply with the Federal Cybersecurity Workforce Assessment Act. The law, which
was packaged in December’s budget bill, calls on OPM to help agencies identify IT
and cybersecurity positions throughout the federal government, classifying them to
keep better track of vacancies and required certifications for those employees. Find
out more
[FEDERALTIMES.COM]

ADVISER: Cybersecurity Tips for Every Business. Every business faces its own
information security risks. Here are 13 common principles at the heart of any
enterprise’s information security profile. The order is not necessarily important, but
a comprehensive approach is. Read more
[CRAINSCLEVELAND.COM]
ELECTRONIC VOTING: US Cyber Pros Say Hackers Could Hit Electronic Voting
Machines Next. U.S. cyber security professionals say suspected foreign hackers who
recently attacked computer systems of the Democratic Party could do something
even more sinister in the future. The cyber pros said U.S. electronic voting systems
are likely to be among the next targets. Read more
[VOANEWS.COM]

From the Blue Mountain Data Systems Blog
Three-Dimensional Governance for the CIO
https://www.bluemt.com/three-dimensional-governance-for-the-cio
7 Reasons to Take Control of IT Incidents
https://www.bluemt.com/7-reasons-to-take-control-of-it-incidents/
Breach Mitigation Response Time Too Long, Survey Says
https://www.bluemt.com/breach-mitigation-response-time-too-long-survey-
says/
Six Tactics for Cyberdefense
https://www.bluemt.com/six-tactics-for-cyberdefense/

Feds Report Mixed Responses to Shared Services
https://www.bluemt.com/feds-report-mixed-responses-to-shared-services
Federal Employees Are Not Security Experts
https://www.bluemt.com/federal-employees-are-not-security-experts
Survival Guide for Network Administrators
https://www.bluemt.com/survival-guide-for-network-administrators
DBaaS: OpenStack Trove Changes DB Management
https://www.bluemt.com/dbaas-openstack-trove-changes-db-management

Help Wanted: Certified Cybersecurity Professionals
https://www.bluemt.com/help-wanted-certified-cybersecurity-professionals
Cyber Threat Intelligence Integration Center Preview
https://www.bluemt.com/cyber-threat-intelligence-integration-center-preview/
Cloud Moves in 1-2-3
https://www.bluemt.com/cloud-moves-in-1-2-3/
Change Management for Disaster Recovery
https://www.bluemt.com/change-management-for-disaster-recovery/

Jeffersonian Advice For C-Suite Career Advancement
https://www.bluemt.com/jeffersonian-advice-for-c-suite-career-advancement/
Ways To Survive The “Mobile-Pocalypse”
https://www.bluemt.com/ways-to-survive-the-mobile-pocalypse/
Microsoft Cloud Services Receive FedRAMP Authority to Operate
https://www.bluemt.com/microsoft-cloud-services-receive-fedramp-authority-
to-operate/
Hiring Pentesters? Here Are 10 Things You Need to Know
https://www.bluemt.com/hiring-pentesters-here-are-10-things-you-need-to-
know/

Home Router Malware Alert
https://www.bluemt.com/home-router-malware-alert/
Threat Model Deconstruction
https://www.bluemt.com/threat-model-deconstruction/
Business Email Scam Nets $214 Million
https://www.bluemt.com/business-email-scam-nets-214-million/
How to Prevent Unauthorized Software from Taking Over Your Organization
https://www.bluemt.com/the-cios-guide-to-happy-end-users-2/

Digital Marketing Predictions for 2015
https://www.bluemt.com/digital-marketing-predictions-for-2015/
SDN: Network Administrator’s Friend or Foe?
https://www.bluemt.com/sdn-network-administrators-friend-or-foe/
Mobile Payments: A Must for Federal Agencies
https://www.bluemt.com/mobile-payments-a-must-for-federal-agencies/
Soft Skills Are A Must-Have For Careers In IT
https://www.bluemt.com/soft-skills-are-a-must-have-for-careers-in-it/

Security Risks Most Prevalent in Younger Workers
https://www.bluemt.com/security-risks-most-prevalent-in-younger-workers/
The Security World’s Maturation
https://www.bluemt.com/the-security-worlds-maturation/
Data Breach Concerns Keep CISOs Up At Night
https://www.bluemt.com/data-breach-concerns-keep-cisos-up-at-night/
Personalized Govt Equals Instant Gratification for Citizens
https://www.bluemt.com/personalized-govt-equals-instant-gratification-for-
citizens/

People-Centric Security
https://www.bluemt.com/people-centric-security/
Pentagon Tries BYOD To Strike Work/Life Balance
https://www.bluemt.com/pentagon-tries-byod-to-strike-worklife-balance/
Open Source Model Considered for MS Windows
https://www.bluemt.com/open-source-model-considered-for-ms-windows/
Open Internet: To Be or Not to Be?
https://www.bluemt.com/open-internet-to-be-or-not-to-be/

Malware Stays A Step Ahead Infecting One Third of Websites
https://www.bluemt.com/malware-stays-a-step-ahead-infecting-one-third-of-
websites/
Machine-Generated Data: Potential Goldmine for the CIO
https://www.bluemt.com/machine-generated-data-potential-goldmine-for-the-
cio/
Government Legacy Programs: Reuse vs. Replacement
https://www.bluemt.com/government-legacy-programs-reuse-vs-replacement/
It Takes a Whole Village to Protect Networks and Systems
https://www.bluemt.com/it-takes-a-whole-village-to-protect-networks-and-
systems/

Governance For the CIO
https://www.bluemt.com/governance-for-the-cio/
Help Desk Consolidation – Lessons Learned
https://www.bluemt.com/help-desk-consolidation-lessons-learned/
One Year Later, Companies Still Vulnerable to Heartbleed
https://www.bluemt.com/one-year-later-companies-still-vulnerable-to-
heartbleed/
Federal Projects Cultivate Worker Passion
https://www.bluemt.com/federal-projects-cultivate-worker-passion-2/

ABOUT US
Blue Mountain Data Systems Inc.
Blue Mountain Data Systems Inc. is dedicated to application
and systems development, electronic document management,
IT security support, and the automation of workflow processes.
Read more about our experience here:
>> http://bluemt.com/experience

Recent Experience
U.S. Dept. of Labor
Employee Benefits Security Administration
1994 to Present
Responsible to the Office of Technology and Information Systems for information
systems architecture, planning, applications development, networking,
administration and IT security, supporting the enforcement of Title I of the
Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue
Mountain is responsible for design, development and support for its various
enforcement database management systems, as well as all case tracking and
customer service inquiry systems. Blue Mountain also provides IT security services
to the EBSA, in the form of FISMA Assessment and Authorization, System Security
Plans, Risk and vulnerability assessments, monitoring and investigation support.

MANAGEMENT
Paul T. Vesely
Founder, President, CEO and Principal Architect
Mr. Vesely is a recognized thought leader in systems
architecture and delivery, having designed and
delivered many enterprise wide information and
document management solutions. Mr. Vesely’s history
includes 33 years experience in the information
systems industry, with Unisys, Grumman, PRC and a
host of clients in both government and private sectors.

CONTACT US
Contact Us Today to Discuss Your Next IT Project
HEADQUARTERS
366 Victory Drive
Herndon, VA 20170
PHONE 703-502-3416
FAX 703-745-9110
EMAIL
paul@bluemt.com
WEB
https://www.bluemt.com

Tech Update Summary from Blue Mountain Data Systems August 2016

Recommended

Recommended

More Related Content

Viewers also liked

Viewers also liked (13)

More from BMDS3416

More from BMDS3416 (7)

Recently uploaded

Recently uploaded (20)

Tech Update Summary from Blue Mountain Data Systems August 2016