Successfully reported this slideshow.

Tech Update Summary from Blue Mountain Data Systems April 2017

1

Share

1 of 100
1 of 100

Tech Update Summary from Blue Mountain Data Systems April 2017

1

Share

Download to read offline

April 2017: For CTOs, CIOs & CISOs Every business day, we publish a Daily Tech Update for Federal & State CTOs ,CIOs & CISOs on the Blue Mountain Data Systems Blog. We hope you will visit our blog for the latest information >> https://bluemt.com/blog/

April 2017: For CTOs, CIOs & CISOs Every business day, we publish a Daily Tech Update for Federal & State CTOs ,CIOs & CISOs on the Blue Mountain Data Systems Blog. We hope you will visit our blog for the latest information >> https://bluemt.com/blog/

More Related Content

Related Books

Free with a 14 day trial from Scribd

See all

Related Audiobooks

Free with a 14 day trial from Scribd

See all

Tech Update Summary from Blue Mountain Data Systems April 2017

  1. 1. Blue Mountain Data Systems Tech Update Summary April 2017
  2. 2. For CTOs, CIOs & CISOs Visit Blue Mountain Data Systems https://www.bluemt.com
  3. 3. For CTOs, CIOs & CISOs Every business day, we publish a Daily Tech Update for Federal & State CTOs ,CIOs & CISOs on the Blue Mountain Data Systems Blog. We hope you will visit our blog for the latest information. You can also receive these updates via email. Click here to subscribe. Here’s the summary of the Daily Tech Updates for April 2017. Hope the information and ideas prove useful. Best, Paul Vesely President and Principal Architect Blue Mountain Data Systems Inc.
  4. 4. Encryption
  5. 5. Encyption FEDERAL GOVERNMENT: Suing to See the Feds’ Encrypted Messages? Good Luck. The conservative group Judicial Watch is suing the Environmental Protection Agency under the Freedom of Information Act, seeking to compel the EPA to hand over any employee communications sent via Signal, the encrypted messaging and calling app. In its public statement about the lawsuit, Judicial Watch points to reports that EPA staffers have used Signal to communicate secretly, in the face of an adversarial Trump administration. But encryption and forensics experts say Judicial Watch may have picked a tough fight. Delete Signal’s texts, or the app itself, and virtually no trace of the conversation remains. “The messages are pretty much gone,” says Johns Hopkins crypotgrapher Matthew Green, who has closely followed the development of secure messaging tools. “You can’t prove something was there when there’s nothing there.” Find out more [WIRED.COM]
  6. 6. Encyption WHY: We Need to Encrypt Everything. Many major websites already encrypt by default. Here’s why encryption and multifactor authentication should be everywhere. Find out more [INFOWORLD.COM] NEWS: Make Encryption Ubiquitous, Says Internet Society. The Internet Society has urged the G20 not to undermine the positive role of encryption in the name of security, claiming it should provide the foundation of all online transactions. Find out more [INFOSECURITY-MAGAZINE.COM]
  7. 7. Encyption FBI: $61M to Fight Cybercrime, Encryption in Trump Budget Proposal. President Donald Trump’s budget blueprint for the federal government proposes a $61 million increase for the FBI and Justice Department in fiscal 2018 to better track terrorist communications and combat cybercriminals. Find out more [FEDSCOOP.COM]
  8. 8. Encyption ENCRYPTION: Usage Grows Again, but Only at Snail’s Pace. Deployment pains and problems with finding data in the corporate maze are being blamed for business’ lack of interest in crypto. Read more [ZDNET.COM] ATTACKS/BREACHES: The Long Slog To Getting Encryption Right. Encryption practices have improved dramatically over the last 10 years, but most organizations still don’t have enterprise-wide crypto strategies. Read the rest [DARKREADING.COM]
  9. 9. Encyption ENTERPRISE: Keeping the Enterprise Secure in the Age of Mass Encryption. How can businesses ensure enterprise security in a world with mass encryption, given Mozilla’s revelations recently that over half of webpages loaded by Firefox use HTTPS. Find out [INFORMATION-AGE.COM] READ: Encryption Won’t Stop Your Internet Provider From Spying on You. Data patterns alone can be enough to give away what video you’re watching on YouTube. A 2016 Upturn report sets out some of the sneaky ways that user activity can be decoded based only on the unencrypted metadata that accompanies encrypted web traffic—also known as “side channel” information. Read more [THE ATLANTIC.COM]
  10. 10. Databases
  11. 11. Databases FPGAs: Shaking Up Stodgy Relational Databases. So you are a system architect, and you want to make the databases behind your applications run a lot faster. There are a lot of different ways to accomplish this, and now, there is yet another – and perhaps more disruptive – one. Read more [NEXTPLATFORM.COM] DATA BREACHES: If You Want to Stop Big Data Breaches, Start With Databases. Over the past few years, large-scale data breaches have become so common that even tens of millions of records leaking feels unremarkable. One frequent culprit that gets buried beneath the headlines? Poorly secured databases that connect directly to the internet. Read the rest [WIRED.COM]
  12. 12. Databases TRENDS: Top Databases in 2017: Trends for SQL, NoSQL, Big Data, Fast Data. What are the most in demand tools for data storage and processing this year? Find out [JAXENTER.COM] IBM: Jumps on Bandwagon for Cloud Databases. Responding to what it says is growing demand for deploying SQL databases in the cloud, IBM this week rolled out a transactional database as a service on its SoftLayer cloud infrastructure. The move reflects the steady advance of cloud-native data platforms along with a growing number of analytics and transaction databases provisioned in the cloud. Read more [ENTERPRISETECH.COM]
  13. 13. More About Blue Mountain BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S. Dept. of Labor, Employee Benefits Security Administration. Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support. Read more.
  14. 14. Electronic Document Management
  15. 15. Electronic Document Management SECURE DOCUMENTS: 18 Ways to Secure Your Electronic Documents. Electronic Document Management Systems (EDMS) are electronic repositories designed to provide organized, readily retrievable, collections of information for the life cycle of the documents. How can you keep these electronic files secure during the entire chain of custody? Here are 18 security suggestions. Read more [BLUEMT.COM] LEGAL DEPT DOCUMENT MANAGEMENT: Investing in New Technologies: How Corporate Legal Departments Are Leading the Way. Many departments are looking to technology to assist with automation of processes, resource and budgetary management, and tracking. Connie Brenton, co-founder of Corporate Legal Operations Consortium (CLOC), a non-profit association of legal operations executives, explains, “Corporate executives expect the GC’s office to be a business counselor to the firm, and to discuss numbers, data and analytics. Efficiency is now essential for legal departments, and this has advanced software’s role and accelerated technology adoption.” Find out more [INSIDECOUNSEL.COM]
  16. 16. Electronic Document Management CFPB: Looks to Embrace Cloud for Email, Office Application Needs. The Consumer Financial Protection Bureau wants to move to a public cloud setup for some of its core enterprise apps. The financial watchdog agency recently sent out a Request for Information (RFI) on the process, technical requirements and costs of moving to cloud services in fiscal year 2017. CFPB wants to establish a more complete understanding on the costs associated with moving fully to a cloud solution for email and office applications (e.g., documents, spreadsheets, presentations, SharePoint and more).Read the rest [FEDTECHMAGAZINE.COM]
  17. 17. Electronic Document Management ROI: 4 Ways Business Document Management Software Can Save You Money. Lisa Croft, Group Product Marketing Manager at Adobe Document Cloud, talks about the many ways business document management can save your company time, space, and more importantly, loads of money. Here are the four most obvious ways these tools provide excellent return-on-investment. Read more [PCMAG.COM]
  18. 18. Security Patches
  19. 19. Security Patches MOBILE: March Android Security Update Breaks SafetyNet, Android Pay. An issue with the March Android over-the-air security update has been resolved after Nexus 6 users complained that Android Pay no longer worked after installation of the update. The update in fact broke Android’s SafetyNet API which provides a constant check on device integrity, blocking access to certain features – such as Android Pay – if it believes a device has been rooted. A Google representative confirmed to Threatpost that the issue was resolved and the OTA update re-issued, even for devices that had already installed the bad update. Find out more [THREATPOST.COM]
  20. 20. Security Patches ADOBE: Flash Player New Security Update. On March 14, Adobe Flash Player users should receive a new security update instead of the February patches. This is because Microsoft has engaged to its earlier plan to defer and deliver the updates at a later date even if the security patches are now available. On February 2017, Adobe has addressed the issue and found a solution in which a patch was able to deal with the security problem. For this reason, users are given access to both MS17-005 Security Update for the Adobe Flash Player. This is due to the update from Adobe and the provision by Microsoft. This vulnerability has been considered a critical issue due to the permission that it can grant the attackers. In a report by security specialists, such a vulnerability indicates that attackers are granted control of the machine that was infected. This is in the sense that they are allowed to send remote commands.. Find out more [TNHONLINE.COM]
  21. 21. Security Patches SECURITY: After CIA Leaks, Tech Giants Scramble to Patch Security Flaws. Apple, Microsoft, and Google are analyzing leaked CIA documents to see if their products are affected, but security researchers say that most of the flaws have long been fixed. Find out more [ZDNET.COM] CMS: WordPress Finally Patches 6 Glaring Security Issues. WordPress is the most popular CMS in the world – and the most hacked. Just last month, hackers engaged in a “feeding frenzy” at the expense of WordPress sites across the web, exploiting a vulnerability found in the WP REST API plugin. After patching that security issue, Automattic, the company behind WordPress, rolled out yet another security patch this week in the form of WordPress 4.7.3. Find out more [CMSWIRE.COM]
  22. 22. Security Patches ORACLE: Oracle Releases Nearly 300 Security Patches. Apache Struts fixes take the lead in the patch-Tuesday, which also includes fixes for various Shadow Brokers leaks. Read more [SCMAGAZINE.COM] MICROSOFT: Patch Tuesday New Security Update Guide Gets Mixed Reviews. Microsoft’s April Patch Tuesday finally revealed the company’s new approach in rolling out and informing the industry on the security updates for the month and at best has received mixed reviews from several industry insiders. Read the rest [SCMAGAZINE.COM]
  23. 23. Security Patches ANDROID: Pixel XL Devices Accidentally Receive ‘Googlers-only OTA’ of Next Android Security Update. Google frequently uses their employees to dogfood updates before they are released to the public. Earlier this evening, a “confidential Googlers-only OTA” appears to have inadvertently been pushed to some Pixel XL devices. Find out [9TO5GOOGLE.COM] READ: Shadow Brokers Lessons…First, Don’t Panic. If you’re worried about zero- days and hacking tools but not outdated software and obsolete systems in your network, then you’re doing security wrong. Read more [INFOWORLD.COM]
  24. 24. CIO, CTO & CISO
  25. 25. For the CIO, CTO & CISO CIO: Federal CIOs’ 5 Key Steps to IT Modernization. There’s an urgent need to modernize federal agencies’ technology. At least two-thirds – and in some cases more – of the federal IT budget in recent years has gone toward the operations and maintenance of outdated legacy systems that are often older than some of the personnel in charge of their upkeep. Find out more [FEDSCOOP.COM] CTO: White House Selects Deputy CTO From Peter Thiel’s Rolodex. One of PayPal’s cofounders and early Facebook investor Peter Thiel’s aides will step into the role of White House deputy chief technology officer. The White House tapped Michael Kratsios, principal and chief of staff at Thiel Capital, for the post in the Office of Science and Technology, according to Politico. Kratsios’ prior roles include chief financial officer and chief compliance officer at Clarium Capital Management – another Thiel-funded investment firm – and roles as an analyst at Lyford Group International and Barclays Capital. Find out more [NEXTGOV.COM]
  26. 26. CIO, CTO & CISO CISO: Think Like a Hacker, Says Former CISO. “We need to think like a hacker” to protect federal networks, Greg Touhill said at a March 30 cybersecurity conference in Washington. “We haven’t even been thinking like an accountant” when it comes to federal IT, he said. “We need to do a bit of both” to maximize security and efficiency for the federal networking dollars. Find out more [FCW.COM] INSIGHTS: Acting CIOs May Slow Government Technology Push. A lack of action by the Trump administration has left 10 of 25 federal chief information officer positions vacant, which may slow plans to upgrade cybersecurity and information technology systems across the federal government. Find out more [ABOUT.BGOV.COM]
  27. 27. Penetration Testing
  28. 28. Penetration Testing BEWARE: Penetration Tests Are Being Ignored by Enterprises Living Dangerously. Organizations are ignoring the recommendations of penetration testers, even when they find serious vulnerabilities in their clients’ systems, according to the Black Report from Nuix. Find out more [SCMAGAZINEUK.COM] SECURITY: Apache Struts Vulnerability Under Attack. An easy-to-exploit remote code execution flaw discovered in the widely used open-source Apache Struts 2 framework has been patched, but that’s not stopping attackers from attempting to exploit vulnerable systems. Find out more [EWEEK.COM]
  29. 29. Penetration Testing FINANCIAL: Testing Finds ‘100 Percent’ of Mobile Banking Apps Hackable. Mobile banking applications produced by 50 of the world’s largest 100 banks were all vulnerable to hacking attacks which could allow password capture or surveillance of users, according to new research from a European mobile security outfit. Find out more [CYBERSCOOP.COM]
  30. 30. Penetration Testing LEARN: The Top 5 Security Functions To Outsource. There is a cybersecurity talent shortage. According to some sources, there are currently up to 200,000 unfilled security positions in the United States, and an estimated one million open positions globally. By 2019, experts say there could be 1.5 million unfilled cybersecurity jobs. Given this scarcity in the cybersecurity market, combined with the daunting task of staffing a diversely skilled security team, a prudent question is which security functions can be effectively outsourced for the short-, medium-, or long-term. Here are five of the most logical security areas to outsource. Find out more [FORBES.COM]
  31. 31. Open Source
  32. 32. Open Source READ: The Rise Of Open-Source Malware And IoT Security. With 2017 well underway, security professionals are scrambling to understand emerging cyberthreats that will be prevalent in the coming year, and the appropriate mitigation techniques. I’ve found that this is particularly true for communications service providers (CSPs), who have to protect their networks as well as business and consumer subscribers from attacks. While ransomware, data breaches and global hacking events will continue to grab headlines, a major area of focus in the cybersecurity world in 2017 will undoubtedly be internet of things (IoT) devices. Based on recent attacks, these devices seem easy to hack, and can be used to launch global attacks with devastating outcomes. Find out more [FORBES.COM]
  33. 33. Open Source DOD: New DOD Software Coding Will Increase Private-Sector Involvement. The Department of Defense (DOD) has unveiled a software coding initiative that could transform the creation and quality of DOD software projects, and the interactions between federal, private sector, and individual software developers. The initiative, known as Code.mil, is headed by the Defense Digital Service (DDS), a team representing DOD’s effort to increase public-private collaboration in the software industry. Code.mil represents the next step in this endeavor with its objective of connecting the vast amount of individual coding talent and skill with DOD software projects open to improvements. Find out more [DEFENSESYSTEMS.COM] CLONES: Welcome in Scientific Hardware. Learn why a firm is open sourcing their testing equipment. Find out more [OPENSOURCE.COM]
  34. 34. Open Source MICROSOFT: To Shut CodePlex Open Source Project Site. The company acknowledges that GitHub is the go-to option for project hosting and will shutter CodePlex at the end of this year. Find out more [INFOWORLD.COM] GIS: Unlocking Business Value with Open Source GIS. Proprietary geospatial software generally consists of subscriptions that determine how many data sources can be considered and how much it will cost to determine optimal routing. Open-source geospatial software, on the other hand, allows organizations to leverage geospatial data without incurring per-user, per-login or per-CPU cycle costs. Additionally, users are not penalized for increasing their number of users or conducting as much analysis as is required to determine ideal routing. Here’s a look at the most prominent benefits of open-source software. Find out more [DATA-INFORMED.COM]
  35. 35. Business Intelligence
  36. 36. Business Intelligence DISCOVER: 7 Forces Driving Modern Business Intelligence Growth. The number of organizations embracing business intelligence platforms continues to grow, but more focus is being placed on business-led, agile analytics and self-service features rather than IT-led system-of-record reporting. That is the finding of a recent study by Gartner, which looked at market trends in business intelligence and analytics overall, and differences between traditional BI investments and modern BI. Find out more [INFORMATION-MANAGEMENT.COM] GOOGLE: The AI Talent Race Leads Straight to Canada. America’s biggest tech companies are remaking the internet through artificial intelligence. And more than ever, these companies are looking north to Canada for the ideas that will advance AI itself. Find out more [WIRED.COM]
  37. 37. Business Intelligence READ: The Unmistakable Conviction of Visual Business Intelligence. Visual business intelligence represents the summation of BI’s time-honored journey from the backrooms of IT departments to the front offices of business analysts and C level executives alike. It seamlessly merges the self-service movement’s empowerment of the business via user-friendly technology with the striking data visualizations servicing everything from data preparation to analytics results. Find out more [KMWORLD.COM] NGA: Looks to “Reinvent security’ with Fast-Churn Cloud Architecture. To better protect the nation’s intelligence networks, the National Geospatial-Intelligence Agency is moving most of its IT operations to the cloud and looking to “reinvent security” in the process. Jason Hess, the NGA’s chief of cloud security, wants to take advantage of cloud’s flexibility to tear down the agency’s IT architecture and rebuild it every day so that would-be attackers will confront a confusing operating environment and enjoy limited time-on-target. Find out more [GCN.COM]
  38. 38. Operating Systems
  39. 39. Operating Systems WINDOWS 10: Is Windows 10 an Operating System or an Advertising Platform? Windows 10 has certainly gotten its share of lumps since it was released. Some users really liked it, while other detested the changes made by Microsoft. Windows 10 has proven to be a great example of beauty being in the eye of the beholder. One writer at BetaNews recently wondered if Windows 10 was an operating system or an advertising platform. Find out more [INFOWORLD.COM]
  40. 40. Operating Systems MOBILE: Android is Set to Overtake Windows as Most Used Operating System. After more than eight years in the hands of consumers, Android is poised to overtake Windows as the most used operating system in the world. This measurement comes by way of web analytics firm StatCounter, which follows trends in worldwide web traffic. Microsoft Windows holds the slimmest of margins over Android, and they could trade positions very soon if current trends continue. Find out more [EXTREMETECH.COM]
  41. 41. Operating Systems PERSONAL TECH: Just What Was in That iOS System Update? When you get the notice of a software update for iOS, there’s usually a link to read about the security content of the update. But where does Apple officially tell you about all other things that change in these upgrades? Find out more [NYTIMES.COM] LEARN: The Best Alternatives Operating Systems. For most people, the only operating systems they know of are Windows, macOS, Android and iOS. However, there are other operating systems you can consider. Here’s a list of six alternative operating systems for your review. Find out more [HACKREAD.COM]
  42. 42. Incident Response
  43. 43. Incident Response ENERGY DEPT: Exercise Reveals ‘Gaps’ in Major Cyber Incident Response. Department of Energy exercise last year found shortcomings in the way that federal, state and local governments would work with industry to respond to a major cyber incident affecting energy infrastructure on the East Coast. Read more [THEHILL.COM] OPINION: Complete Security Deception Includes Detection and Incident Response. Finding a threat solves only part of the problem. A complete deception solution will also enable better incident response. Read the rest [NETWORKWORLD.COM]
  44. 44. Incident Response BRIEFS: Threats, Violent Incidents at Federal Facilities Assessed. Read a recent CRS report examining violent incidents at federal facilities, including a tally of nearly 1,000 incidents in recent years that it says probably represents only a small portion of such incidents. Find out [FEDWEEK.COM] READ: Will Congress Help Fund New State and Local Cyber Programs? Back in early March, a bipartisan group introduced the State Cyber Resiliency Act. If passed and funded, the legislation would provide grants for state and local governments to improve cybersecurity protections and incident response. Here’s what you need to know. Read more [GOVTECH.COM]
  45. 45. Cybersecurity
  46. 46. Cybersecurity CITIES: As Cities Get Smarter, Hackers Become More Dangerous. This Could Stop Them. As governments create smarter cities, they need cybersecurity measures built from the ground up – or they risk costly data breaches which could compromise the privacy of their citizens. Find out more [CNBC.COM] FEDERAL GOVERNMENT: Looking to the Feds for Help in Fighting Cybercriminals. Cybercriminals are unrelenting in their attacks on state and local government computer networks, which contain detailed personal and business information — such as birth certificates, driver’s licenses, Social Security numbers and even bank account or credit card numbers — on millions of people and companies. Now, state and local officials are hoping Congress will give them some help in fending off the constant threat. Find out more [GCN.COM]
  47. 47. Cybersecurity INSURANCE: How AIG’s Cyber Security Gamble Could Pay Off. American International Group (AIG) has recently begun offering personal cyber security insurance plans to individuals. The company appears to be riding a wave of individuals’ fears about losing online data or having their bank accounts emptied, and should find success with wealthier customers who have a lot to lose. But it remains to be seen whether ordinary consumers will come to regard cyber security insurance as a necessary expense. Find out more [FORTUNE.COM]
  48. 48. Cybersecurity NIST: Must Audit Federal Cybersecurity Because DHS Isn’t, Hill Staffer Says. A senior House science committee staffer Friday defended controversial legislation expanding the authorities of the government’s cybersecurity standards agency, saying it’s necessary because other agencies aren’t stepping up to the job. The bill, which passed the committee nearly entirely with Republican support earlier this month, would direct the National Institute of Standards and Technology to audit agencies’ cyber protections within two years, giving priority to the most at-risk agencies. Find out more [NEXTGOV.COM]
  49. 49. Cybersecurity STATES: Rhode Island Names First State Cybersecurity Officer. Mike Steinmetz brings a wealth of public- and private-sector experience to the Ocean State, where he will serve as the first cybersecurity officer. Read more [GOVTECH.COM] MANAGEMENT: NASCIO Midyear 2017 – Cybersecurity, Agile Take Center Stage. Mitigating hacking attacks, implementing more nimble procurement methods and more will be explored at this year’s National Association of State Chief Information Officer’s Midyear Conference. Read the rest [STATETECHMAGAZINE.COM]
  50. 50. Cybersecurity WHY: You Must Build Cybersecurity Into Your Applications. One of the largest changes underway in the way we create software is that cybersecurity is no longer an afterthought, but instead is being built into every application. The challenge many companies face is how to keep up and make sure the software they create is just as safe as the products they buy. Find out [FORBES.COM] NETWORKS: Trump’s Cybersecurity Mystery: 90 Days In, Where’s the Plan? An executive order was shelved without explanation, and a promised cybersecurity report hasn’t materialized. Read more [NETWORKWORLD.COM]
  51. 51. Cybersecurity SECURITY: Greg Touhill’s Cyber Advice – Think Like a Hacker. DHS aims to get ahead of cybersecurity adversaries via automation tools, but the former U.S. CISO recommends a change of mindset as well. Read more [FEDTECHMAGAZINE.COM] OPINION: Here’s Why Agencies Shouldn’t Give Up on Firewalls. There has been a lot of talk lately about the death of the security perimeter for computer networks, which is an especially sensitive topic for the federal government that helped to create the concept. Everyone seems to think it’s now impossible within cybersecurity to draw a line and keep bad guys on one side and authorized users on the other. Read the rest [NEXTGOV.COM]
  52. 52. Cybersecurity ENTERPRISE: Keeping the Enterprise Secure in the Age of Mass Encryption. How can businesses ensure enterprise security in a world with mass encryption, given Mozilla’s revelations recently that over half of webpages loaded by Firefox use HTTPS. Find out [INFORMATION-AGE.COM] COMMENT: Securing the Government Cloud. What many government network defenders have forgotten is that security in a cloud environment is a shared responsibility. The cloud provider secures the internet and physical infrastructure, but the cloud customer is responsible for protecting its own data. FedRAMP and third-party certifications assure that the cloud provider is doing its part. But it is ultimately up to customers to ensure they’re taking steps to prevent, detect and respond to cyber adversaries during the attack lifecycle. Read more [FCW.COM]
  53. 53. Project Management
  54. 54. Project Management GUIDE: Scrum Agile Project Management: The Smart Person’s Guide. Here’s a go-to guide on scrum, a popular agile project management framework. You’ll learn scrum terminology, how to use the methodology in software and product development projects, and more. Find out more [TECHREPUBLIC.COM] TOOLS: 7 Project Management Tools Any Business Can Afford. There’s no shortage of project management solutions for mid-size and large businesses. Startups, though, have limited budgets and simply can’t afford high-priced project management software. Here are seven affordable options. Find out more [CIO.COM]
  55. 55. Project Management RISK: Open Source Project Management Can Be Risky Business. Learn how open source code is a huge factor in mitigating risk. Find out more [OPENSOURCE.COM] FEDERAL GOVERNMENT: Get on the Same Platform, CIO Council Urges. Taking a government-as-a-platform approach to IT service delivery by leveraging cloud- supported solutions can help modernize and digitize federal agencies, according to a new report from the CIO Council. Find out more [GCN.COM]
  56. 56. Project Management FITNESS TRACKING: Weight Loss On Your Wrist? Fitness Trackers May Not Help. Fitness trackers remain wildly popular, but do they make us fit? Maybe not, according to a study that asked overweight or obese young adults to use the tiny tracking tools to lose weight. Read the rest [NPR.ORG]
  57. 57. Application Development
  58. 58. Application Development IoT: Why App Development Is The Key To Unlocking The IoT Vault. Solution providers are positioning themselves for success in the lucrative Internet of Things market by bolstering their application development teams. Companies bringing IoT solutions to market face several hurdles, including interoperability, security and data management challenges – and staffing up with IoT application developers is critical for tackling these issues. Read more [CRN.COM] SDKS: How Imaging SDKs Can Solve Today’s Application Development Challenges. In a mobile-first world, developers understand the importance of creating a next- generation app that fits in with client or user expectations. Developers should consider the myriad of SDK options if they want to improve functionality for the user, especially imaging SDKs. Although they are a niche market, these SDKs can add better imaging capabilities and target industry-related problems that companies are trying to tackle. Find out more [SDTIMES.COM]
  59. 59. Application Development SECURITY: Application Security Requires More Talk Than Tech. If you think application security only involves installing a tool, or scanning a few apps and moving on, you’re wrong. Application security is a unique security initiative, and its success hinges on people as much as technology. Read more [INFOWORLD.COM] SPEED: How to Speed Enterprise App Development and Meet Digital Transformation Demands. Low-code platforms are key in accelerating digital transformation with rapid application development. Find out more [INFORMATION-AGE.COM]
  60. 60. Big Data
  61. 61. Big Data KAFKA: Channels the Big Data Firehose. Kafka has emerged as the open source pillar of choice for managing huge torrents of events. The challenge is refining the tooling and raising the game on security beyond basic authentication. Read more [ZDNET.COM] EUROPE: Big Data, Robotics and AI Fuelling VC Investment in London. Despite the Brexit result last year, London tech companies have attracted over £1 billion in emerging technologies since the referendum vote. Read the rest [INFORMATION-AGE.COM]
  62. 62. Big Data E-COMMERCE: 5 Ways Big Data Analytics Can Help Your eCommerce Business. The words ‘Big data’ are thrown around a lot these days, but there is no definition that is universally accepted. The best definition of Big data comes from analyst Doug Laney, who said in 2001 that Big data is defined by ‘The 3Vs’ – including velocity, variety and volume. This means that Big data is a large amount of content that is varied and being produced quickly. Here are five ways that Big data analytics can help your online company. Find out [INSIDEBIGDATA.COM] PODCAST: Big Data for Small Businesses. In the latest episode of the Microsoft Partner Network Podcast, listen to CEO of Neal Analytics, Dylan Dias, as he talks about the business of Big Data. Neal Analytics is a Microsoft partner focused on solving business problems with analytics and a management consulting perspective. Dylan was able to shed some light on what it takes for businesses to hit a fast-moving target like Big Data. Read more [BLOGS.PARTNER.MICROSOFT.COM]
  63. 63. Mobile Applications
  64. 64. Mobile JAVASCRIPT: Using NodeJS and JSON in Mobile App Development. For those who are new to application development, older technologies such as PHP and SQL were used to create web based applications based on databases and these were confirmed by a lack of scalability, and often needed a complete redevelopment in order to expand the platform. The emergence of Javascript and associated libraries and frameworks has meant that as software applications have become more data intensive and real time updates have occurred then technologies have been developed to allow for the increase of the use of these technologies. Read more [JOSIC.COM]
  65. 65. Mobile HOW TO: Effectively Collect User Feedback in Mobile Application. According to lean development principles, developing a mobile application is a process that includes a sequence of phases — design, development, release, feedback collection, modification to redesign, and so on — with the aim of ensuring the successful development of an app at a minimal cost. User feedback is an indispensable part of the product life cycle and the basis to determine its evolution. Read the rest [INFOQ.COM] DHS: Releases Government Guide for Mobile App Development. The Department of Homeland Security has released its Mobile Applications Playbook, giving federal agencies a roadmap for creating, testing and deploying apps that will be shared across the government. The 39-page guide can be used anywhere along an application’s development lifecycle, giving development teams a path forward when they are stuck on an issue related to an application’s progress. Find out [FEDSCOOP.COM]
  66. 66. Mobile FEDERAL AGENCIES: Progressive Web Apps: The Mobile Future. Agencies that can’t afford to pay a developer to build and maintain an app may want to consider progressive web apps, which offer advantages over traditional mobile applications and even browser-based apps because of their ability to work across multiple devices, their speed and the ease with which they can be developed and deployed. Read more [GCN.COM]
  67. 67. Programming & Scripting Development Client & Server-Side
  68. 68. Programming & Scripting Development Client & Server-Side FYI: 10 Up-and-Coming Programming Languages Developers Should Get to Know. There are currently huge numbers of different programming languages in use by software developers, with most jobs requiring the more familiar skills such as Java, JavaScript, PHP and C#. However, as software demands evolve and grow, new and less widely-accepted languages are gaining in prominence, offering developers the right tool for certain jobs. Find out more [TECHWORLD.COM] OPEN SOURCE: Introduction to Functional Programming. Here’s an explanation of what functional programming is, how to explore its benefits, and a list of resources for learning functional programming. Find out more [OPENSOURCE.COM]
  69. 69. Programming & Scripting Development Client & Server-Side JAVASCRIPT: WIRED Had a Potential Infosecurity Problem. Here’s What We Did About It. On February 26th, WIRED’s security reporter Andy Greenberg received an email from Sophia Tupolev, the head of communications at the security firm Beame.io, saying she’d found a security issue on WIRED.com. Tupolev’s company had discovered sensitive data in the source code on many pages on our site, including obfuscated, “hashed” passwords and email addresses for current and former WIRED writers. Here’s what WIRED did to solve the problem. Find out more [WIRED.COM] JAVA: Managing Both Acute and Chronic Web Application Security Issues. A new, high-severity vulnerability emerged in the Apache Struts 2 open-source framework used to build Java web applications. The flaw allows hackers to inject commands into remote web servers. Within hours, organizations around the world reported attacks exploiting CVE-2017-5638 while Struts 2 users scrambled to apply a patch from the Apache Foundation. What are the practical effects of these events, and what should government InfoSec leaders and practitioners do now? Find out more [GCN.COM]
  70. 70. Programming & Scripting Development Client & Server-Side FYI: 10 Up-and-Coming Programming Languages Developers Should Get to Know. There are currently huge numbers of different programming languages in use by software developers, with most jobs requiring the more familiar skills such as Java, JavaScript, PHP and C#. However, as software demands evolve and grow, new and less widely-accepted languages are gaining in prominence, offering developers the right tool for certain jobs. Find out more [TECHWORLD.COM] OPEN SOURCE: Introduction to Functional Programming. Here’s an explanation of what functional programming is, how to explore its benefits, and a list of resources for learning functional programming. Find out more [OPENSOURCE.COM]
  71. 71. Programming & Scripting Development Client & Server-Side JAVASCRIPT: WIRED Had a Potential Infosecurity Problem. Here’s What We Did About It. On February 26th, WIRED’s security reporter Andy Greenberg received an email from Sophia Tupolev, the head of communications at the security firm Beame.io, saying she’d found a security issue on WIRED.com. Tupolev’s company had discovered sensitive data in the source code on many pages on our site, including obfuscated, “hashed” passwords and email addresses for current and former WIRED writers. Here’s what WIRED did to solve the problem. Find out more [WIRED.COM]
  72. 72. Programming & Scripting Development Client & Server-Side JAVA: Managing Both Acute and Chronic Web Application Security Issues. A new, high-severity vulnerability emerged in the Apache Struts 2 open-source framework used to build Java web applications. The flaw allows hackers to inject commands into remote web servers. Within hours, organizations around the world reported attacks exploiting CVE-2017-5638 while Struts 2 users scrambled to apply a patch from the Apache Foundation. What are the practical effects of these events, and what should government InfoSec leaders and practitioners do now? Find out more [GCN.COM]
  73. 73. Cloud Computing
  74. 74. Cloud Computing READ: Cloud Computing Governance and Compliance. To ensure a successful cloud deployment, cloud computing governance and compliance procedures must encompass all the necessary considerations. Find out more [DATAMATION.COM] FEDERAL GOVERNMENT: Tech Leaders’ Top Recommendations for Fixing Federal IT Challenges. Last September, U.S. Comptroller General Gene Dodaro convened more than a dozen tech experts and current and former federal officials to offer solutions to the challenges the federal government faces in IT acquisition and operations. Find out more [NEXTGOV.COM]
  75. 75. Cloud Computing INDUSTRY INSIGHT: Four Reasons for Agencies to Embrace the Cloud Instead of Fearing It. Cloud computing has existed for about as long as hashtags, YouTube videos and iPhones. Today, the latter items are firmly embedded not only within our technological universe, but our cultural identity and daily conversations. And for private industry and consumers, the cloud too has emerged as a familiar, reliable resource for business tasks and work/life assistance. So why does the cloud so often still inspire the classic symptoms of FUD — fear, uncertainty and doubt — among federal agencies? Find out more [GCN.COM]
  76. 76. Cloud Computing CIO COUNCIL: Wants Agencies to Consider: ‘The Best Code Ever Written is the Code that is Never Written’. Shawn McCarthy, research director for IDC Government Insights, said public cloud services will account for about half of the $2.15 billion spending in 2017. By 2021, agency spending on public cloud is projected to increase to $1.9 billion out of the $3.3 billion. Find out more [FEDERALNEWSRADIO.COM]
  77. 77. Announcement
  78. 78. Announcement Blue Mountain Data Systems DOL Contract Extended Another Six Months The Department of Labor has extended Blue Mountain Data Systems Inc. contract DOLOPS16C0017 for 6 months for network administration and application support. U.S. Dept. of Labor, Employee Benefits Security Administration 1994 to Present Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support.
  79. 79. IT Security | Cybersecurity
  80. 80. IT Security | Cybersecurity INTERVIEW: Cybersecurity in the Federal Government. Alex Grohmann, founder and resident of Sicher Consulting, John Dyson from Deloitte, and Brian Gay, president, Think Forward Consulting talk about the concept of a cybersecurity framework for the federal government. Read more [FEDERALNEWSRADIO.COM] TECH INSIDER: Priorities for Enhancing National Cybersecurity. Presidential transitions are a time of considerable change in government, including new agency leaders and evolving policy priorities. But many issues persist, and this is certainly the case with cybersecurity. Advancing the nation's cybersecurity posture must be a key priority for the Trump administration, especially if we are to maximize the benefits of digital transformation. Read more [NEXTGOV.COM]
  81. 81. IT Security | Cybersecurity NEWS: National Guard Expects Expanded Role in Cybersecurity. The National Guard’s role in cybersecurity began in 1999 thanks to the uncertainty created by Y2K. With concerns of potential computer chaos looming when dates on systems turned over to 2000, the National Guard was given a new force structure called a computer network defense team. Renamed Defensive Cyber Operations Elements, the eight-to 10-person teams are organized on the state level, while support for the 10 Federal Emergency Management Agency regions is handled by Cyber Protection Teams, Lt. Col. Brad Rhodes, the commander of the Colorado National Guard's Cyber Protection Team 178, said in a recent interview. Find out more [GCN.COM] PEOPLE: U.S. Rep. Bob Latta Named Chairman of Panel that Oversees Data, Cybersecurity. The House Subcommittee on Digital Commerce and Consumer Protection has a great range of jurisdiction -- everything from IoT policies to overseeing the Federal Trade Commission. Find out more [GOVTECH.COM]
  82. 82. From the Blue Mountain Data Systems Blog Personal Tech https://www.bluemt.com/personal-tech-daily-tech-update-october-28-2016 IT Management https://www.bluemt.com/it-management-daily-tech-update-october-27-2016 Business Intelligence https://www.bluemt.com/business-intelligence-daily-tech-update-october-26- 2016 Incident Response https://www.bluemt.com/incident-response-daily-tech-update-october-25-2016
  83. 83. From the Blue Mountain Data Systems Blog Security Patches https://www.bluemt.com/security-patches-daily-tech-update-october-24-2016/ BYOD https://www.bluemt.com/byod-daily-tech-update-october-21-2016/ Databases https://www.bluemt.com/databases-daily-tech-update-october-20-2016/ Operating Systems https://www.bluemt.com/operating-systems-daily-tech-update-october-19- 2016/
  84. 84. From the Blue Mountain Data Systems Blog Encryption https://www.bluemt.com/encryption-daily-tech-update-october-18-2016/ Cloud Computing https://www.bluemt.com/cloud-computing-daily-tech-update-october-17-2016/ Programming & Scripting https://www.bluemt.com/programming-scripting-daily-tech-update-october-14- 2016/ Incident Response https://www.bluemt.com/incident-response-daily-tech-update-october-13- 2016/
  85. 85. From the Blue Mountain Data Systems Blog Cybersecurity https://www.bluemt.com/cybersecurity-daily-tech-update-october-12-2016/ Big Data https://www.bluemt.com/big-data-daily-tech-update-october-11-2016/ Mobile Applications https://www.bluemt.com/mobile-applications-daily-tech-update-october-7- 2016/ Cloud Computing https://www.bluemt.com/cloud-computing-daily-tech-update-october-6-2016/
  86. 86. From the Blue Mountain Data Systems Blog Open Source https://www.bluemt.com/open-source-daily-tech-update-october-5-2016/ CTO, CIO and CISO https://www.bluemt.com/cto-cio-ciso-daily-tech-update-october-4-2016/ Programming & Scripting https://www.bluemt.com/programming-scripting-daily-tech-update-october-3- 2016/
  87. 87. From the Blue Mountain Data Systems Blog Feds Report Mixed Responses to Shared Services https://www.bluemt.com/feds-report-mixed-responses-to-shared-services Federal Employees Are Not Security Experts https://www.bluemt.com/federal-employees-are-not-security-experts Survival Guide for Network Administrators https://www.bluemt.com/survival-guide-for-network-administrators DBaaS: OpenStack Trove Changes DB Management https://www.bluemt.com/dbaas-openstack-trove-changes-db-management
  88. 88. From the Blue Mountain Data Systems Blog Help Wanted: Certified Cybersecurity Professionals https://www.bluemt.com/help-wanted-certified-cybersecurity-professionals Cyber Threat Intelligence Integration Center Preview https://www.bluemt.com/cyber-threat-intelligence-integration-center-preview/ Cloud Moves in 1-2-3 https://www.bluemt.com/cloud-moves-in-1-2-3/ Change Management for Disaster Recovery https://www.bluemt.com/change-management-for-disaster-recovery/
  89. 89. From the Blue Mountain Data Systems Blog Jeffersonian Advice For C-Suite Career Advancement https://www.bluemt.com/jeffersonian-advice-for-c-suite-career-advancement/ Ways To Survive The “Mobile-Pocalypse” https://www.bluemt.com/ways-to-survive-the-mobile-pocalypse/ Microsoft Cloud Services Receive FedRAMP Authority to Operate https://www.bluemt.com/microsoft-cloud-services-receive-fedramp-authority- to-operate/ Hiring Pentesters? Here Are 10 Things You Need to Know https://www.bluemt.com/hiring-pentesters-here-are-10-things-you-need-to- know/
  90. 90. From the Blue Mountain Data Systems Blog Home Router Malware Alert https://www.bluemt.com/home-router-malware-alert/ Threat Model Deconstruction https://www.bluemt.com/threat-model-deconstruction/ Business Email Scam Nets $214 Million https://www.bluemt.com/business-email-scam-nets-214-million/ How to Prevent Unauthorized Software from Taking Over Your Organization https://www.bluemt.com/the-cios-guide-to-happy-end-users-2/
  91. 91. From the Blue Mountain Data Systems Blog Digital Marketing Predictions for 2015 https://www.bluemt.com/digital-marketing-predictions-for-2015/ SDN: Network Administrator’s Friend or Foe? https://www.bluemt.com/sdn-network-administrators-friend-or-foe/ Mobile Payments: A Must for Federal Agencies https://www.bluemt.com/mobile-payments-a-must-for-federal-agencies/ Soft Skills Are A Must-Have For Careers In IT https://www.bluemt.com/soft-skills-are-a-must-have-for-careers-in-it/
  92. 92. From the Blue Mountain Data Systems Blog Security Risks Most Prevalent in Younger Workers https://www.bluemt.com/security-risks-most-prevalent-in-younger-workers/ The Security World’s Maturation https://www.bluemt.com/the-security-worlds-maturation/ Data Breach Concerns Keep CISOs Up At Night https://www.bluemt.com/data-breach-concerns-keep-cisos-up-at-night/ Personalized Govt Equals Instant Gratification for Citizens https://www.bluemt.com/personalized-govt-equals-instant-gratification-for- citizens/
  93. 93. From the Blue Mountain Data Systems Blog People-Centric Security https://www.bluemt.com/people-centric-security/ Pentagon Tries BYOD To Strike Work/Life Balance https://www.bluemt.com/pentagon-tries-byod-to-strike-worklife-balance/ Open Source Model Considered for MS Windows https://www.bluemt.com/open-source-model-considered-for-ms-windows/ Open Internet: To Be or Not to Be? https://www.bluemt.com/open-internet-to-be-or-not-to-be/
  94. 94. From the Blue Mountain Data Systems Blog Malware Stays A Step Ahead Infecting One Third of Websites https://www.bluemt.com/malware-stays-a-step-ahead-infecting-one-third-of- websites/ Machine-Generated Data: Potential Goldmine for the CIO https://www.bluemt.com/machine-generated-data-potential-goldmine-for-the- cio/ Government Legacy Programs: Reuse vs. Replacement https://www.bluemt.com/government-legacy-programs-reuse-vs-replacement/ It Takes a Whole Village to Protect Networks and Systems https://www.bluemt.com/it-takes-a-whole-village-to-protect-networks-and- systems/
  95. 95. From the Blue Mountain Data Systems Blog Governance For the CIO https://www.bluemt.com/governance-for-the-cio/ Help Desk Consolidation – Lessons Learned https://www.bluemt.com/help-desk-consolidation-lessons-learned/ One Year Later, Companies Still Vulnerable to Heartbleed https://www.bluemt.com/one-year-later-companies-still-vulnerable-to- heartbleed/ Federal Projects Cultivate Worker Passion https://www.bluemt.com/federal-projects-cultivate-worker-passion-2/
  96. 96. ABOUT US Blue Mountain Data Systems Inc. Blue Mountain Data Systems Inc. is dedicated to application and systems development, electronic document management, IT security support, and the automation of workflow processes. Read more about our experience here: >> http://bluemt.com/experience
  97. 97. Recent Experience U.S. Dept. of Labor Employee Benefits Security Administration 1994 to Present Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support.
  98. 98. MANAGEMENT Paul T. Vesely Founder, President, CEO and Principal Architect Mr. Vesely is a recognized thought leader in systems architecture and delivery, having designed and delivered many enterprise wide information and document management solutions. Mr. Vesely’s history includes 33 years experience in the information systems industry, with Unisys, Grumman, PRC and a host of clients in both government and private sectors.
  99. 99. CONTACT US Contact Us Today to Discuss Your Next IT Project HEADQUARTERS 366 Victory Drive Herndon, VA 20170 PHONE 703-502-3416 FAX 703-745-9110 EMAIL paul@bluemt.com WEB https://www.bluemt.com

×