More Related Content


Tech Update Summary from Blue Mountain Data Systems March 2017

  1. Blue Mountain Data Systems Tech Update Summary March 2017
  2. For CTOs, CIOs & CISOs Visit Blue Mountain Data Systems
  3. For CTOs, CIOs & CISOs Every business day, we publish a Daily Tech Update for Federal & State CTOs ,CIOs & CISOs on the Blue Mountain Data Systems Blog. We hope you will visit our blog for the latest information. You can also receive these updates via email. Click here to subscribe. Here’s the summary of the Daily Tech Updates for March 2017. Hope the information and ideas prove useful. Best, Paul Vesely President and Principal Architect Blue Mountain Data Systems Inc.
  4. Encryption
  5. Encyption GOOGLE: Ventures Into Public Key Encryption. Google's Key Transparency project offers a model of a public lookup service for encryption keys. Google announced an early prototype of Key Transparency, its latest open source effort to ensure simpler, safer, and secure communications for everyone. The project’s goal is to make it easier for applications services to share and discover public keys for users, but it will be a while before it's ready for prime time. Read more [INFOWORLD.COM] SECURITY: The Year Encryption Won. Between the revelations of mega-hacks of Yahoo and others, Russia’s meddling in the US electoral system, and the recent spike in ransomware, it’s easy to look at 2016 as a bleak year for security. It wasn’t all so, though. In fact, the last 12 months have seen significant strides in one of the most important aspects of personal security of all: encryption. Read more [WIRED.COM]
  6. Encyption FED GOVT DOMAINS: Domain Encryption Deadline? Nah, Say 345 Government Sites. More than a third of government websites failed to meet the end-of-year deadline to set up secure domains, according to a report on Government Technology (GT). All existing federal websites were mandated – under a June 2015 memo from Tony Scott, the U.S. chief information officer – to switch over to HTTPS by Dec. 31, 2016. Read more [SCMAGAZINES.COM]
  7. Encyption WHATSAPP SECURITY FLAW: Researcher Claims Bug Allows Snooping on Encrypted Messages, but Tech Firm Denies It's a 'Backdoor'. Facebook-owned WhatsApp encrypts messages that its 1 billion users send to one another, but a UC Berkeley cryptography and security researcher claims the app has a bug that can be exploited to read these messages. Read the rest [SILICONBEAT.COM]
  8. Federal, State & Local IT
  9. Federal, State & Local IT REPORT: Cloud Enters Mainstream in Federal IT Investment Plans. United States government agencies will continue to invest hefty sums in cloud computing technology over the next five years. After that period, spending on cloud is likely to moderate, but the amount of investing will remain at impressive levels. Find out more [ECOMMERCETIMES.COM] READ: Debt Myths, Debunked. Sometime in early December, the federal government’s official debt will likely cross the $20 trillion mark – an amount no country has ever owed. As we approach this milestone, there are a few myths regarding the debt that should be debunked. Find out more [USNEWS.COM]
  10. Federal, State & Local IT CHIEF INNOVATION OFFICERS: An Unclear Role in the Federal Government. Federal obsession with innovation is rampant. The government appears intent upon emulating a Silicon Valley-style startup culture that can keep up with the evolution of commercial technology – or at least shake up how agencies approach problems. Its efforts include the Presidential Innovation Fellows program, a one- year tour of duty lawmakers are attempting to make permanent; the digital consultancy 18F, which aims to help other agencies buy agile software development; and a rash of incubator-style hubs where employees can build out their own ideas. Find out more [NEXTGOV.COM]
  11. Federal, State & Local IT COLLEGES: Federal Government Shuts Down Controversial College Watchdog. An organization that was supposed to oversee the embattled for-profit college industry and protect students from fraud lost its recognition Monday, potentially putting hundreds of thousands of students in limbo. The Secretary of Education ruled Monday to terminate his agency’s recognition of the Accrediting Council for Independent Colleges and Schools (ACICS), which critics say allowed billions of dollars in federal financial aid funds to flow to bad actors. Find out more [MARKETWATCH.COM]
  12. Databases
  13. Databases ORACLE: Still Sees Databases as the Cloud’s Mother Lode. Oracle has built a massive enterprise applications business over the decades: It bought PeopleSoft for $10 billion in 2004, Siebel Systems for nearly $6 billion the following year, and closed a $9.3 billion purchase of NetSuite a few months ago. Despite that, the company clearly still sees databases as Oracle’s bedrock, which is why it’s critical that, moving forward, those databases run on Oracle’s nascent cloud infrastructure. Find out more [FORTUNE.COM]
  14. Databases MICROSOFT: Adds New Service Tier to Azure SQL Database, Increases Storage Limits on Existing Databases. Microsoft is making a series of enhancements to its Azure SQL Database, including a new “Premium RS” tier, as the big public cloud providers roll out new database products and features to attract the growing number of businesses and developers making the shift to the cloud. Find out more [GEEKWIRE.COM] MySQL: Ransomware Attacks Targeted Hundreds of MySQL Databases. In the new attacks, targeted MySQL databases are erased and replaced with a ransom demand for 0.2 bitcoin, which is equal to about $234. Find out more [NETWORKWORLD.COM]
  15. Databases MS-SQL SERVER: An Introduction to Docker and Containers for SQL Server Developers and DBAs. Containers define a new method of application packaging combined with user and process isolation, for application multi-tenancy. Varied Linux and Windows container implementations have existed for years, but Microsoft’s release of Windows Server 2016 established Docker’s design as the defacto container standard. The Docker API and container format is now supported on AWS, Azure, Google Cloud, every Linux distro, and Windows. Docker’s design is elegant and delivers compelling benefits. Find out more [SQLMAG.COM]
  16. More About Blue Mountain BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S. Dept. of Labor, Employee Benefits Security Administration. Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support. Read more.
  17. Electronic Document Management
  18. Electronic Document Management SECURE DOCUMENTS: 18 Ways to Secure Your Electronic Documents. Electronic Document Management Systems (EDMS) are electronic repositories designed to provide organized, readily retrievable, collections of information for the life cycle of the documents. How can you keep these electronic files secure during the entire chain of custody? Here are 18 security suggestions. Read more [BLUEMT.COM] LEGAL DEPT DOCUMENT MANAGEMENT: Investing in New Technologies: How Corporate Legal Departments Are Leading the Way. Many departments are looking to technology to assist with automation of processes, resource and budgetary management, and tracking. Connie Brenton, co-founder of Corporate Legal Operations Consortium (CLOC), a non-profit association of legal operations executives, explains, “Corporate executives expect the GC’s office to be a business counselor to the firm, and to discuss numbers, data and analytics. Efficiency is now essential for legal departments, and this has advanced software’s role and accelerated technology adoption.” Find out more [INSIDECOUNSEL.COM]
  19. Electronic Document Management CFPB: Looks to Embrace Cloud for Email, Office Application Needs. The Consumer Financial Protection Bureau wants to move to a public cloud setup for some of its core enterprise apps. The financial watchdog agency recently sent out a Request for Information (RFI) on the process, technical requirements and costs of moving to cloud services in fiscal year 2017. CFPB wants to establish a more complete understanding on the costs associated with moving fully to a cloud solution for email and office applications (e.g., documents, spreadsheets, presentations, SharePoint and more).Read the rest [FEDTECHMAGAZINE.COM]
  20. Electronic Document Management ROI: 4 Ways Business Document Management Software Can Save You Money. Lisa Croft, Group Product Marketing Manager at Adobe Document Cloud, talks about the many ways business document management can save your company time, space, and more importantly, loads of money. Here are the four most obvious ways these tools provide excellent return-on-investment. Read more [PCMAG.COM]
  21. Security Patches
  22. Security Patches MOBILE: March Android Security Update Breaks SafetyNet, Android Pay. An issue with the March Android over-the-air security update has been resolved after Nexus 6 users complained that Android Pay no longer worked after installation of the update. The update in fact broke Android’s SafetyNet API which provides a constant check on device integrity, blocking access to certain features – such as Android Pay – if it believes a device has been rooted. A Google representative confirmed to Threatpost that the issue was resolved and the OTA update re-issued, even for devices that had already installed the bad update. Find out more [THREATPOST.COM]
  23. Security Patches ADOBE: Flash Player New Security Update. On March 14, Adobe Flash Player users should receive a new security update instead of the February patches. This is because Microsoft has engaged to its earlier plan to defer and deliver the updates at a later date even if the security patches are now available. On February 2017, Adobe has addressed the issue and found a solution in which a patch was able to deal with the security problem. For this reason, users are given access to both MS17-005 Security Update for the Adobe Flash Player. This is due to the update from Adobe and the provision by Microsoft. This vulnerability has been considered a critical issue due to the permission that it can grant the attackers. In a report by security specialists, such a vulnerability indicates that attackers are granted control of the machine that was infected. This is in the sense that they are allowed to send remote commands.. Find out more [TNHONLINE.COM]
  24. Security Patches SECURITY: After CIA Leaks, Tech Giants Scramble to Patch Security Flaws. Apple, Microsoft, and Google are analyzing leaked CIA documents to see if their products are affected, but security researchers say that most of the flaws have long been fixed. Find out more [ZDNET.COM] CMS: WordPress Finally Patches 6 Glaring Security Issues. WordPress is the most popular CMS in the world – and the most hacked. Just last month, hackers engaged in a “feeding frenzy” at the expense of WordPress sites across the web, exploiting a vulnerability found in the WP REST API plugin. After patching that security issue, Automattic, the company behind WordPress, rolled out yet another security patch this week in the form of WordPress 4.7.3. Find out more [CMSWIRE.COM]
  25. CIO, CTO & CISO
  26. For the CIO, CTO & CISO CIO: Free Decryption Tools Now Available for Dharma Ransomware. A user named gektar published a link to a Pastebin post on the technical support forum. The post, he claimed, contained the decryption keys for all Dharma variants. The good news is that the leaked keys are real, and researchers from Kaspersky Lab and ESET verified they work. The two companies have updated their Crysis decryption tools — downloads at Kaspersky RakhniDecryptor and ESET CrysisDecryptor — to work for Dharma affected files, too. Find out more [CIO.COM] CTO: ServiceNow’s CTO on Future-Proofing Tech Priorities and Moving Faster in IT. Knowing where to put your resources is a challenge for companies both big and small. Allan Leinwand, CTO of the cloud-service provider ServiceNow, shares his formula for deciding where his team should focus. Find out more [ENTERPRISERPROJECT.COM]
  27. CIO, CTO & CISO CISO: VA Seeks Permanent CISO. The Department of Veterans Affairs is looking to hire a permanent chief information security officer. Earlier in February, VA tapped Dominic Cussatt to serve as acting CISO, replacing Roopangi Kadakia, who was reassigned to lead VA’s cloud transformation. Find out more [FCW.COM] FEDERAL GOVERNMENT: Cybersecurity Regulations Get Demanding. As more government agencies get involved with creating cybersecurity regulations, security professionals will need to monitor new laws and understand which apply to their industry and whether some overlap or conflict. Increased enforcement from different agencies can mean significant consequences even if breaches are avoided. As the new administration adjusts regulations, chief information security officers (CISOs) will need to add governmental cyber regulations to their daily watchlists. Consider the following key areas that impact enterprise security in multiple ways. Find out more [SECURITYINTELLIGENCE.COM]
  28. Penetration Testing
  29. Penetration Testing BEWARE: Penetration Tests Are Being Ignored by Enterprises Living Dangerously. Organizations are ignoring the recommendations of penetration testers, even when they find serious vulnerabilities in their clients’ systems, according to the Black Report from Nuix. Find out more [SCMAGAZINEUK.COM] SECURITY: Apache Struts Vulnerability Under Attack. An easy-to-exploit remote code execution flaw discovered in the widely used open-source Apache Struts 2 framework has been patched, but that’s not stopping attackers from attempting to exploit vulnerable systems. Find out more [EWEEK.COM]
  30. Penetration Testing FINANCIAL: Testing Finds ‘100 Percent’ of Mobile Banking Apps Hackable. Mobile banking applications produced by 50 of the world’s largest 100 banks were all vulnerable to hacking attacks which could allow password capture or surveillance of users, according to new research from a European mobile security outfit. Find out more [CYBERSCOOP.COM]
  31. Penetration Testing LEARN: The Top 5 Security Functions To Outsource. There is a cybersecurity talent shortage. According to some sources, there are currently up to 200,000 unfilled security positions in the United States, and an estimated one million open positions globally. By 2019, experts say there could be 1.5 million unfilled cybersecurity jobs. Given this scarcity in the cybersecurity market, combined with the daunting task of staffing a diversely skilled security team, a prudent question is which security functions can be effectively outsourced for the short-, medium-, or long-term. Here are five of the most logical security areas to outsource. Find out more [FORBES.COM]
  32. Open Source
  33. Open Source GOOGLE: Invites Open Source Devs to Give E2EMail Encryption a Go. Google last week released its E2EMail encryption code to open source as a way of pushing development of the technology. “Google has been criticized over the amount of time and seeming lack of progress it has made in E2EMail encryption, so open sourcing the code could help the project proceed more quickly,” said Charles King, principal analyst at Pund-IT. Find out more [LINUXINSIDER.COM] FILE SHARING: 4 Open Source Tools for Sharing Files. Here are four open source tools that can meet all of your file sharing needs. Find out more [OPENSOURCE.COM]
  34. Open Source DOD: New DOD Software Coding Will Increase Private-Sector Involvement. The Department of Defense (DOD) has unveiled a software coding initiative that could transform the creation and quality of DOD software projects, and the interactions between federal, private sector, and individual software developers. The initiative, known as, is headed by the Defense Digital Service (DDS), a team representing DOD’s effort to increase public-private collaboration in the software industry. represents the next step in this endeavor with its objective of connecting the vast amount of individual coding talent and skill with DOD software projects open to improvements. Find out more [DEFENSESYSTEMS.COM]
  35. Open Source DEVELOPMENT: Using Proprietary Services to Develop Open Source Software. A lot of open source software is developed on (and with the help of) proprietary services running closed-source code. Countless open source projects are developed on GitHub, or with the help of JIRA for bug tracking, Slack for communications, Google Docs for document authoring and sharing, Trello for status boards. That sounds a bit paradoxical and hypocritical—a bit too much “do what I say, not what I do.” Why is that? Find out more [OPENSOURCE.COM]
  36. Business Intelligence
  37. Business Intelligence TOOLS: The 20 Most Popular Business Intelligence Tools. Given the enormous amount of Business Intelligence software solutions available, narrowing down the right one for your business can be a tedious process. How does a business start implementing this software? One way to start is by looking at systems that are popular among peers, because those products are the ones that are most likely to stay constantly maintained and upgraded. Find out more [DATACONOMY.COM] RESEARCH: Successful Data Science Process Not Simple to Set Up, Sustain. Data science teams face a mix of process and cultural challenges in organizations, according to experienced analytics managers who offer advice on how to overcome the hurdles. Find out more [SEARCHBUSINESSANALYTICS.TECHTARGET.COM]
  38. Business Intelligence DATA ANALYTICS: What is Data Analytics? Data is just data. With analytics, it becomes information. Find out more [ITPRO.CO.UK] EDUCATION: Will You Graduate? Ask Big Data. Georgia State is one of a growing number of colleges and universities using what is known as predictive analytics to spot students in danger of dropping out. Crunching hundreds of thousands and sometimes millions of student academic and personal records, past and present, they are coming up with courses that signal a need for intervention. Find out more [NYTIMES.COM]
  39. Operating Systems
  40. Operating Systems WINDOWS 10: Is Windows 10 an Operating System or an Advertising Platform? Windows 10 has certainly gotten its share of lumps since it was released. Some users really liked it, while other detested the changes made by Microsoft. Windows 10 has proven to be a great example of beauty being in the eye of the beholder. One writer at BetaNews recently wondered if Windows 10 was an operating system or an advertising platform. Find out more [INFOWORLD.COM]
  41. Operating Systems MOBILE: Android is Set to Overtake Windows as Most Used Operating System. After more than eight years in the hands of consumers, Android is poised to overtake Windows as the most used operating system in the world. This measurement comes by way of web analytics firm StatCounter, which follows trends in worldwide web traffic. Microsoft Windows holds the slimmest of margins over Android, and they could trade positions very soon if current trends continue. Find out more [EXTREMETECH.COM]
  42. Operating Systems PERSONAL TECH: Just What Was in That iOS System Update? When you get the notice of a software update for iOS, there’s usually a link to read about the security content of the update. But where does Apple officially tell you about all other things that change in these upgrades? Find out more [NYTIMES.COM] LEARN: The Best Alternatives Operating Systems. For most people, the only operating systems they know of are Windows, macOS, Android and iOS. However, there are other operating systems you can consider. Here’s a list of six alternative operating systems for your review. Find out more [HACKREAD.COM]
  43. Incident Response
  44. Incident Response DHS: New National Cyber Incident Response Plan. DHS recently released the refreshed National Cyber Incident Response Plan (NCIRP). Since the last version of the NCIRP was released in 2010, the nation has increasingly faced more complex cyber incidents. Every day, incidents across the United States necessitate that jurisdictions and organizations work together to share resources, integrate tactics and take actions to meet the needs of communities before, during, and after cyber incidents. The NCIRP provides a consistent and common approach and vocabulary to enable the whole community to work together to manage cyber incidents seamlessly. Find out more [CSOONLINE.COM]
  45. Incident Response SECURITY: Maturing Incident Response Through a Knowledge-based Approach. What’s missing from the current discussion around incident response is the acknowledgment that security professionals still have to make decisions based on incomplete information. This is not due to a lack of data. On the contrary, there is so much data created in a typical enterprise that there are no simple ways to make sense of the mountains of it. Find out more [INFORMATION-AGE.COM]
  46. Incident Response READ: Detect, Protect and Survive. Incident response has become one of those areas of cybersecurity that people think they could do better, but how often do they test it and how well could they actually act in the event of an incident occurring? According to the Global Information Security Survey, released this week by EY, which used responses from 1735 C-suite leaders and IT executives and managers, 57% of respondents rate business continuity and disaster recovery as a high priority, 42% do not have an agreed communications strategy or plan in place in the event of a significant attack and 39% are planning to invest more in it in the coming year. Find out more [INFOSECURITY-MAGAZINE.COM]
  47. Incident Response CLOUD PLATFORM: Breach Analytics Platform Speeds Up Incident Response. Some experts say that data breaches are now a matter of when rather than if. Being able to respond quickly is therefore vital for companies to minimize damage and disruption. Cybersecurity solutions and breach analytics cloud platform Eastwind Networks is launching an enhanced Breach Analytics Cloud platform to provide complete visibility across the entire attack surface. Find out more [BETANEWS.COM]
  48. Incident Response DHS: Georgia Incident Was Legitimate Work, Not a Hack. The Department of Homeland Security told Georgia’s Office of Secretary of State that the IP address associated with an attempted breach of the state agency’s firewall was tracked to an office in U.S. Customs and Border Protection, a revelation that has DHS “deeply concerned.” According to DHS, someone on the federal department’s security network was conducting legitimate business on the state office’s website, verifying a professional license administered by the state. The state office manages information about corporate licenses and certificates on its website. Find out more [FEDSCOOP.COM]
  49. Incident Response LEARN: 10 Tips for Planning, Leading and Learning From a Cybersecurity Tabletop Exercise. The National Institute of Standards and Technology (NIST) recommends that organizations not only develop incident response plans, but also maintain them in a “state of readiness” and engage in exercises to “validate their content.” The potential vehicles for such tests can take many forms, but one of the most common and easy to implement is a “tabletop exercise.” Read the rest [CORPCOUNSEL.COM]
  50. Incident Response NETWORKS: Why is Incident Response Automation and Orchestration So Hot? Incident response is dominated by manual processes that limit efficiency and effectiveness. This is one of the drivers for IR automation and orchestration. Find out more [NETWORKWORLD.COM] SECURITY: Maturing Incident Response Through a Knowledge-Based Approach. In an increasingly vulnerable cyber landscape, incident response tends to be high on the list of priorities for any security leader. Find out more [INFORMATION-AGE.COM]
  51. Incident Response READ: Detect, Protect and Survive. Incident response has become one of those areas of cybersecurity that people think they could do better, but how often do they test it and how well could they actually act in the event of an incident occurring? Find out more [INFO-SECURITY-MAGAZINE.COM] HOW TO: Building a Better Bug Bounty. When Microsoft temporarily doubled its maximum bug bounty prize to $30,000 earlier this month, it was hard to not to notice the timing. After all, the software giant had just been burned twice by Google Project Zero researchers who publicly disclosed Windows vulnerabilities before they could be patched. Find out more [SCMAGAZINE.COM]
  52. Cybersecurity
  53. Cybersecurity MANAGEMENT: Cyber Experts Consider Agency Leaders’ Responsibility Ahead of Trump’s Cyber EO. President Donald Trump’s cybersecurity executive order is moving along, according to private sector advisers, and could be signed by the middle of March — or not. Sam Palmisano, former IBM CEO and vice chairman of the Commission on Enhancing National Cybersecurity, told an audience gathered for a March 6 event at the Center for Strategic and International Studies (CSIS) that his sense was maybe “within a week or so we could see something.” “But I would have said that two or three weeks ago as well, so I don’t want to set a bar for them,” Palmisano said when asked about the EO’s publication. “They’re working through the process.” Find out more [FEDERALNEWSRADIO.COM]
  54. Cybersecurity EMPLOYMENT: Cybersecurity Skills Shortage Holding Steady. In 2017, 45 percent of organizations say they have a “problematic shortage” of cybersecurity skills. This is right in line with 2016 (46 percent), but these last two years represented a big increase. In 2015, 28 percent of organizations said they had a “problematic shortage” of cybersecurity skills, 25 percent in 2014, 23 percent in 2013, and 24 percent in 2012. Find out why this increase over the past two years is concerning. Find out more [NETWORKWORLD.COM]
  55. Cybersecurity IoT: Consumer Reports to Grade Products on Cybersecurity. The non-profit consumer ratings group Consumer Reports plans to evaluate cybersecurity and privacy when ranking products, Reuters says. It is currently working with organizations to create methodologies for doing this. This decision was made following a recent increase in cyberattacks on IoT devices, many of which contain vulnerabilities easily exploited by hackers. Researchers believe these attacks are unlikely to cease because manufacturers do not want to spend on securing connected products. Find out more [DARKREADING.COM]
  56. Cybersecurity CISO: Building a Cybersecurity Culture Around Layer 8. The term “layer 8” is often used pejoratively by IT professionals to refer to employees’ lack of awareness and a weak overall cybersecurity culture. While organizations continue to purchase and deploy technical controls, not much has been done to focus on the human side of cybersecurity. Today, it is just as important to secure human assets – layer 8 – as it to secure layers 1 through 7. Find out more [SECURITYINTELLIGENCE.COM]
  57. Project Management
  58. Project Management GUIDE: Scrum Agile Project Management: The Smart Person’s Guide. Here’s a go-to guide on scrum, a popular agile project management framework. You’ll learn scrum terminology, how to use the methodology in software and product development projects, and more. Find out more [TECHREPUBLIC.COM] TOOLS: 7 Project Management Tools Any Business Can Afford. There’s no shortage of project management solutions for mid-size and large businesses. Startups, though, have limited budgets and simply can’t afford high-priced project management software. Here are seven affordable options. Find out more [CIO.COM]
  59. Project Management RISK: Open Source Project Management Can Be Risky Business. Learn how open source code is a huge factor in mitigating risk. Find out more [OPENSOURCE.COM] FEDERAL GOVERNMENT: Get on the Same Platform, CIO Council Urges. Taking a government-as-a-platform approach to IT service delivery by leveraging cloud- supported solutions can help modernize and digitize federal agencies, according to a new report from the CIO Council. Find out more [GCN.COM]
  60. Project Management FITNESS TRACKING: Weight Loss On Your Wrist? Fitness Trackers May Not Help. Fitness trackers remain wildly popular, but do they make us fit? Maybe not, according to a study that asked overweight or obese young adults to use the tiny tracking tools to lose weight. Read the rest [NPR.ORG]
  61. Search Technology
  62. Search Technology SOLR: Not Just For Text Anymore. When Solr came out, it was supposed to be an OpenSource text search engine. Now it has a big place in Big Data. Read what Ness's CTO, Moshe Kranc has to say about how it has evolved. Read more [DZONE.COM] INGALLS: Spring Data 'Ingalls' Release Train Leaves Station. The Spring Data team has announced the first milestone release of the Ingalls Release Train. This coordinated release of subprojects under the Spring Data umbrella ships with 230 fixes and a number of new features. Find out more [ADTMAG.COM]
  63. Search Technology GOOGLE: Announces New Cloud Natural Language API While Cloud Search API Goes Beta. Google says that the Cloud Natural Language API gives developers access to three Google-powered engines– sentiment analysis, entity recognition, and syntax analysis. The service is currently available in open beta and is based on the company’s natural language understanding research. It will initially support three languages– English, Spanish and Japanese and will help developers reveal the structure and meaning of your text in the given language. Read more [THETECHPORTAL.COM] AMAZON: Amazon EC2 Container Service Now Supports Networking Modes and Memory Reservation. Docker networks provide isolation for your containers. It is important to have control over the networks your applications run on. With Amazon ECS, you can now specify an optional networking mode for your containers that cater towards different use cases. Find out more [DABCC.COM]
  64. Application Development
  65. Application Development IoT: Why App Development Is The Key To Unlocking The IoT Vault. Solution providers are positioning themselves for success in the lucrative Internet of Things market by bolstering their application development teams. Companies bringing IoT solutions to market face several hurdles, including interoperability, security and data management challenges – and staffing up with IoT application developers is critical for tackling these issues. Read more [CRN.COM] SDKS: How Imaging SDKs Can Solve Today’s Application Development Challenges. In a mobile-first world, developers understand the importance of creating a next- generation app that fits in with client or user expectations. Developers should consider the myriad of SDK options if they want to improve functionality for the user, especially imaging SDKs. Although they are a niche market, these SDKs can add better imaging capabilities and target industry-related problems that companies are trying to tackle. Find out more [SDTIMES.COM]
  66. Application Development SECURITY: Application Security Requires More Talk Than Tech. If you think application security only involves installing a tool, or scanning a few apps and moving on, you’re wrong. Application security is a unique security initiative, and its success hinges on people as much as technology. Read more [INFOWORLD.COM] SPEED: How to Speed Enterprise App Development and Meet Digital Transformation Demands. Low-code platforms are key in accelerating digital transformation with rapid application development. Find out more [INFORMATION-AGE.COM]
  67. Personal Tech
  68. Personal Tech DIGITAL SUBSCRIPTIONS: How the Internet Is Saving Culture, Not Killing It. In just about every cultural medium, whether movies or music or books or the visual arts, digital technology is letting in new voices, creating new formats for exploration, and allowing fans and other creators to participate in a glorious remixing of the work. This isn’t new; from blogs to podcasts to YouTube, the last 20 years have been marked by a succession of formats that have led to ever-lower barriers for new and off-the-wall creators. Find out more [TECHWORM.NET] PROTECT YOUR DEVICES: With C.I.A. Hacking Revelations, How to Protect Your Devices. Want to protect against surveillance through your iPhones, Android devices, Wi-Fi routers and Samsung televisions? Update, update, update. Find out more [NYTIMES.COM]
  69. Personal Tech HOW TO: Enable Flash in Chrome for Specific Websites. If you’re a Chrome user, which you should be, you probably have noticed that Flash is blocked by default in the browser. Google does not like Flash because of the major security flaws inherent in Flash and therefore does everything in its power to force you not to use Flash. Here’s how to enable Flash when you need it. Find out more [ONLINE-TECH-TIPS.COM] TUTORIAL: Get The Windows Notepad App On Android. The Windows Notepad app is a simple text editor. It’s been part of Windows for years. The app is great if you want to edit a script, an HTML file, or take a quick note. The app has remained unchanged for the most part but it is still a great app. Here’s how to use it on an Android device. Find out more [ADDICTIVETIPS.COM]
  70. Big Data
  71. Big Data DATA: State and Local Govs Need to Improve Data Sharing, Big Data Use. Like their federal counterparts, state and local agencies have made great strides in acquiring and using big data – but they still have a long way to go, according to a source in the industry. Find out more [GOVTECH.COM] NAVY: How Navy’s Warship Shop Uses Data to Do More with Less. The U.S. Navy’s shipbuilding office has a new weapon in its effort to efficiently allocate personnel, resources and budgetary dollars: software. Find out more [NEXTGOV.COM]
  72. Big Data NONPROFITS: How Nonprofits Use Big Data to Change the World. Foundation Center has the world’s largest database of grant and fundraising information. Learn how the organization uses big data to create apps that encourage transparency and innovation. Find out more [TECHREPUBLIC.COM] CARS: Autodata Turns to Big Data to Predict Vehicle Failures. Vehicle data company sees 30% jump in revenue after moving to open source software and opening its data to garages, insurers and parts companies. Find out more [COMPUTERWEEKLY.COM]
  73. Mobile Applications
  74. Mobile FEDERAL GOVERNMENT: Top 10 Tech Trends for Feds to Watch. Across government, career executives are assessing priorities for the year, with an eye to both the known challenges that must be addressed and the new priorities Trump administration officials want to champion. The administration’s newly released budget proposal will dominate the headlines, but there are IT and management issues that will be key regardless of the policies. Here are the tech issues that will be the focus of government time and attention in the months ahead. Find out more [FCW.COM] VIDEO: Is Snapchat Building the iPhone Killer? Snapchat’s parent company has hired mobile engineering and design talent away from Apple, HTC, and Google. Could a Snapchat phone be in the works? Find out more [INFOWORLD.COM]
  75. Mobile DISA: Explores Solution to Mobile CAC Challenge. The Defense Department is having a particularly tough time integrating mobile technology into its mission, largely because every attempt to link it to the Common Access Card has been too cumbersome. But the Defense Information Systems Agency’s Purebred program may have found a way to bypass the physical CAC altogether. Find out more [FEDERALNEWSRADIO.COM] TRACKING TOOL: From Disaster Planning to Conservation: Mobile Phones as a New Tracking Tool. Mobile phones have almost totally infiltrated human society, with the number estimated at more than 7 billion in 2014. Ownership of mobile phones continues to grow, even in some of the poorest countries. Many of those phones are geolocated, continuously providing the geographic location of the user, effectively acting as tracking devices for human populations. Find out more [GCN.COM]
  76. IT Management
  77. IT Management TECH MANAGEMENT: Decentralized IT Management Raises Concerns. IT isn't happy about the shift to decentralized IT management, so VMware tries to provide the best of both worlds: developer flexibility and centralized IT. Find out more [NETWORKWORLD.COM] DOD: Congress Creates New DoD Chief Management Officer, Punts on Role of CIO. The annual Defense authorization bill Congress sent to the President last week includes several provisions to redraw the Defense Department's organizational chart, including one that creates a powerful new Chief Management Officer whose primary job will be overseeing and reforming DoD headquarters functions. While the department already has a full-time position - the deputy chief management officer - to handle functions like business process reengineering and other management concerns, the new position will carry more stature in the Defense bureaucracy. Find out more [FEDERALNEWSRADIO.COM]
  78. IT Management VETERANS AFFAIRS: VA CIO Creating IT Demand Management Office. The Department of Veterans Affairs will launch a new tech office in 2017 to help meet the needs of the department's health care, benefits and cemetery lines of business. Ron Thompson, who was the principal deputy assistant secretary and deputy CIO for VA's Office of Information and Technology, will lead the creation of a new Demand Management Office. Find out more [FEDSCOOP.COM] LEARN: What Great Managers Do Daily. So much depends upon managers. For example, a Gallup study found that at least 70% of the variance in employee engagement scores is driven by who the boss is. This is disconcerting because the same research found that about 70% of people in management roles are not well equipped for the job. This state of affairs is hurting not just employee engagement and quality of life, but also corporate performance. What makes managers of highly engaged employees different than the rest on a day-to-day basis? Read the results of a recent survey. Find out more [HBR.ORG]
  79. Programming & Scripting Development Client & Server-Side
  80. Programming & Scripting Development Client & Server-Side CODING: Dojo Highlights the Top 9 Programming Languages of 2017. Folks at the programming boot camp Coding Dojo did their own analysis of the most in- demand programming languages of the year by poring through data from the job search engine The boot camp’s research found Perl, Python and SQL are among the languages that are consistently showing up in job postings. Find out more [SDTIMES.COM] TYPESCRIPT: Continues Embrace of React Native. TypeScript 2.2 is out in a release candidate that continues its embrace of React Native, another JavaScript variant that’s used to create native iOS and Android apps. Find out more [ADTMAG.COM]
  81. Programming & Scripting Development Client & Server-Side SWIFT: The Creator of Swift, Apple’s New Programming Language, is Leaving for Tesla. The head of Apple’s Swift programming language is leaving the company. Chris Lattner said that he was stepping aside as project lead for Swift as he prepares to leave the company for Tesla, where he will head its autopilot software efforts. Find out more [RECODE.NET] PHP: Becomes First Programming Language to Add Modern Cryptography Library in Its Core. The PHP team has unanimously voted to integrate the Libsodium library in the PHP core, and by doing so, becoming the first programming language to support a modern cryptography library by default. Find out more [BLEEPINGCOMPUTER.COM]
  82. Programming & Scripting Development Client & Server-Side JAVASCRIPT: Will WebAssembly Overtake JavaScript in Web Application Coding Needs? Firefox 52 is the first browser to support WebAssembly, a new standard “to enable near-native performance for web applications” without a plug-in by pre- compiling code into low-level, machine-ready instructions. Find out more [TECHWORM.NET] RUBY ON RAILS: What’s New in Rails 5.1: Better JavaScript, for One. Ruby on Rails, the veteran server-side web framework, is playing nice with JavaScript in an upgrade that has recently moved to a first beta release. Rails 5.1 offers multiple improvements, including encryption, system tests, and managing JavaScript dependencies from NPM via Facebook’s new Yarn package manager. Find out more [INFOWORLD.COM]
  83. Programming & Scripting Development Client & Server-Side APP SECURITY: Managing Both Acute and Chronic Web Application Security Issues. With WikiLeaks’ March 7 posting of what was purported to be some of the CIA’s cyber surveillance exploits, agencies are looking at the possibility of attackers turning intelligence gathering tools against government systems, devices and websites. Even more recently, a new, high-severity vulnerability emerged in the Apache Struts 2 open-source framework used to build Java web applications. The flaw allows hackers to inject commands into remote web servers. Within hours, organizations around the world reported attacks exploiting CVE-2017-5638 while Struts 2 users scrambled to apply a patch from the Apache Foundation. What are the practical effects of these events, and what should government InfoSec leaders and practitioners do now? Find out more [GCN.COM]
  84. Programming & Scripting Development Client & Server-Side C#: Version 7.0 Comes with New Features. Visual Studio 2017 was released earlier this month with new programming language features for C# 7.0. C# is a type-safe, object-oriented programming language designed for building applications that run on the .NET framework. The Visual Studio team has been working on C# 7.0 for over a year. “C# 7.0 adds a number of new features and brings a focus on data consumption, code simplification and performance. Perhaps the biggest features are tuples, which make it easy to have multiple results, and pattern matching, which simplifies code that is conditional on the shape of data. But there are many other features big and small. We hope that they all combine to make your code more efficient and clear, and you more happy and productive,” said Mads Torgersen, program manager at Microsoft. Find out more [SDTIMES.COM]
  85. Cloud Computing
  86. Cloud Computing GOOGLE: With Spanner Database Service, Google Raises the Stakes in Cloud Computing. Google Inc. has issued a big challenge to its rivals in cloud computing by opening up access to what has been described as the world’s largest database. The company is launching Cloud Spanner Beta, providing software developers with a database service available through Google Cloud that the search giant already uses to run its massive AdWords advertising system and Google Play app and media store. Find out more [SILICONANGLE.COM]
  87. Cloud Computing CYBERSECURITY: Trust and Risks Both Growing in Government Clouds. A new Intel Security cloud report reveals that cloud computing adoption is growing rapidly in government and elsewhere all over the world. At the same time, CIOs are struggling to keep enterprise data safe in the cloud. Here is what you need to know. Find out more [GOVTECH.COM] CIO: Security in the Cloud. As a former CIO, Richard Spires has implemented and seen the significant benefits of cloud computing — both the leverage of compute on demand and the use of software-as-a-service applications. In particular, SaaS-based applications increasingly are becoming the way organizations can quickly and easily leverage new capabilities. This is driving tremendous growth and innovation – AngelList has more than 11,000 SaaS start-ups listed in the U.S., and IDC predicts the SaaS-based market will surpass $112 billion by 2019. Find out more [FCW.COM]
  88. Cloud Computing READ: Relieving Cloud Migration Headaches. One look at the exponential increase in Amazon Web Services revenue, which has grown by an order of magnitude over the past five years, makes clear that we are on the cusp of a generational transformation in how IT organizations provide application infrastructure. Indeed, Gartner, which estimates that infrastructure-as-a-service revenue grew by nearly 43 percent in 2016, said organizations saved “14 percent of their budgets as an outcome of public cloud adoption,” a ratio that is sure to rise in the coming years. And many government IT organizations are at the forefront of the cloud conversion due to executive-level mandates, tight IT budgets and demand for increased access to information and online services. Find out more [GCN.COM]
  89. Cloud Computing IBM: Why IBM Believes Quantum Computing is the Next Big Cloud Hit after AI and Blockchain. IBM has released a new API for its Quantum Experience program, which will enable developers to build interfaces between its cloud-based quantum computers and its classical equivalents. Find out more [CLOUDCOMPUTING.COM] AMAZON: Flexible Cloud Computing Services Key to Federal Innovation, Says Amazon Web Service’s Teresa Carlson. Just how innovative will the federal government’s future cloud computing efforts be? The answer depends on the government’s ability to try out new offerings with minimal risk or procurement costs. Also imperative will be agencies’ ability to pay for services on an “on-demand” basis. Six years into her role as vice president of Amazon Web Services’ Worldwide Public Sector, Teresa Carlson is ensuring government customers can embrace cloud offerings with that nimble approach in mind. Find out more [WASHINGTONEXEC.COM]
  90. Cloud Computing NASA: Cloud Computing Security Concerns Hover. In the rush to embrace cloud computing, enterprises of all sizes can face serious stumbling blocks, including concerns about how to implement the technology and best practices to follow, which ultimately affects security. The same goes for government agencies, including NASA. Find out more [LIGHTREADING.COM]
  91. Cloud Computing OPINION: The Digital Government Americans Deserve. Americans are turning to digital solutions for everything from banking services to healthcare to travel. Yet despite large investments by the U.S. government in digital technologies, government continues to lag behind. As a result, U.S. citizens have very low levels of satisfaction and confidence in the government’s ability to deliver services that meet their needs and expectations, according to a 2014 Accenture study. If the new administration wants to make the U.S. government a leader in information technology and innovation, here are five strategies that can help build a digital government that Americans deserve. Find out more [FCW.COM]
  92. Announcement
  93. Announcement Blue Mountain Data Systems DOL Contract Extended Another Six Months The Department of Labor has extended Blue Mountain Data Systems Inc. contract DOLOPS16C0017 for 6 months for network administration and application support. U.S. Dept. of Labor, Employee Benefits Security Administration 1994 to Present Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support.
  94. IT Security | Cybersecurity
  95. IT Security | Cybersecurity INTERVIEW: Cybersecurity in the Federal Government. Alex Grohmann, founder and resident of Sicher Consulting, John Dyson from Deloitte, and Brian Gay, president, Think Forward Consulting talk about the concept of a cybersecurity framework for the federal government. Read more [FEDERALNEWSRADIO.COM] TECH INSIDER: Priorities for Enhancing National Cybersecurity. Presidential transitions are a time of considerable change in government, including new agency leaders and evolving policy priorities. But many issues persist, and this is certainly the case with cybersecurity. Advancing the nation's cybersecurity posture must be a key priority for the Trump administration, especially if we are to maximize the benefits of digital transformation. Read more [NEXTGOV.COM]
  96. IT Security | Cybersecurity NEWS: National Guard Expects Expanded Role in Cybersecurity. The National Guard’s role in cybersecurity began in 1999 thanks to the uncertainty created by Y2K. With concerns of potential computer chaos looming when dates on systems turned over to 2000, the National Guard was given a new force structure called a computer network defense team. Renamed Defensive Cyber Operations Elements, the eight-to 10-person teams are organized on the state level, while support for the 10 Federal Emergency Management Agency regions is handled by Cyber Protection Teams, Lt. Col. Brad Rhodes, the commander of the Colorado National Guard's Cyber Protection Team 178, said in a recent interview. Find out more [GCN.COM] PEOPLE: U.S. Rep. Bob Latta Named Chairman of Panel that Oversees Data, Cybersecurity. The House Subcommittee on Digital Commerce and Consumer Protection has a great range of jurisdiction -- everything from IoT policies to overseeing the Federal Trade Commission. Find out more [GOVTECH.COM]
  97. From the Blue Mountain Data Systems Blog Personal Tech IT Management Business Intelligence 2016 Incident Response
  98. From the Blue Mountain Data Systems Blog Security Patches BYOD Databases Operating Systems 2016/
  99. From the Blue Mountain Data Systems Blog Encryption Cloud Computing Programming & Scripting 2016/ Incident Response 2016/
  100. From the Blue Mountain Data Systems Blog Cybersecurity Big Data Mobile Applications 2016/ Cloud Computing
  101. From the Blue Mountain Data Systems Blog Open Source CTO, CIO and CISO Programming & Scripting 2016/
  102. From the Blue Mountain Data Systems Blog Feds Report Mixed Responses to Shared Services Federal Employees Are Not Security Experts Survival Guide for Network Administrators DBaaS: OpenStack Trove Changes DB Management
  103. From the Blue Mountain Data Systems Blog Help Wanted: Certified Cybersecurity Professionals Cyber Threat Intelligence Integration Center Preview Cloud Moves in 1-2-3 Change Management for Disaster Recovery
  104. From the Blue Mountain Data Systems Blog Jeffersonian Advice For C-Suite Career Advancement Ways To Survive The “Mobile-Pocalypse” Microsoft Cloud Services Receive FedRAMP Authority to Operate to-operate/ Hiring Pentesters? Here Are 10 Things You Need to Know know/
  105. From the Blue Mountain Data Systems Blog Home Router Malware Alert Threat Model Deconstruction Business Email Scam Nets $214 Million How to Prevent Unauthorized Software from Taking Over Your Organization
  106. From the Blue Mountain Data Systems Blog Digital Marketing Predictions for 2015 SDN: Network Administrator’s Friend or Foe? Mobile Payments: A Must for Federal Agencies Soft Skills Are A Must-Have For Careers In IT
  107. From the Blue Mountain Data Systems Blog Security Risks Most Prevalent in Younger Workers The Security World’s Maturation Data Breach Concerns Keep CISOs Up At Night Personalized Govt Equals Instant Gratification for Citizens citizens/
  108. From the Blue Mountain Data Systems Blog People-Centric Security Pentagon Tries BYOD To Strike Work/Life Balance Open Source Model Considered for MS Windows Open Internet: To Be or Not to Be?
  109. From the Blue Mountain Data Systems Blog Malware Stays A Step Ahead Infecting One Third of Websites websites/ Machine-Generated Data: Potential Goldmine for the CIO cio/ Government Legacy Programs: Reuse vs. Replacement It Takes a Whole Village to Protect Networks and Systems systems/
  110. From the Blue Mountain Data Systems Blog Governance For the CIO Help Desk Consolidation – Lessons Learned One Year Later, Companies Still Vulnerable to Heartbleed heartbleed/ Federal Projects Cultivate Worker Passion
  111. ABOUT US Blue Mountain Data Systems Inc. Blue Mountain Data Systems Inc. is dedicated to application and systems development, electronic document management, IT security support, and the automation of workflow processes. Read more about our experience here: >>
  112. Recent Experience U.S. Dept. of Labor Employee Benefits Security Administration 1994 to Present Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support.
  113. MANAGEMENT Paul T. Vesely Founder, President, CEO and Principal Architect Mr. Vesely is a recognized thought leader in systems architecture and delivery, having designed and delivered many enterprise wide information and document management solutions. Mr. Vesely’s history includes 33 years experience in the information systems industry, with Unisys, Grumman, PRC and a host of clients in both government and private sectors.
  114. CONTACT US Contact Us Today to Discuss Your Next IT Project HEADQUARTERS 366 Victory Drive Herndon, VA 20170 PHONE 703-502-3416 FAX 703-745-9110 EMAIL WEB