Tech Update Summary from Blue Mountain Data Systems November 2016

1. Blue Mountain Data Systems Tech Update Summary November 2016

2. For CTOs, CIOs & CISOs Visit Blue Mountain Data Systems https://www.bluemt.com

3. For CTOs, CIOs & CISOs Every business day, we publish a Daily Tech Update for Federal & State CTOs ,CIOs & CISOs on the Blue Mountain Data Systems Blog. We hope you will visit our blog for the latest information. You can also receive these updates via email. Click here to subscribe. Here’s the summary of the Daily Tech Updates for November 2016. Hope the information and ideas prove useful. Best, Paul Vesely President and Principal Architect Blue Mountain Data Systems Inc.

4. Encryption

5. Encyption STATES: The Encryption Wars. Although the Federal Bureau of Investigation’s (FBI) dispute with Apple dominated the news for months this spring, the real encryption war may only now be simmering, as states battle the federal government over the right to regulate encryption. Recently, some states have proposed legislation that aims to require decryption, while members of Congress have started to propose federal solutions that would directly oppose such state legislation. Read more [REGBLOG.ORG]

6. Encyption PODCAST: Thwarting Attempts to Defeat Encryption in POS Devices. Exclusive, insightful audio interviews by Government Info Security staff with government/security leading practitioners and thought-leaders. Find out more [PODBAY.FM] READ: Encryption Policy in the Modern Age: A Not So Simple Debate. Stanford University researchers shared the fruits and frustrations of their efforts to clarify the government’s current practices around the encryption of electronic devices during a Crypto Policy Project event Nov. 2. Read the rest [GOVTECH.COM]

7. Encyption VIDEO: Apple CEO Tim Cook Refuses to Bypass Encryption on iPhone For FBI and Federal Government. Apple (APPL) CEO Tim Cook refuses to allow the United States Federal Government and the FBI to gain a “backdoor” to iOS in their attempt to hack into the cellphone of the San Bernardino terrorists, who attacked a Christmas Holiday party in December of 2015, killing 14 people. The Federal Government, via US Magistrate Sheri Pym, ordered Apple to provide the necessary information to crack the cellphone on Tuesday, February 16, 2016. Many see this case as yet another battle in the constant war of security vs. privacy in the United States. Some say that security should be tantamount to American patriotism, and that it should be upheld at all costs, above all (über alles) as Donald Trump said. There are others, such as former CIA employee Eric Snowden, who say that privacy should not be sacrificed in the name of security, because at a certain point, it becomes domestic spying. Find out more [YOUTUBE.COM]

8. Federal, State & Local IT

9. Federal, State & Local IT FEDERAL: Accelerating Federal Digital Government in the Age of Trump. The reality is that government customers expect anything they need to be available on any device they’re using, at any hour - no matter who is in the White House. Read more [GOVTECH.COM] ILLINOIS: 3 Ways Illinois IT is Preparing for the Future. With an eye for partnerships and a passion for his work, Illinois CIO Hardik Bhatt is looking ahead to new opportunities for his state. Find out more [GOVTECH.COM]

10. Federal, State & Local IT CALIFORNIA: Tech Leaders Plan to Develop IT Procurement Road Map. California CIO Amy Tong and Deputy CIO Chris Cruz aim to help navigate procurement challenges and opportunities. Find out more [GOVTECH.COM] LOCAL: Banding Together - 6 Challenges Shared by City CIOs. CIOs from six cities in New York convene annually to have open conversations in a closed, trusted space to share ideas, discuss common challenges and brainstorm potential solutions. This is a snapshot of selected conversations from the group’s annual meetings. Read the rest [GOVTECH.COM]

11. Federal, State & Local IT COLLABORATION: Technology Gives Police and Public Safety Agencies the Upper Hand. Cities put common IT infrastructure to work in the ongoing effort to prevent and reduce criminal activity. When a suspicious person or activity happens at Newburgh, N.Y.’s City Hall, police are notified directly. City employees can push a button to silently page the nearby police department in an emergency, one of many new features available since the city upgraded its communications infrastructure, adding new IP phones, paging and emergency notification software on top of a new Cisco Systems phone system. Find out more [STATETECHMAGAZINE.COM]

12. Databases

13. Databases MySQL: Admins, Update Your Databases to Avoid the MySQL Bug. Two critical privilege escalation vulnerabilities in MySQL, MariaDB, and Percona Server for MySQL can help take control of the whole server, which is very bad for shared environments. Read more [INFOWORLD.COM] SECURITY: Cerber Ransomware Now Targets Databases. Security company McAfee warns that the cybercriminals behind the Cerber ransomware have begun to target businesses as well as individuals by encrypting their databases until payment is received. Find out more [BETANEWS.COM]

14. Databases FEDERAL GOVERNMENT: New DOJ Database to Track Police Shooting Deaths, Address Implicit Bias. The U.S. Department of Justice is committing $750,000 to establish a national database of police-related shootings. It will be the first of its kind and, said Federal Bureau of Investigation Director James B. Comey, aims to resolve an “embarrassing” predicament: The federal government often lacks up-to- date information on police-involved shootings. Find out more [TRIPLEPUNDIT.COM]

15. Databases GAO: Agencies Need More Access to Databases to Stop Improper Payments. The Government Accountability Office says agencies are only getting partial or no access to information they need to help stop improper payments. The system developed by the Treasury Department and Office of Management and Budget to reduce improper payments doesn’t give agencies full access to databases they need to do so. The Government Accountability Office said the Do Not Pay working system offers only partial or no access to three of the six databases required by the Improper Payments Elimination and Recovery Improvement Act of 2012. The blockages mostly result from other regulations prohibiting unauthorized access to information within those databases. Read the rest [FEDERALNEWSRADIO.COM]

16. More About Blue Mountain BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S. Dept. of Labor, Employee Benefits Security Administration. Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support. Read more.

17. Electronic Document Management

18. Electronic Document Management SECURE DOCUMENTS: 18 Ways to Secure Your Electronic Documents. Electronic Document Management Systems (EDMS) are electronic repositories designed to provide organized, readily retrievable, collections of information for the life cycle of the documents. How can you keep these electronic files secure during the entire chain of custody? Here are 18 security suggestions. Read more [BLUEMT.COM] LEGAL DEPT DOCUMENT MANAGEMENT: Investing in New Technologies: How Corporate Legal Departments Are Leading the Way. Many departments are looking to technology to assist with automation of processes, resource and budgetary management, and tracking. Connie Brenton, co-founder of Corporate Legal Operations Consortium (CLOC), a non-profit association of legal operations executives, explains, “Corporate executives expect the GC’s office to be a business counselor to the firm, and to discuss numbers, data and analytics. Efficiency is now essential for legal departments, and this has advanced software’s role and accelerated technology adoption.” Find out more [INSIDECOUNSEL.COM]

19. Electronic Document Management CFPB: Looks to Embrace Cloud for Email, Office Application Needs. The Consumer Financial Protection Bureau wants to move to a public cloud setup for some of its core enterprise apps. The financial watchdog agency recently sent out a Request for Information (RFI) on the process, technical requirements and costs of moving to cloud services in fiscal year 2017. CFPB wants to establish a more complete understanding on the costs associated with moving fully to a cloud solution for email and office applications (e.g., documents, spreadsheets, presentations, SharePoint and more).Read the rest [FEDTECHMAGAZINE.COM]

20. Electronic Document Management ROI: 4 Ways Business Document Management Software Can Save You Money. Lisa Croft, Group Product Marketing Manager at Adobe Document Cloud, talks about the many ways business document management can save your company time, space, and more importantly, loads of money. Here are the four most obvious ways these tools provide excellent return-on-investment. Read more [PCMAG.COM]

21. Security Patches

22. Security Patches WHY: Users Should Avoid Microsoft’s Newly Released Preview Windows Patches. Microsoft’s new monthly patching cadence include ‘previews’ that are not for general consumption, including KB 3197869. Read more [INFOWORLD.COM] ANDROID: Linux users already got a fix for “Dirty Cow.” Android users aren’t so fortunate. Find out more [ARSTECHNICA.COM]

23. Security Patches JAVA: Java SE 8u102 Update Is Latest Security Patch. If you’re wondering when Java 9 will be released, it won’t be until March 2017, making Java 8 the latest stable version available. However, despite its stable release, patches are occasionally released to deal with situations as they arise. Find out more [NEUROGADGET.NET] ORACLE: Quarterly Critical Patch Update Is Another Whopper. Oracle Corp.’s latest quarterly Critical Patch Update (CPU), issued in October, was the second- largest ever, providing fixes for 253 security vulnerabilities for 76 of the company’s products, including seven security updates for Java SE 6, 7 and 8, and eight for the Java EE-based WebLogic and GlassFish application servers. Oracle’s July CPU provided fixes for a record 276 security flaws in the company’s products. Read the rest [ADTMAG.COM]

24. Security Patches WINDOWS: 5 Critical Updates for October Patch Tuesday. October’s change of season brings a fundamental change to how Microsoft presents and delivers updates to Windows 7 and 8.x systems. As of this month, Microsoft will now follow the Windows 10 cumulative update model for all currently supported versions of Windows platforms — including Windows 7 and 8.x systems. This is a big departure from a more granular approach using individual updates and patches. Microsoft will now “roll-up” security, browser and system component (.NET) into aggregate patches. This month Microsoft has released ten updates with five rated as critical, four rated as important and one update with a lower security rating of moderate. This release cycle includes several “Patch Now” updates for IE, Edge, Adobe Flash Player and a small component of Microsoft Office. All of these patches will require a restart. Find out more [COMPUTERWORLD.COM]

25. CIO, CTO & CISO

26. For the CIO, CTO & CISO CTO: What We Can Do To Prevent The Next Major DDOS Attack? Steve Herrod, Managing Director at General Catalyst, Former CTO of VMWare, answers the question: “What Are the Biggest Issues in Cyber Security in 2016?” Read more [FORBES.COM] CIO: U.S. CIO Releases Proposed Guidance to Modernize Federal IT. The proposed guidance asks agencies to develop and implement targeted modernization plans for specific high-risk, high-priority systems, and to do so in four phases. Find out more [GOVTECH.COM]

27. CIO, CTO & CISO CISO: What the Federal CISO Needs to Get the Job Done. The selection of Brig. Gen. Gregory J. Touhill (ret.) as the first federal chief information security officer is a key part of the President’s Cybersecurity National Action Plan. With the election a week away, it’s not clear how long Touhill will be holding the post. Irrespective of who occupies the hot seat, however, the critical question is whether the federal CISO will have at his or her disposal the tools and authorities necessary to get the job done. Without them, the country will end up with a CISO in name only. Find out more [FCW.COM]

28. CIO, CTO & CISO FUTURE: 3 Ways to Better Predict the Future in Your Enterprise. Data can help governments solve specific problems and prepare for major events. Wayne Gretzky once said, “A good hockey player plays where the puck is. A great hockey player plays where the puck is going to be.” But how can government leaders move from good to great with technology and security? Where will the “puck” be for your business area? Read the rest [GOVTECH.COM]

29. Penetration Testing

30. Penetration Testing ANALYTICS: The New Security Mindset: Embrace Analytics To Mitigate Risk. Merely conducting a penetration test may find a weakness. But conducting a creative analysis of the network and carefully analyzing the results will truly identify key areas of risk. Security professionals who can sniff out abnormalities in their IT network and applications can foil intruders’ plans before they escalate. This is a far different approach than simply finding a single weakness and then declaring “mission accomplished.” Read more [DARKREADING.COM]

31. Penetration Testing HOW TO: Respond to Social Engineering Incidents: An Expert Interview. Steven Fox is a top government cybersecurity expert, Distinguished Fellow with the Ponemon Institute and frequent speaker at top security events all over America. In this exclusive interview, Steven shares several low-tech but sophisticated social engineering techniques that hackers use to gain (unauthorized) privileged access into government systems and large and small company networks. Most important, what can we do to prevent fraud and respond to incidents that do occur? Find out more [GOVTECH.COM] TOOL: Where’s the BeEF? BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. Read more [GITHUB.COM]

32. Penetration Testing RISK MANAGEMENT: The Truth About Penetration Testing Vs. Vulnerability Assessments. Vulnerability assessments are often confused with penetration tests. In fact, the two terms are often used interchangeably, but they are worlds apart. To strengthen an organization’s cyber risk posture, it is essential to not only test for vulnerabilities, but also assess whether vulnerabilities are actually exploitable and what risks they represent. To increase an organization’s resilience against cyber-attacks, it is essential to understand the inter- relationships between vulnerability assessment, penetration test, and a cyber risk analysis. Find out more [SECURITYWEEK.COM]

33. Open Source

34. Open Source HATCHIT: An Open Source Game Engine. More students are learning about the world of open source through video games. Open source games like FreeCiv and Minetest invite young gamers to dig into the source code, while projects like SpigotMC empower them to write plugins to extend their favorite games. Unfortunately, the open source tools used to build games do not share the same prominence. Rochester Institute of Technology student Matt Guerrette hopes to help change that with Hatchit, his open source gaming engine. Read more [OPENSOURCE.COM] WHITE HOUSE: Open-Sources Chatbot. The White House opened the source code for the first government bot on Facebook Messenger in the hope that other governments and developers will use it to build similar services and foster online interactions with their citizens. Read the rest [FCW.COM]

35. Open Source NETWORKS: Securing the Future of Federal Networks with Open Standards. Back in the early 1940s, General Dwight Eisenhower, while tasked to build an Army, mandated the consolidation of weaponry, equipping soldiers with M1 Garand semi-automatic rifles. It was a controversial and disruptive move that upended the traditional way things were done; the relationship between an infantryman and his weapon was not one to be trifled with lightly. It was necessary action that ultimately provided a sound foundational building block for World War II combat and beyond. Today’s version of consolidation looks like the Defense Information Systems Agency’s Joint Information Environment initiative, which is converging various networks while bringing together disparate technologies. Those technologies have to work together if DISA is to achieve its ultimate goal of a consolidated and more efficient and cost-effective network. Juniper’s Tim Solms explains why it’s important for modern mission-critical systems to be built on open source code. Find out more [FEDSCOOP.COM]

36. Open Source TOOLS: Open Source Software Matches Benefits to Eligible Recipients. State agencies can now leverage an open source tool to help ensure that individuals eligible for income-based human service benefits actually receive them. The software is Benefit Assist, and it was first launched in 2015 by Intuit for that company’s TurboTax users. Benefit Assist sifts through tax information to help determine a person’s eligibility for benefits from programs such as the Supplemental Nutrition Assistance Program, Medicaid and Medicare.. Find out more [GCN.COM]

37. Business Intelligence

38. Business Intelligence INFORMATION MANAGEMENT: Operational Business Intelligence Sees a Surge in Use. This year saw a surge in the use of business intelligence in production and operations departments, and customer analysis emerged as the number one investment area for new business intelligence projects. Those are two of the finding of the new BI Survey 16 from the Business Application Research Centre (BARC), and analyst and consulting firm for enterprise software, with a focus on business intelligence, data management, enterprise content management, customer relationship management, and enterprise resource planning. Read more [INFORMATION-MANAGEMENT.COM]

39. Business Intelligence STUDY: Strong Data Governance Enables Business Intelligence Success, Says Forbes Insights Study. According to a report by Forbes Insights, in association with Qlik, “Breakthrough Business Intelligence: How Stronger Governance Becomes a Force for Enablement,” organizations report that they are obtaining breakthrough returns from investments in business intelligence (BI). Yet companies worry they may be leaving too much potential BI-generated performance on the table; fewer than half feel they are gaining full benefit from their programs. Key concerns: less than optimal adoption rates, lingering silos, multiple “versions of the truth” and security. Find out more [FORBES.COM]

40. Business Intelligence TRENDS 2017: Business Intelligence Trends for 2017. Analyst and consulting firm, Business Application Research Centre (BARC), has come out with the top BI trends based on a survey carried out on 2800 BI professionals. Compared to last year, there were no significant changes in the ranking of the importance of BI trends, indicating that no major market shifts or disruptions are expected to impact this sector. Find out more [READITQUIK.COM] INTERVIEW: Enterprise Risk Management Properly Implemented Could Strengthen Decision Making. Sheila Conley, deputy assistant secretary and deputy chief financial officer at the Department of Health and Human Services, answers the question, “What do you think is the most important change the government needs to make in the next 5 years?” Read the rest [FEDERALNEWSRADIO.COM]

41. Operating Systems

42. Operating Systems FEDERAL TECHNOLOGY: 6 Items That Should Be on the New Federal CISO’s To-Do List. In his final budget proposal, President Barack Obama highlighted cybersecurity as a top priority and proposed a new position for the federal government: a chief information security officer. Read more [NEXTGOV.COM] FEDERAL GOVERNMENT: U.S. Government Agencies Are Still Using Windows 3.1, Floppy Disks and 1970s Computers. Lawmakers push US agencies to replace outdated IT systems. Find out more [PCWORLD.COM]

43. Operating Systems PODCAST: Pacific Exchanges Podcast: Regulating Fintech in Singapore. The first episode in the series of Pacific Exchanges examines the development of financial technology – commonly known as “FinTech” – in Asia, assessing how technology impacts the financial system, affects access to finance, and changes the competitive landscape for banks. With experts like the Chief Fintech Officer of Singapore’s central bank, a senior officer at the Bill & Melinda Gates Foundation involved in technology-enhanced financial inclusion, and a Stanford University scholar focused on FinTech’s potential for small business lending, we discuss what makes financial technology in Asia so unique and exciting. Find out more [FRBSF.ORG]

44. Operating Systems MICROSOFT: Windows is the Most Popular Operating System in the US, According to the Federal Government. According to the federal government’s Digital Analytics Program (DAP), Windows is the most popular end-user operating system. According to the analytics report, Windows is the top operating system with 58.4% of all government website visitors in the United States. The analytics report also reveals that the most popular Windows version is Windows 7 (41.5%), followed by Windows 8 (9.8%) and XP (3.4%). Read the rest [MSPOWERUSER.COM]

45. Incident Response

46. Incident Response CYBERSECURITY: Finalizing Cyber Incident Response Might Be Easier Than Deciding When to Use It. One of the provisions of Presidential Policy Directive 41 is updating the interim National Cyber Incident Response Plan drafted in 2010. The revised plan is on target to be completed by the end of the year, but one question it cannot clearly address is the circumstances under which it should be put into action. Read more [FCW.COM] PHISHING: 4 Strategies for Foiling Phishing Attacks. Organizations can throw more technology at the problem but some phishing emails will still evade the filters. Despite repeated warnings, employees continue to open email attachments or click on links from unfamiliar sources. Here are four strategies for securing organizations against phishing attacks. Find out more [CSOONLINE.COM]

47. Incident Response HEALTH IT SECURITY: HIMSS Praises DHS National Cybersecurity Response Plan. The recent National Cyber Incident Response Plan from the Department of Homeland Security is a critical step forward, but could be strengthened in a few areas. Understanding the dimensions of potential cyber threats and providing better clarification on what equates a significant cyber incident are two suggestions the Healthcare Information Management Systems Society (HIMSS) provided to the Department of Homeland Security (DHS) on its recent cybersecurity response plan. Find out more [HEALTHITSECURITY.COM]

48. Incident Response DHS: Races to Get Obama’s Signature on Cyber Response Plan. The Homeland Security Department wants to make sure an updated plan for how the government responds to major cyberattacks is set in stone before President Barack Obama leaves office. “The alternative is leaving the country with a 6-year-old interim plan while a new presidential administration settles in and forcing final approval of the new plan to battle for attention with hundreds of other priorities facing a new administration,” said Bridgette Walsh, a cyber branch chief with DHS’ National Protection and Programs Directorate. Read the rest [NEXTGOV.COM]

49. Incident Response DHS: Last Chance to Comment on DHS’s National Cyber Incident Response Plan. The Department of Homeland Security is currently soliciting public feedback on its National Cyber Incident Response Plan (NCIRP) refresh, a strategic framework described as “a nationwide approach to cyber incidents, to talk about the important role that private sector entities, states, and multiple federal agencies play in responding to cyber incidents and how those activities all fit together.” Read more [FEDERALTIMES.COM] NETWORK SECURITY: 2 Do’s and 2 Don’ts of Incident Response and Anomaly Detection. Anomaly detection is growing in popularity as organizations get proactive about incident response. These practices help you get the most out of anomaly detection. Find out more [ESECURITYPLANET.COM]

50. Incident Response PLANNING: Five Tips for Creating a Practical Incident Response Plan. Regardless of the size of an organization, having a comprehensive approach to incident response is essential if the company wishes to survive the attack and reduce the impact and cost of recovery. Most importantly, the IR plan should be practical enough for the organization to act rapidly and effectively in the event of a compromise. When designing an incident response plan, organizations should start with these five tips. Find out more [ITPROPORTAL.COM] LEGAL: Introducing the Cybersecurity Reference Model. Cybersecurity has penetrated our everyday existence, entertainment, and individual concern, but little has been written to help the legal community understand the roles and opportunities within this burgeoning corner of the job market. Read the rest [INSIDECOUNSEL.COM]

51. Tech Research News

52. Tech Research News MIT: Cache Management Improved Once Again. New version of breakthrough memory management scheme better accommodates commercial chips. A year ago, researchers from MIT’s Computer Science and Artificial Intelligence Laboratory unveiled a fundamentally new way of managing memory on computer chips, one that would use circuit space much more efficiently as chips continue to comprise more and more cores, or processing units. In chips with hundreds of cores, the researchers’ scheme could free up somewhere between 15 and 25 percent of on-chip memory, enabling much more efficient computation. Their scheme, however, assumed a certain type of computational behavior that most modern chips do not, in fact, enforce. Last week, at the International Conference on Parallel Architectures and Compilation Techniques – the same conference where they first reported their scheme – the researchers presented an updated version that’s more consistent with existing chip designs and has a few additional improvements. Read more [NEWS.MIT.EDU]

53. Tech Research News REPORT: Digital Readiness Gaps. According to Pew Research Center, Americans fall along a spectrum of preparedness when it comes to using tech tools to pursue learning online, and many are not eager or ready to take the plunge. Find out more [PEWINTERNET.ORG] DOD: Ashton Carter – Cyber Tech, Automation, Biological Research Essential for DoD Missions. Defense Secretary Ashton Carter has said automated systems, cyber technology and biological research efforts are necessary to keep the Defense Department moving forward. Find out more [EXECUTIVEGOV.COM]

54. Tech Research News FITNESS TRACKING: Weight Loss On Your Wrist? Fitness Trackers May Not Help. Fitness trackers remain wildly popular, but do they make us fit? Maybe not, according to a study that asked overweight or obese young adults to use the tiny tracking tools to lose weight. Read the rest [NPR.ORG]

55. Search Technology

56. Search Technology SOLR: Not Just For Text Anymore. When Solr came out, it was supposed to be an OpenSource text search engine. Now it has a big place in Big Data. Read what Ness's CTO, Moshe Kranc has to say about how it has evolved. Read more [DZONE.COM] INGALLS: Spring Data 'Ingalls' Release Train Leaves Station. The Spring Data team has announced the first milestone release of the Ingalls Release Train. This coordinated release of subprojects under the Spring Data umbrella ships with 230 fixes and a number of new features. Find out more [ADTMAG.COM]

57. Search Technology GOOGLE: Announces New Cloud Natural Language API While Cloud Search API Goes Beta. Google says that the Cloud Natural Language API gives developers access to three Google-powered engines– sentiment analysis, entity recognition, and syntax analysis. The service is currently available in open beta and is based on the company’s natural language understanding research. It will initially support three languages– English, Spanish and Japanese and will help developers reveal the structure and meaning of your text in the given language. Read more [THETECHPORTAL.COM] AMAZON: Amazon EC2 Container Service Now Supports Networking Modes and Memory Reservation. Docker networks provide isolation for your containers. It is important to have control over the networks your applications run on. With Amazon ECS, you can now specify an optional networking mode for your containers that cater towards different use cases. Find out more [DABCC.COM]

58. Application Development

59. Application Development IoT: Why App Development Is The Key To Unlocking The IoT Vault. Solution providers are positioning themselves for success in the lucrative Internet of Things market by bolstering their application development teams. Companies bringing IoT solutions to market face several hurdles, including interoperability, security and data management challenges – and staffing up with IoT application developers is critical for tackling these issues. Read more [CRN.COM] SDKS: How Imaging SDKs Can Solve Today’s Application Development Challenges. In a mobile-first world, developers understand the importance of creating a next- generation app that fits in with client or user expectations. Developers should consider the myriad of SDK options if they want to improve functionality for the user, especially imaging SDKs. Although they are a niche market, these SDKs can add better imaging capabilities and target industry-related problems that companies are trying to tackle. Find out more [SDTIMES.COM]

60. Application Development SECURITY: Application Security Requires More Talk Than Tech. If you think application security only involves installing a tool, or scanning a few apps and moving on, you’re wrong. Application security is a unique security initiative, and its success hinges on people as much as technology. Read more [INFOWORLD.COM] SPEED: How to Speed Enterprise App Development and Meet Digital Transformation Demands. Low-code platforms are key in accelerating digital transformation with rapid application development. Find out more [INFORMATION-AGE.COM]

61. BYOD

62. BYOD FEDERAL BYOD: The Mobile Security Conundrum. There are currently more than 7.7 billion mobile connections around the world. Thanks to the Internet of Things, it is predicted that the number of connected devices will reach an astounding 20.8 billion by 2020. With the average number of mobile devices owned per person currently estimated at 3.64, those devices are becoming necessary equipment for today’s workers. Read more [GCN.COM] VIDEO: The BYOD Initiative: How Public and Private Sector Industries Manage BYOD. In today’s digital IT landscape, one trend that will continue to garner heavy steam and frequent notice is the consumerization of IT, where personal and popular consumer market technologies and devices make their way into a workplace that supports the Bring Your Own Device (BYOD) initiative. Find out more [YOUTUBE.COM]

63. BYOD IT STRATEGY: Employees Feel Pressure to Use Personal Smartphones at Work. Businesses are encouraging employees to use personal devices for work purposes, but according to a recent survey, without a proper BYOD strategy and reimbursement plan in place, it might be decreasing productivity. Find out more [CIO.COM] READ: Federal Agencies Behind the Curve: IoT and BYOD. The rate at which technology evolves has increased rapidly in past years. The pace of change presents a challenge to all levels of government that must quickly react to nascent technologies. Bring Your Own Device (BYOD) and the Internet of Things (IoT) are two such technological trends that have transformed how business operates in the United States and should change the way that government functions as well. Read the rest [BROOKINGS.EDU]

64. Big Data

65. Big Data CASE STUDY: You Don’t Need Big Data – You Need the Right Data. Our relentless focus on the importance of big data is often misleading. Yes, in some situations, deriving value from data requires having an immense amount of that data. But the key for innovators across industries is that the size of the data isn’t the most critical factor – having the right data is. Read more [HBR.ORG] SECURITY: Mitigating the Security Risks of Big Data. Big data implementations are complex, multi-level stacks, encapsulating some of an organization’s most important and sensitive data. As such, when these deployments go into production, they create a high-risk asset. And herein lies the challenge for IT organizations: securing access to big data while still providing end user access for extracting valuable business insights. Here are three big data security risks and a simple approach to mitigating them. Find out more [CIO.COM]

66. Big Data LITTLE DATA: Forget Big Data – Little Data Is Making Learning Personal. According to Bob Wise, president of the Alliance for Excellent Education, a nonprofit that advocates for high school education reform, little data – and how teachers use it – is the key to making learning as individualized as possible. Classroom technologies make it easier than ever to collect information on students. Now, teachers must figure out the best way to analyze that data and put it to good use. Find out more [WIRED.COM] UPDATES: 5 Key Points When Presenting Big Data Project Updates to the Board. It’s easy to be so focused on the daily chores of managing a big data project that you forget to keep the board in the loop. Never take the board’s endorsement for granted. Read the rest [TECHREPUBLIC.COM]

67. Mobile Applications

68. Mobile Applications INTERVIEW: Why Developers Benefit When Implementing a Cloud Backend into Apps. Here’s an interview with Ashruti Singh, Product Marketing Manager for SAP HANA Cloud Platform at SAP, who discusses how app developers stand to benefit from implementing mobile cloud back ends into their programs and where she sees the future of mobile app development heading in 2017. Read more [APPDEVELOPERMAGAZINE.COM] FED TECH: Why Citizen Input is Crucial to the Government Design Process. As digital technology practices such as modular procurement and DevOps become widely adopted across government, the gap between IT and operations is closing and benefits from the new approach are becoming clearer each day. Now, government must take the next step: close the gap between citizen-specific needs and the process for designing, developing and deploying digital government. Find out more [NEXTGOV.COM]

69. Mobile Applications MANAGEMENT: Organizations Need to Balance Value and Security When Adopting New Mobile Devices. As new products hit the market, enterprises must decide whether to introduce the device or wait. Find out more [FEDTECHMAGAZINE.COM] CLOUD: Will Digital Economy Create A Developer Shortage? As more companies seek to transform themselves digitally and effectively become software companies, some are going to have trouble filling “the developer gap,” according to a Cloud Foundry report. Read the rest [INFORMATIONWEEK.COM]

70. IT Management

71. IT Management PERFORMANCE: Why Performance Management Is Dead & Performance Motivation Is Here To Stay. How's your team performing? Before you start the process of performance evaluations, take 10 minutes and discover why performance management is dead and performance motivation is here to stay. Read more [FORBES.COM] CXO: 3 Survival Skills for Reluctant IT Managers. Textbook management practices don't always work in IT disciplines. Here are some strategies for tech professionals who find themselves in a management role. Find out more [TECHREPUBLIC.COM]

72. IT Management LEGAL: How to Avoid Failure by Design. When it comes to technology projects, lawyers have a dual role. Firstly, to help the parties convert the commercial deal into a robust contract. Secondly, to help identify what could go wrong and make sure that the contract has appropriate mechanisms to deal with failures and disputes. This second role is particularly essential because the evidence shows that many technology projects do fail. Projects are delayed, exceed budget, and/or don’t deliver technology that meets the customer's needs. Find out more [COMPUTERWORLDUK.COM]

73. IT Management SLIDESHOW: Why Managers Lack Confidence in Their Firm's Data. Nearly all managers lack complete confidence in their company's data, according to a recent survey from Experian Data Quality. The accompanying report, "Building a Business Case for Data Quality," indicates that, despite the trust issues, it often takes many months for companies to approve data quality initiatives. Meanwhile, IT managers overseeing these efforts struggle to deal with large data volumes, human error and a lack of data standardization. Read the rest [BASELINEMAG.COM]

74. Programming & Scripting Development Client & Server-Side

75. Programming & Scripting Development Client & Server-Side JAVA & JAVASCRIPT: PurpleJS Unites Java, JavaScript Development. The framework lets developers write apps in JavaScript that run on the JVM using Java as the runtime. Read more [INFOWORLD.COM] PHP: Peachpie Open Source PHP to .NET Compiler. Peachpie is a new open source PHP language to .NET compiler, which aims at full PHP 7 compatibility. Looking at it gave us the opportunity to revisit the state of dynamic language interoperability on the .NET platform and consider the practical advantages that arise out of this atypical symbiosis of dynamic and static languages under the same roof. Find out more [I-PROGRAMMER.INFO]

76. Programming & Scripting Development Client & Server-Side PYTHON: 5 Wicked-Fast Python Frameworks You Have to Try. Faster, simpler, more “Pythonic” — those are the rallying cries for each new web framework in the Python ecosystem. There’s nothing wrong with tried-and-true solutions, but the big leap from Python 2 to Python 3 has brought all sorts of potential improvements, including a powerful asynchronous event framework that’s perfect for network libraries. Here are five recently minted web and network frameworks for Python that ramp up the speed, take advantage of new breakthroughs, and provide fresh spins on old ideas. Find out more [INFOWORLD.COM]

77. Programming & Scripting Development Client & Server-Side C#: Projects Seek To Extend Reach of C#. Apple’s young Swift programming language is getting a lot of attention and being put to new uses as it evolves, but Microsoft’s .NET stalwart C# language isn’t exactly sitting still. For example, several projects seek to extend the reach of the language by converting C# code into other languages, such as C++ and JavaScript. Here’s a look at two of those projects recently in the news that provide such translation, albeit for quite different purposes: CoreRT and Bridge.NET. Read the rest [ADTMAG.COM]

78. Cloud Computing

79. Cloud Computing FED GOVERNMENT: Microsoft Eyes Most-Trusted Status in Government Cloud Computing. Microsoft Corp. will open two isolated cloud-computing centers in Texas and Arizona this year to securely host sensitive U.S. Department of Defense data, providing insight into the company’s federal business strategy. Read more [ABOUT.BGOV.COM] VIDEO: Microsoft Cloud for Government. Doug Hauger, General Manager for National Cloud Programs at Microsoft, announces the launch of Microsoft Azure Government, the upcoming availability of CRM Online Government, and Office 365 Government. Together, they make up the Microsoft Cloud for Government which meets the requirements and addresses the needs of U.S. Federal, State, and Local Government organizations. Find out more [YOUTUBE.COM]

80. Cloud Computing PODCAST: Cloud Computing: The Security Concerns. Exclusive, insightful audio interviews by Government Info Security staff with government/security leading practitioners and thought-leaders. Find out more [PODBAY.FM] FEDERAL AGENCIES: Cloud Adoption Finally on the Rise. Cloud adoption by U.S. government agencies is rising fast, with Amazon seeing growth of 221 percent year- on-year for its Amazon Web Services (AWS) GovCloud since it launched in late 2011, according to Fortune. Similarly, Microsoft has seen high levels of growth, with 5.2 million users of Microsoft Cloud for Government. Interest is particularly high for capabilities that government agencies are lacking in-house, such as cloud computing for big data analytics, deep learning and natural language processing capabilities to examine data for patterns and anomalies. Read the rest [INSIGHTS.SAMSUNG.COM]

81. Cloud Computing TRENDS: 6 Trends That Will Shape Cloud Computing in 2017. Public, private and hybrid cloud implementations will accelerate in 2017 as CIOs seek to take advantage of the cloud’s economies of scale to build core applications. Read more [CIO.COM] AMAZON: Cloud Computing Remains Secure. Amazon.com Inc.’s top cloud computing executive said that even with last week’s massive internet outages, the web remains the most secure place for companies to run their computing. Amazon Web Services CEO Andy Jassy said that for most companies, security is “priority zero.” Find out more [WSJ.COM]

82. Cloud Computing NETWORKS: Your Network, IoT, Cloud Computing and the Future. Anyone in charge of a network has to think about how that network will evolve. Find out more [NETWORKWORLD.COM] READ: Cloud Investments & the Future of Cloud Computing. The cloud industry is evolving – a point that is made abundantly clear by the scope of industry investments being made today. In the early days of cloud, investments went toward companies that were working to create acceptable usable cloud experiences for users. These companies were focused on fundamentals, such as cloud security and cloud maintenance. Read the rest [ENTERPRISETECH.COM]

83. Personal Tech

84. Personal Tech NEW TECH: Top 10 Emerging Technologies in the Digital Workplace. Multiple industry dynamics are aligning to create the conditions for an explosion of employee-facing technology. Developments in text analytics, natural-language processing, data science and the Internet of Things (IoT), for example, can be combined in novel ways to produce work tools capable of creating substantial competitive advantage. Read more [FORBES.COM] VIDEO: How to Salvage Your Worn iPhone Cords. Are you sick of spending money on new iPhone cables? WSJ’s Michael Hsu has a festive fix for cords that need mending. Find out more [WSJ.COM]

85. Personal Tech LISTEN: Gadget Lab Podcast from Wired.com – Human Enough. We’re spending a lot of time talking to our devices. They’re talking back, too – products like Google Home and Amazon Echo can answer questions, give us helpful information, and tell stupid jokes. But what’s the end result of all this gabbing? Smarter AI assistants, sure. But the way we bark commands at our voice-controlled tech and treat the devices like lowly machines … is that making us ruder? Should we design the computers to talk to us more like humans in order to encourage empathy, or should we keep them cold and machine-like so we don’t get unhealthily attached? Is this even a problem? Find out more [WIRED.COM] GOOD QUESTION: What About the Personal Data on Those Millions of Recalled Note7s? Expert notes ‘unprecedented’ recall where users were told to stop using Note7, leaving no time to delete info. Read the rest [COMPUTERWORLD.COM]

86. Personal Tech TIPS: Cybersecurity Awareness Month Tips for Online Security. Never forget that any kind of business or work you do online — including email, shopping, social media sites, and surfing – warrants some level of scrutiny. So spend some time during Cybersecurity Awareness Month thinking about what you need to do to make yourself less vulnerable to attack as you use the Internet. Find out more [COMPUTERWORLD.COM]

87. IT Security | Cybersecurity

88. IT Security | Cybersecurity MARKETS: Wall Street Frets About Cybersecurity as U.S. Demands More Data. Firms say numerous breaches at federal agencies are a cause of concern that government won’t be able to safeguard information. Read more [WSJ.COM] PRACTICAL TIPS: For Cybersecurity This Cyber Monday. Cyber Monday has become so embedded in our online shopping culture that many may not remember a time without it – yet it’s quite a contemporary holiday tradition. As ubiquitous as its current presence, so too are its security warnings. For most of us, these warnings are mainstays of the modern online era. Here’s a quick refresher. Find out more [FORBES.COM]

89. IT Security | Cybersecurity FEDERAL GOVERNMENT: Government Resiliency: Pillars of Cybersecurity. Innovation and cybersecurity are in a head-on collision in the federal government. The growing use of connected devices under the moniker Internet of Things (IoT), the move to the cloud and what seems to be the ever growing expansion of mobile devices is causing government and industry alike to rethink how to be cyber secure, while also not stifling innovation at the same time. Find out more [FEDERALNEWSRADIO.COM] SECURITY: Government in Competition with Private Sector for Cybersecurity Experts. In the federal government’s push to expand cybersecurity training, it has targeted all levels of education and designated nearly 200 colleges and universities as National Centers of Academic Excellence in Cyber Defense. Read the rest [GOVTECH.COM]

90. From the Blue Mountain Data Systems Blog Personal Tech https://www.bluemt.com/personal-tech-daily-tech-update-october-28-2016 IT Management https://www.bluemt.com/it-management-daily-tech-update-october-27-2016 Business Intelligence https://www.bluemt.com/business-intelligence-daily-tech-update-october-26- 2016 Incident Response https://www.bluemt.com/incident-response-daily-tech-update-october-25-2016

91. From the Blue Mountain Data Systems Blog Security Patches https://www.bluemt.com/security-patches-daily-tech-update-october-24-2016/ BYOD https://www.bluemt.com/byod-daily-tech-update-october-21-2016/ Databases https://www.bluemt.com/databases-daily-tech-update-october-20-2016/ Operating Systems https://www.bluemt.com/operating-systems-daily-tech-update-october-19- 2016/

92. From the Blue Mountain Data Systems Blog Encryption https://www.bluemt.com/encryption-daily-tech-update-october-18-2016/ Cloud Computing https://www.bluemt.com/cloud-computing-daily-tech-update-october-17-2016/ Programming & Scripting https://www.bluemt.com/programming-scripting-daily-tech-update-october-14- 2016/ Incident Response https://www.bluemt.com/incident-response-daily-tech-update-october-13- 2016/

93. From the Blue Mountain Data Systems Blog Cybersecurity https://www.bluemt.com/cybersecurity-daily-tech-update-october-12-2016/ Big Data https://www.bluemt.com/big-data-daily-tech-update-october-11-2016/ Mobile Applications https://www.bluemt.com/mobile-applications-daily-tech-update-october-7- 2016/ Cloud Computing https://www.bluemt.com/cloud-computing-daily-tech-update-october-6-2016/

94. From the Blue Mountain Data Systems Blog Open Source https://www.bluemt.com/open-source-daily-tech-update-october-5-2016/ CTO, CIO and CISO https://www.bluemt.com/cto-cio-ciso-daily-tech-update-october-4-2016/ Programming & Scripting https://www.bluemt.com/programming-scripting-daily-tech-update-october-3- 2016/

95. From the Blue Mountain Data Systems Blog Feds Report Mixed Responses to Shared Services https://www.bluemt.com/feds-report-mixed-responses-to-shared-services Federal Employees Are Not Security Experts https://www.bluemt.com/federal-employees-are-not-security-experts Survival Guide for Network Administrators https://www.bluemt.com/survival-guide-for-network-administrators DBaaS: OpenStack Trove Changes DB Management https://www.bluemt.com/dbaas-openstack-trove-changes-db-management

96. From the Blue Mountain Data Systems Blog Help Wanted: Certified Cybersecurity Professionals https://www.bluemt.com/help-wanted-certified-cybersecurity-professionals Cyber Threat Intelligence Integration Center Preview https://www.bluemt.com/cyber-threat-intelligence-integration-center-preview/ Cloud Moves in 1-2-3 https://www.bluemt.com/cloud-moves-in-1-2-3/ Change Management for Disaster Recovery https://www.bluemt.com/change-management-for-disaster-recovery/

97. From the Blue Mountain Data Systems Blog Jeffersonian Advice For C-Suite Career Advancement https://www.bluemt.com/jeffersonian-advice-for-c-suite-career-advancement/ Ways To Survive The “Mobile-Pocalypse” https://www.bluemt.com/ways-to-survive-the-mobile-pocalypse/ Microsoft Cloud Services Receive FedRAMP Authority to Operate https://www.bluemt.com/microsoft-cloud-services-receive-fedramp-authority- to-operate/ Hiring Pentesters? Here Are 10 Things You Need to Know https://www.bluemt.com/hiring-pentesters-here-are-10-things-you-need-to- know/

98. From the Blue Mountain Data Systems Blog Home Router Malware Alert https://www.bluemt.com/home-router-malware-alert/ Threat Model Deconstruction https://www.bluemt.com/threat-model-deconstruction/ Business Email Scam Nets $214 Million https://www.bluemt.com/business-email-scam-nets-214-million/ How to Prevent Unauthorized Software from Taking Over Your Organization https://www.bluemt.com/the-cios-guide-to-happy-end-users-2/

99. From the Blue Mountain Data Systems Blog Digital Marketing Predictions for 2015 https://www.bluemt.com/digital-marketing-predictions-for-2015/ SDN: Network Administrator’s Friend or Foe? https://www.bluemt.com/sdn-network-administrators-friend-or-foe/ Mobile Payments: A Must for Federal Agencies https://www.bluemt.com/mobile-payments-a-must-for-federal-agencies/ Soft Skills Are A Must-Have For Careers In IT https://www.bluemt.com/soft-skills-are-a-must-have-for-careers-in-it/

100. From the Blue Mountain Data Systems Blog Security Risks Most Prevalent in Younger Workers https://www.bluemt.com/security-risks-most-prevalent-in-younger-workers/ The Security World’s Maturation https://www.bluemt.com/the-security-worlds-maturation/ Data Breach Concerns Keep CISOs Up At Night https://www.bluemt.com/data-breach-concerns-keep-cisos-up-at-night/ Personalized Govt Equals Instant Gratification for Citizens https://www.bluemt.com/personalized-govt-equals-instant-gratification-for- citizens/

101. From the Blue Mountain Data Systems Blog People-Centric Security https://www.bluemt.com/people-centric-security/ Pentagon Tries BYOD To Strike Work/Life Balance https://www.bluemt.com/pentagon-tries-byod-to-strike-worklife-balance/ Open Source Model Considered for MS Windows https://www.bluemt.com/open-source-model-considered-for-ms-windows/ Open Internet: To Be or Not to Be? https://www.bluemt.com/open-internet-to-be-or-not-to-be/

102. From the Blue Mountain Data Systems Blog Malware Stays A Step Ahead Infecting One Third of Websites https://www.bluemt.com/malware-stays-a-step-ahead-infecting-one-third-of- websites/ Machine-Generated Data: Potential Goldmine for the CIO https://www.bluemt.com/machine-generated-data-potential-goldmine-for-the- cio/ Government Legacy Programs: Reuse vs. Replacement https://www.bluemt.com/government-legacy-programs-reuse-vs-replacement/ It Takes a Whole Village to Protect Networks and Systems https://www.bluemt.com/it-takes-a-whole-village-to-protect-networks-and- systems/

103. From the Blue Mountain Data Systems Blog Governance For the CIO https://www.bluemt.com/governance-for-the-cio/ Help Desk Consolidation – Lessons Learned https://www.bluemt.com/help-desk-consolidation-lessons-learned/ One Year Later, Companies Still Vulnerable to Heartbleed https://www.bluemt.com/one-year-later-companies-still-vulnerable-to- heartbleed/ Federal Projects Cultivate Worker Passion https://www.bluemt.com/federal-projects-cultivate-worker-passion-2/

104. ABOUT US Blue Mountain Data Systems Inc. Blue Mountain Data Systems Inc. is dedicated to application and systems development, electronic document management, IT security support, and the automation of workflow processes. Read more about our experience here: >> http://bluemt.com/experience

105. Recent Experience U.S. Dept. of Labor Employee Benefits Security Administration 1994 to Present Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support.

106. MANAGEMENT Paul T. Vesely Founder, President, CEO and Principal Architect Mr. Vesely is a recognized thought leader in systems architecture and delivery, having designed and delivered many enterprise wide information and document management solutions. Mr. Vesely’s history includes 33 years experience in the information systems industry, with Unisys, Grumman, PRC and a host of clients in both government and private sectors.

107. CONTACT US Contact Us Today to Discuss Your Next IT Project HEADQUARTERS 366 Victory Drive Herndon, VA 20170 PHONE 703-502-3416 FAX 703-745-9110 EMAIL paul@bluemt.com WEB https://www.bluemt.com

Tech Update Summary from Blue Mountain Data Systems November 2016

BMDS3416

Tech Update Summary from Blue Mountain Data Systems November 2016