Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Tech Update Summary from Blue Mountain Data Systems September 2018


Published on

September 2018: For CTOs, CIOs & CISOs Every business day, we publish a Daily Tech Update for Federal & State CTOs ,CIOs & CISOs on the Blue Mountain Data Systems Blog. We hope you will visit our blog for the latest information >>

Published in: Software
  • Be the first to comment

  • Be the first to like this

Tech Update Summary from Blue Mountain Data Systems September 2018

  1. 1. Blue Mountain Data Systems Tech Update Summary September 2018
  2. 2. For CTOs, CIOs & CISOs Visit Blue Mountain Data Systems
  3. 3. For CTOs, CIOs & CISOs Every business day, we publish a Daily Tech Update for Federal & State CTOs ,CIOs & CISOs on the Blue Mountain Data Systems Blog. We hope you will visit our blog for the latest information. You can also receive these updates via email. Click here to subscribe. Here’s the summary of the Daily Tech Updates for September 2018. Hope the information and ideas prove useful. Best, Paul Vesely President and Principal Architect Blue Mountain Data Systems Inc.
  4. 4. Network Security
  5. 5. Network Security IT WATCH: Finding and Fixing Security On Your Network Perimeter. Networks need multiple layers of security. However, with the complexity inherent in the internal layers, many folks pay short shrift to the perimeter. That’s a mistake and here’s why. Read more [PCMAG.COM] SOFTWARE: Linux Kernel 4.18: Better Security, Leaner Code. The latest version of the Linux kernel cleans out nearly 100K lines of code, adds file encryption and the Berkeley Packet Filter, plus makes a nod to gamers and mobile devices. Read more [NETWORKWORLD.COM]
  6. 6. Network Security NETWORK DESIGN: Machine Learning Is Becoming a Must in Data Center Network Security. The volume of data traveling on networks and sophistication of attack tools are outpacing human experts’ capabilities. Read more [DATACENTERKNOWLEDGE.COM] SECURITY: Think Like an Attacker…Three Network Security Points to Identify and Protect. Pulling the plug on the Internet is often jokingly referred to as the best solution for network security. All kidding aside, anything you can do to make it harder for the bad guys to gain access to your network can have a positive impact on your overall security posture. That begs the question: with so many cyber security threats and attack methods to worry about – and so many hardware and software solutions to consider – where should you focus? Read more [SECURITYBOULEVARD.COM]
  7. 7. Encryption
  8. 8. Encyption INDUSTRY INSIGHT: Encryption Management in Government Hyperconverged IT Networks. Hyperconvergence is becoming more widely accepted in government IT infrastructure, with agencies like the Department of State and the Government Accountability Office moving to the solution. A hyperconverged infrastructure (HCI) enables organizations to scale IT in the cloud while maintaining the performance, reliability and availability of an on-premises data center. It combines storage, compute, networking and a hypervisor into a single solution for a fully functional data center. But it’s not without its particular set of problems – for example, ensuring that sensitive data is properly encrypted and encryption keys are appropriately managed. Read more [GCN.COM]
  9. 9. Encyption SECURITY: Flaw Can Leak Intel ME Encryption Keys. Intel has released updates for Intel ME, SPS, and TXE firmware to address encryption key-spilling flaw. Read more [ZDNET.COM]
  10. 10. Databases
  11. 11. Databases SQL SERVER: 2 Ways to Attach SQL Server Database Files to Linux Containers. SQL Server files can be stored outside of Docker containers in host directories or volumes. Here’s how to set up SQL Server on Linux databases and attach them to containers. Read more [SEARCHSQLSERVER.TECHTARGET.COM] MICROSOFT: 5 SQL Server Components You Should Be Using. Microsoft’s rapid- fire release cycle for SQL Server means it’s easy for database admins to miss useful new features. Here are some recent additions that might otherwise fly under the radar. Read more [REDMONDMAG.COM]
  12. 12. Databases REVIEW: MongoDB Takes on the World. MongoDB 4.0 beefs up with global cloud clusters, multi-document ACID transactions, and HIPAA compliance. Read more [INFOWORLD.COM] HOW TO: Fix Corrupted Microsoft Access Databases. Access is one of the industry’s foremost database applications that’s included within the Microsoft Office suite. Access databases might be essential files for some users as they retain records, so it’s a good idea to keep a database backup as a precaution for file corruption. Yet, there are probably some users who don’t back up their database files; and they’ll need to repair corrupted Access MDB or ACCDB files. If your Access database is corrupted, and you don’t have a backup handy, check out some of these fixes. Read more [WINDOWSREPORT.COM]
  13. 13. More About Blue Mountain BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S. Dept. of Labor, Employee Benefits Security Administration. Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support. Read more.
  14. 14. Electronic Document Management
  15. 15. Electronic Document Management FINANCIAL: 5 Ways CPAs Can Benefit From Mobile Document Management. The global mobile workforce is expected to rise to 1.87 billion by 2022, according to the Global Mobile Workforce Forecast Update 2016-2022 from Strategy Analytics, and with the right tools in hand, remote workers can boost productivity and build client loyalty. Arming your staff with mobile document management is less a technology issue and increasingly an important business strategy for forward-looking firms. Read more [ACCOUNTINGWEB.COM]
  16. 16. Electronic Document Management PRODUCTIVITY: The Biggest Obstacle to Better Productivity Might Well Be Your Documents. About $10,000 is wasted on mismanaging digital assets each year. Like financial asset management, digital asset management (DAM) is all about spreading the wealth and organizing all digital assets in a cohesive way that makes sense for your company. DAM can be a money-saving tool. Read more [MARTECHADVISOR.COM]
  17. 17. Electronic Document Management TRENDING: Global Digital Transaction Management Market by 2025 -The Adoption of Technology Among the Players Operating in the Market is Trending in the Industry. Digital Transaction Management is a category of cloud services designed to digitally manage document-based transactions. DTM removes the friction inherent in transactions that involve people, documents, and data to create faster, easier, more convenient, and secure processes. DTM goes beyond content and document management to include e-signatures, authentication and non- repudiation; enabling co-browsing between the customer and the business ; document transfer and certification; secure archiving that goes beyond records management; and a variety of meta-processes around managing electronic transactions and the documents associated with them. Read more [THEBUSINESSINVESTOR.COM]
  18. 18. Electronic Document Management FEDERAL GOVERNMENT: 5 E-Discovery Hurdles For Government Agencies. Electronic discovery is a challenging process for even the most experienced law firms and corporations, but the challenges faced by government agencies may be even more daunting. A 2017 Deloitte survey reveals that nearly a quarter (23 percent) of attorneys, paralegals, records managers and IT professionals within the federal government feel their agency is “not at all effective” in dealing with the challenges of e-discovery today, and the same percentage of survey respondents say they are “not at all” confident that, if challenged, their agency could demonstrate that their ESI is “accurate, accessible, complete and trustworthy.” Read more [LAW360.COM – REGISTRATION REQUIRED FOR ACCESS]
  19. 19. Section 508 Compliance & WCAG 2.1
  20. 20. Section 508 Compliance & WCAG 2.1 QUESTION: Is Your Job Application Process Accessible And Inclusive? Job candidate and application accessibility matters. Accessibility improvements can be as simple as extending the length of time for timed assessments, alt-tagging images, captioning videos, labeling elements such as buttons and other minor adjustments. The problem is: Many employers don’t take accessibility into consideration when building career sites. Read more [FORBES.COM] GOOGLE LIGHTHOUSE: Monitor Site Performance, SEO, Accessibility. Lighthouse is Google’s free, open source, and automated site monitoring tool. It can help ecommerce businesses track site load times, accessibility, and search engine optimization. Read more [PRACTICALECOMMERCE.COM]
  21. 21. Section 508 Compliance & WCAG 2.1 ECOMMERCE: 10 Things People With Disabilities Wish Online Retailers Knew. Many shoppers would be just fine if they could never set foot in a retail store again. After all, everything is available online: books, groceries, pizza, household necessities, even big ticket items like mattresses and cars. However, 15 percent of people worldwide have a disability that affects their daily life, according to the United Nations, and many retailers are unaware that their websites are not always accessible to them. The longer retailers wait to create an inclusive online shopping experience, the more money they could lose to their competitors, as perhaps 15 percent of their potential customers are forced to find accessible alternatives. This is especially important now, since many in the large Baby Boomer population segment may be starting to experience disabilities related to age. Although technical abilities and access needs are unique to each individual, here are 10 common things that customers with disabilities wish online retailers knew. Read more [ECOMMERCETIMES.COM]
  22. 22. Section 508 Compliance & WCAG 2.1 FEDERAL GOVERNMENT: House Panel Examines Bill on VA Website Accessibility. A new bill in front of the House Veterans’ Affairs Committee Health Subcommittee would put pressure on the Department of Veterans Affairs (VA) to make its websites and digital tools more accessible to the visually impaired. H.R. 6418, the VA Website Accessibility Act of 2018, would require the VA to review its websites for compliance with section 508 of the Rehabilitation Act of 1973, submit a report to Congress, and create a plan to remedy each issue. Read more [MERITALK.COM]
  23. 23. Security Patches
  24. 24. Security Patches MICROSOFT: Patches Recent ALPC zero-day in September 2018 Patch Tuesday Updates. The monthly Microsoft security updates –known as the Patch Tuesday updates– are out, and this month, the OS maker has fixed 62 security flaws, including a recent zero-day vulnerability that was dumped on Twitter last month, and later adopted by a malware campaign. Patches were made available for products such as Microsoft Windows, Microsoft Edge, Internet Explorer, ASP.NET, the .NET Framework, Edge’s ChakraCore component, Adobe Flash Player, Microsoft.Data.OData, Microsoft Office, and Microsoft Office Services and Web Apps. Read more [ZDNET.COM]
  25. 25. Security Patches APPLE: iOS 12 Patches Memory Bugs, Safari 12 Fixes Data Leaks. A new round of security updates is available from Apple, fixing bugs in Safari, watchOS, tvOS, and iOS. Some of the vulnerabilities were disclosed ahead of these releases, creating a window of opportunity for ill-intended users. Apple released its newest version of iOS on September 17, and apart from adding a performance boost to older iPhone models, it also comes with solutions for security problems. Read more [BLEEPINGCOMPUTER.COM] VPNs: Popular VPNs Contained Code Execution Security Flaws, Despite Patches. Patches applied to a vulnerability in ProtonVPN and NordVPN builds led to the discovery of separate bugs which had to be resolved quickly in recent updates. Read more [ZDNET.COM]
  26. 26. Security Patches NETWORKS: The Top 5 Security Threats & Mitigations for Industrial Networks. While vastly different than their IT counterparts, operational technology environments share common risks and best practices. Read more [DARKREADING.COM]
  27. 27. CIO, CTO & CISO
  28. 28. For the CIO, CTO & CISO CIO: What Boards and CEOs Should Be Asking CIOs. Boards and CEOs are more tech-savvy than they once were, but they still don’t always know the best questions to ask CIOs. With the push for digital transformation they need to be armed with the right questions at the right time. Read more [INFORMATIONWEEK.COM] CTO: IBM Security CTO on the Changing Shape of Innovation. According to IBM Security’s CTO, Sridhar Muppidi, “the CTO’s role has fundamentally evolved from being purely responsible for the technology in an organisation to a position that is responsible for a business’ organisational structure.” Read more [INFORMATION-AGE.COM]
  29. 29. CIO, CTO & CISO CISO: New Equifax CISO Tightens Structure Post-Breach. Equifax Inc.’s new chief information security officer is adopting organizational changes meant in part to help correct some of the circumstances that led to the customer data breach reported by the company in September 2017. Read more [WSJ.COM] STATES: Sharing Vital Cyberinformation: An Interview with the New Jersey CISO. CISO Michael Geraghty wears many hats with one challenging mission: to defend New Jersey’s digital density. He directs the NJCCIC — a one-stop shop for cybersecurity information sharing, threat analysis and incident reporting. And his team does so much more — offering global reach and meaningful cyberimpact. Here’s how. Read more [GOVTECH.COM]
  30. 30. Penetration Testing
  31. 31. Penetration Testing READ: The Beginner’s Guide to External Penetration Testing Reconnaissance. External penetration testing reconnaissance is a critical first step in a professional security assessment. By using the same methods and resources that attackers use to get into networks, along with open source intelligence, pen testers can get a much richer profile of an organization’s security strengths and weaknesses and conduct more successful and accurate assessments. Read more [SECURITYBOULEVARD.COM] WHY, WHEN & HOW: Often Should You Pen Test? Read this executive summary where the pen testers explain the process and findings in a high-level manner. You will also find a technical summary with more in-depth details. Read more [SECURITYINTELLIGENCE.COM]
  32. 32. Penetration Testing OPEN SOURCE TOOL: New Pen Test Tool Tricks Targets with Microsoft WCX Files. A new open-source penetration testing tool, dubbed Firework, will let pen testers collect sensitive data by tricking their targets into opening Microsoft WCX files. Read more [DARKREADING.COM] PERSPECTIVES: Cybersecurity the Right Way. Read how IT security leaders from across government bring organization and prioritization to their many cybersecurity efforts. Read more [FCW.COM]
  33. 33. Open Source
  34. 34. Open Source PREDICTIONS: Open Source – The Next 20 Years. As the open source community continues to grow, it’s important that users keep in mind that the people writing software are doing what they can to keep it working and to support it, probably on their own time. Isaac Murchie, Head of Open Source at Sauce Labs explains where Sauce Labs sees open source heading in the 20 years ahead. Read more [JAXENTER.COM] RESEARCH & IDEAS: The Hidden Benefit of Giving Back to Open Source Software. Should firms allow employees on company time to make updates and edits to the software for community use that could be used by competitors? New research by Assistant Professor Frank Nagle, a member of the Strategy Unit at Harvard Business School, shows that paying employees to contribute to such software boosts the company’s productivity from using the software by as much as 100 percent, when compared with free-riding competitors. Read more [HBSWK.HBS.EDU]
  35. 35. Open Source NEW: Open Mainframe Project Announces Open Source Framework for Modernization. The Open Mainframe Project has announced Zowe, an open source software framework that bridges the divide between modern applications and the mainframe, intended to provide easier interoperability and scalability among products and solutions from multiple vendors. Zowe is the first open source project based on z/OS. Read more [DBTA.COM] SOFTWARE: Open-Source Licensing War – Commons Clause. A new open-source license addendum, Commons Clause, has lawyers, developers, businesses, and open-source supporters fighting with each other. Read more [ZDNET.COM]
  36. 36. Operating Systems
  37. 37. Operating Systems DISCOVER: The Most Popular Browsers and Operating Systems for PCs and Smartphones. NetMarketShare data for August 2018 shows that Google Chrome remains the most popular browser on PC and mobile, while Windows 7 remains slightly ahead of Windows 10 in the OS desktop scene. Read more [MYBROADBAND.CO.ZA] PODCAST: Justin Cormack on Decomposing the Modern Operating System. Justin Cormack of Docker discusses how the modern operating system is being decomposed with toolkits and libraries such as LinuxKit, eBPF, XDP, and what the kernel space service mesh Cilium is doing. Read more [INFOQ.COM]
  38. 38. Operating Systems AMAZON: Allows Real-Time Operating System to be Updated Remotely. Last year, Amazon announced it would take over the FreeRTOS operating system for microcontrollers running inside low-powered devices including wearables and industrial sensors. The company is putting its stamp on the software with libraries to support communication with the company’s cloud. Now it is lowering the bar for keeping the operating system protected against security vulnerabilities. In early September Amazon said that it had added ability to remotely update the real-time operating system, which has better reliability and more accurate timing than general-purpose software. With it, security holes can be closed and new firmware can be loaded in millions of embedded devices remotely and automatically. Without it, customers would have to disconnect electronic devices and update them manually, which could be prohibitively expensive or impossible without recalling the products. Read more [ELECTRONICDESIGN.COM]
  39. 39. Operating Systems INDUSTRY INSIGHT: The Container Future is Here. It’s Just Not Evenly Distributed. Linux containers are not only a viable option for government agencies, they may very well be necessary for their digital transformation strategies. Containers can help agencies accelerate application development and support their migration to the cloud and automation. Additionally, agencies that have adopted DevOps and agile development processes can use containers to get applications into production even faster. Read more [GCN.COM]
  40. 40. Incident Response
  41. 41. Incident Response CYBERSECURITY: Drilling for a Tight Incident Response. How developed is your cybersecurity muscle memory? Chances are you have an outline, script or idea of how to respond to a cybersecurity incident, but the efficacy of the response may be uncertain. Read more [SECURITYINTELLIGENCE.COM] MANAGE: Incident Response Frameworks for Enterprise Security Teams. After a security breach, incident response practices become crucial to minimize and contain the damage. Learn about incident response frameworks with guest David Geer. Read more [SEARCHSECURITY.TECHTARGET.COM]
  42. 42. Incident Response ENTERPRISE: Atlassian Launches Jira Ops for Incident-Response Management. The company describes Jira Ops as a hub for modern incident management, because many response teams need a central control to find the right tools and practices to solve new-gen issues. Read more [EWEEK.COM] CALIFORNIA: Creates Elections Security Office. Working with federal, state and local agencies, the Office of Elections Cybersecurity will share information on election threats, risk assessment and threat mitigation, develop best practices for election security and incorporate cyber incident response into emergency preparedness plans for elections. Read more [GCN.COM]
  43. 43. Cybersecurity
  44. 44. Cybersecurity READ: A CTO Guide: The Main Challenges Facing the Cyber Security Industry. In this guide, five CTOs provide their view on the main challenges facing the cyber security industry, with insights on how to overcome them. Read more [INFORMATION-AGE.COM] APPLE: Company Will Unveil New Portal to Help Law Enforcement Submit Requests for Customer Data. According to a letter the company sent to Sen. Sheldon Whitehouse (D-R.I.) obtained by The Washington Post, Apple will also form a dedicated team to train law enforcement on digital evidence, while also offering online training for investigators about how to submit their requests. Read more [WASHINGTONPOST.COM]
  45. 45. Cybersecurity WHY: Email Threats Must Take Top Priority in Cybersecurity. Email is the most significant threat vector of a corporate network, and thus should be priority when setting up a risk management strategy. Read more [SECURITYBOULEVARD.COM] MEDICAL: FDA to Step-up Cybersecurity Scrutiny in Med Device Clearances. The FDA is taking steps to increase its scrutiny of efforts taken by medical device developers to limit cybersecurity vulnerabilities in their connected products, but may need to take extra steps, according to a newly released report from the US Dept. of Health and Human Services’ Office of Inspector General. Read more [MASSDEVICE.COM]
  46. 46. Cybersecurity EDUCATION: 10 Tactics For Teaching Cybersecurity Best Practices To Your Whole Company. Smart leaders know that their entire team needs to be well-educated on the importance and best practices of cybersecurity if they hope to protect their data. Unfortunately, this is easier said than done, especially when it comes to training your non-tech employees. Using too much jargon and technical terms will only disengage them, leaving them less prepared and less vigilant. While you don’t necessarily need to “dumb down” cybersecurity training for non-techies, you do need to present the information in a way that’s relatable and easy to understand. Here’s how the members of Forbes Technology Council recommend approaching this task. Read more [FORBES.COM]
  47. 47. Cybersecurity FEDERAL GOVERNMENT: Congress Poised to Allow DHS to Take the Lead on Federal Cybersecurity. After years of debate, Congress is poised to vote on legislation that would cement the Department of Homeland Security’s role as the government’s main civilian cybersecurity authority. The Cybersecurity and Infrastructure Security Agency Act, which has been in the works since the Obama administration, would give the department a stand-alone cybersecurity agency with the same stature as other DHS units, such as the Federal Emergency Management Agency. The Senate could vote on the bill, which passed in the House last year, as early as this week as it takes up a slew of cybersecurity-related legislation. Read more [WASHINGTONPOST.COM]
  48. 48. Cybersecurity ROUNDTABLE: Chicago’s Tech Experts Answer Three Critical Cybersecurity Questions. Earlier this summer a group of security-minded executives in Chicago, long a hub for legal and financial tech, sat down for a panel discussion on anticipating and combating cybercrime. Read more [LAW.COM] CTO GUIDE: Cyber Security Best Practice Tips. In this guide, five CTOs provide their cyber security best practice tips – to ensure the best protection against cyber attacks and human error. Read more [INFORMATION-AGE.COM]
  49. 49. Project Management
  50. 50. Project Management ENTERPRISE APP: Inefficient Collaboration Tools Hindering Project Management Teams. With project management emerging as a common role for professionals these days, better strategies and tech tools are required to enable teams to collaborate more effectively, according to a recent survey from Planview. Read more [EWEEK.COM] READ: Three-Step Conflict Resolution For Project Managers. Conflict is an issue that will inevitably arise in any grouping of individuals, regardless of the context. One of the most important and difficult aspects of a project manager’s job is to identify and resolve these conflicts because even the smallest argument can stop a promising project in its tracks. Fortunately, there are some effective tips that project managers in any industry can adopt in order to prevent this from happening. Read more [FORBES.COM]
  51. 51. Project Management DIFFERENCE: Project Management vs. Product Management. Search USAJobs under the keyword “project management” and you will find hundreds of postings, Chris Johnston and Kelly O’Connor of the U.S. Digital Service write in a new blog post. But search under “product management,” they note, and you will come up empty. Why? Read more [FCW.COM] GOOGLE: Says The Best Managers Have These 10 Qualities. Google sought to identify the common threads among Google’s highest performing managers. Based on internal research, Google then applied its findings to its manager development programs. Here are the 10 behaviors that make a great manager at Google. Read more [FORBES.COM]
  52. 52. Application Development
  53. 53. Application Development CLOUD: Google Cloud Platform Reveals Updated Tools to Make Application Development Faster and More Secure. Google announced today a series of new features for its cloud services, designed to enhance the experience for developers as the company continues to battle for an edge in an increasingly competitive space. Those new Google Cloud Platform tools start with code search via the company’s redesigned Cloud Source Repositories. The search feature was built for internal use, but employees say they found it so effective that they wanted to make it available to all developers on the cloud platform. Read more [VENTUREBEAT.COM]
  54. 54. Application Development 5G: A New Era of Application Development and Edge Computing. The next generation of networking and mobile technology, 5G, will deliver vastly greater data capacity and speed than previous generations. By comparison, 5G connections will deliver 1,000 times the data rates of 4G. This dramatic leap will involve a number of new mobile technologies working together, including transmission at much higher frequencies (30–300GHz), deployment of many small- cell low-power base stations, MIMO (supporting many more ports per base station), beam forming (which enables more-efficient use of spectrum and reduces interference) and full-duplex transmission. Read more [DATACENTERJOURNAL.COM]
  55. 55. Application Development LOW-CODE: Is Low-Code the Future of Application Development? How Can It Be Relevant to You? Recently, the shift to low-code platforms for business needs has been nothing short of a technological revolution. But there are some companies that aren’t willing to make the jump without a guarantee of a certain level of future-proofing low-code can offer them. The hesitation is understandable. Everyone wants a product that can serve them for a long time. If it’s going to be outdated or defunct in a few years, it’s not an investment, just a liability. Read more [SG.NEWS.YAHOO.COM] DISCOVER: 7 Benefits of Using PaaS to Support Your Application Lifecycle. Deploying and managing applications in the cloud will help you innovate faster, more cost effectively and with less risk. Consider these seven benefits to using PaaS to support your cloud-based application lifecycle. Read more [DEVPROJOURNAL.COM]
  56. 56. Internet of Things (IoT)
  57. 57. Internet of Things (IoT) STATES: California Bill Regulates IoT for First Time in US. California looks set to regulate IoT devices, becoming the first US state to do so and beating the Federal Government to the post. The State legislature approved ‘SB-327 Information privacy: connected devices’ last Thursday and handed it over to the Governor to sign. The legislation introduces security requirements for connected devices sold in the US. It defines them as any device that connects directly or indirectly to the internet and has an IP or Bluetooth address. That covers an awful lot of devices. Read more [NAKEDSECURITY.SOPHOS.COM] NETWORKS: 3 IoT Challenges That Keep Data Scientists Up at Night. Data scientists are the MVPs of any IoT program, but difficulties preparing and leveraging data threaten how quickly they can deliver. Knowing what’s lurking in the shadows can streamline the most difficult processes. Read more [NETWORKWORLD.COM]
  58. 58. Internet of Things (IoT) WHY: Data Drives Design – Conversations In IoT Architectural Design. In 2015, there were 15.41 billion connected Internet of Things (IoT) devices around the world. By 2020, just two years from now, that number will nearly double to 30.73 billion.1 Manufacturing, healthcare and insurance are the top three industries that have the most to gain from IoT. Read more [FORBES.COM] BUSINESS: 5 Ways IoT Is Reinventing Businesses Today. The Internet of Things (IoT) means more than simply establishing connections between devices and systems—it is opening up opportunities for creating new products and services not previously thought possible. In fact, according to a recent Forbes Insights survey of 700 executives, 60% of enterprises are, with the help of their IoT initiatives, expanding or transforming with new lines of business, while 36% are considering potential new business directions. In addition, 63% are already delivering new or updated services directly to customers thanks to their IoT capabilities. Read more [FORBES.COM]
  59. 59. Personal Tech
  60. 60. Personal Tech GOOGLE: Make Several Gmail Addresses Out of One. Thanks to the way Google processes your mail, you can modify part of your address for different situations and still get all your messages. Read more [NYTIMES.COM] SURVEY: Faculty Members Voice Concerns About Student Reliance on Tech. Personal technology use on campus is not expected to slow down. That has presented several concerns among faculty and administrators regarding the impact of technology dependence on student learning and on the reliability and security of the related infrastructure. Read more [EDUCATIONDIVE.COM]
  61. 61. Personal Tech HOW TO: Give Your Old Computer New Life. If you’re not ready to buy a whole new system, you might be able to add new parts and upgrade your aging machine for less than a few hundred dollars. Read more [NYTIMES.COM] APPLE: Help a Fellow Mac User With Remote Tech Support. Just like Windows users, Mac owners have ways to share and control another computer over the internet to give a quick assist online. Read more [NYTIMES.COM]
  62. 62. Mobile Applications
  63. 63. Mobile NIST: Updating Recommendations for Mobile App Security. The National Institute of Standards and Technology is working on updating its recommendations for how organizations and developers can keep mobile applications secure. The updated recommendations are being made to the Special Publication (SP) 800-163, Vetting the Security of Mobile Applications document that was initially released in January 2015. The 50-page draft revision includes additional clarity and details on how to minimize mobile app risks. Read more [EWEEK.COM] OUR HISTORY WITH MOBILE: A Prescient Steve Jobs Predicted Our Obsession with Mobile Apps. Though even he might have undersold it a little. Read more [ENGADGET.COM]
  64. 64. Mobile SECURITY: Team Finds Many Mobile Applications Are Open to Web API Hijacking. Smartphones, tablets, iPads—mobile devices have become invaluable to the everyday consumer. But few consider the security issues that occur when using these devices. Modern mobile applications or “apps” use cloud-hosted HTTP-based application programming interface (API) services and heavily rely on the internet infrastructure for data communication and storage. To improve performance and leverage the power of the mobile device, input validation and other business logic required for interfacing with web API services are typically implemented on the mobile client. However, when a web service implementation fails to thoroughly replicate input validation, it gives rise to inconsistencies that could lead to attacks that can compromise user security and privacy. Developing automatic methods of auditing web APIs for security remains challenging. Read more [PHYS.ORG]
  65. 65. Mobile CYBERSECURITY: Risky Mobile Apps No Fun for Entertainment Sector. In case it’s not already on your risk radar, it’s time to add mobile apps to the growing list of threat vectors. Mobile apps are risky across all sectors, but more specifically, those that come from media and entertainment businesses are putting users at risk. BitSight recently released the results of its research that looked at data from more than 1,000 companies offering apps on iOS and Google Play and found vulnerabilities across the board. Read more [SECURITYBOULEVARD.COM]
  66. 66. Programming & Scripting Development Client & Server-Side
  67. 67. Programming & Scripting Development Client & Server-Side JAVASCRIPT: The Solo JavaScript Developer Challenging Google and Facebook. Google’s Angular and Facebook’s React are the two most popular frameworks for building applications with JavaScript, the standard language for writing code that runs in your browser, as opposed to on a company’s server. But a growing number of developers are flocking to Vue, a JavaScript framework developed by independent programmer Evan You and funded by donations from individual users and sponsorships from small companies. At the end of 2017, Vue was tied for third-most-downloaded JavaScript framework with the more established Ember, behind Facebook’s React and Google’s Angular, according to data compiled by the startup NPM, which offers tools for installing and managing packages of JavaScript code. Read more [WIRED.COM]
  68. 68. Programming & Scripting Development Client & Server-Side CETTIA: A Java Server for Building Real-Time Web Apps. Solve tricky problems with WebSocket, JSON and switch statements with Cettia, a full-featured web app framework for Java that allows developers to exchange events between the server and client in real-time. Read more [JAXENTER.COM] JDK 12 ROADMAP: Java 12 Gets First Targeted Features. Switch expressions capability would improve coding, allow pattern matching; raw string literals would simplify multiline expressions. Read more [INFOWORLD.COM] C# 8: Async Streams in C# 8. C# 8 adds Async Streams, which allows an async method to return multiple values broadening its usability. Async streams are an alternative to the reactive programming model used in Java and JavaScript. Read more [INFOQ.COM]
  69. 69. Programming & Scripting Development Client & Server-Side C# 8: Async Streams in C# 8. C# 8 adds Async Streams, which allows an async method to return multiple values broadening its usability. Async streams are an alternative to the reactive programming model used in Java and JavaScript. Read more [INFOQ.COM]
  70. 70. Cloud Computing
  71. 71. Cloud Computing RESEARCH: Cloud Computing Is Helping Smaller, Newer Firms Compete. Is digital technology a democratizing force, allowing smaller, newer companies to compete against giant ones? Or does it provide even greater advantage to incumbents? Some of the latest research suggests that technology can in fact provide an advantage to small and new firms. Find out how. Read more [HBR.ORG] ENTERPRISE: State Of Enterprise Cloud Computing, 2018. 77% of enterprises have at least one application or a portion of their enterprise computing infrastructure in the cloud. More technology-dependent industries including manufacturing, high-tech, and telecom are being led by executive management to become 100% cloud. These and many other fascinating insights are from the 2018 IDG Cloud Computing Study published earlier this month by IDG. Read more [FORBES.COM]
  72. 72. Cloud Computing CNCF: Cloud Native Computing Foundation to Fully Operate Kubernetes – with Help of Google Cloud Grant. Google Cloud is cutting the umbilical cord further when it comes to Kubernetes. The company is helping fund the move to transfer ownership and management of the technology’s resources to the Cloud Native Computing Foundation (CNCF) with the help of a $9 million grant. The move will see the CNCF, as well as Kubernetes community members, taking responsibility for all day-to-day project operations. This will include testing and builds, as well as maintenance and operations for Kubernetes’ distribution. Read more [CLOUDCOMPUTING-NEWS.NET]
  73. 73. Cloud Computing DOD: A Closer Look at DOD’s Cloudy JEDI Contract. On July 26, the Department of Defense released the final request for proposals for the Joint Enterprise Defense Infrastructure cloud computing contract. Darth Vader has not yet weighed in on the JEDI proposal, but Yoda would call the protracted process leading up to the RFP itself a lesson in how to do not procurement in the federal government. Read more [FCW.COM]
  74. 74. Announcement
  75. 75. IT Security | Cybersecurity
  76. 76. IT Security | Cybersecurity SECURITY: 5 Things You Need to Know About the Future of Cybersecurity. Terrorism researchers, AI developers, government scientists, threat-intelligence specialists, investors and startups gathered at the second annual WIRED conference to discuss the changing face of online security. These are the people who are keeping you safe online. Their discussions included Daesh’s media strategy, the rise of new forms of online attacks, how to protect infrastructure, the threat of pandemics and the dangers of hiring a nanny based on her Salvation Army uniform. Read more [WIRED.CO.UK] IT MANAGEMENT: Top 5 Cybersecurity Mistakes IT Leaders Make, and How to Fix Them. Cybersecurity teams are largely understaffed and underskilled. Here’s how to get the most out of your workers and keep your business safe. Read more. [TECHREPUBLIC.COM]
  77. 77. IT Security | Cybersecurity FEDERAL GOVERNMENT: Rep. Hurd Champions Modernizing Federal Cybersecurity. The federal government is and will continue to be a target of cyber crimes. According to the Identity Theft Resource Center, U.S. companies and government agencies suffered a total of 1,093 data breaches in 2016. Mid-year numbers for 2017 show 791 incidents as of the end of June – a 29 percent increase over the same period in 2016. With that said, is the government doing enough to prepare for cyber threats? On this episode of CyberChat, host Sean Kelley, former Environmental Protection Agency chief information security officer and former Veterans Affairs Department deputy chief information officer, spoke with Rep. Will Hurd (R-Texas) about initiatives to modernize the federal cybersecurity space. Read more [FEDERALNEWSRADIO.COM]
  78. 78. IT Security | Cybersecurity STATE GOVERNMENT: To Simplify Cybersecurity Regulations, State Groups Ask Federal Government for Help. A letter to the Office of Management and Budget says that today’s regulatory environment “hampers” states in their pursuit of cost savings and IT optimization. Find out more STATESCOOP.COM]
  79. 79. ABOUT US Blue Mountain Data Systems Inc. Blue Mountain Data Systems Inc. is dedicated to application and systems development, electronic document management, IT security support, and the automation of workflow processes. Read more about our experience here: >>
  80. 80. Recent Experience U.S. Dept. of Labor Employee Benefits Security Administration 1994 to Present Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support.
  81. 81. MANAGEMENT Paul T. Vesely Founder, President, CEO and Principal Architect Mr. Vesely is a recognized thought leader in systems architecture and delivery, having designed and delivered many enterprise wide information and document management solutions. Mr. Vesely’s history includes 33 years experience in the information systems industry, with Unisys, Grumman, PRC and a host of clients in both government and private sectors.
  82. 82. CONTACT US Contact Us Today to Discuss Your Next IT Project HEADQUARTERS 366 Victory Drive Herndon, VA 20170 PHONE 703-502-3416 FAX 703-745-9110 EMAIL WEB