Tech Update Summary from Blue Mountain Data Systems August 2017

Blue Mountain Data Systems
Tech Update Summary
August 2017

For CTOs, CIOs & CISOs
Visit Blue Mountain Data Systems
https://www.bluemt.com

For CTOs, CIOs & CISOs
Every business day, we publish a Daily Tech Update for Federal & State CTOs ,CIOs & CISOs on the Blue
Mountain Data Systems Blog. We hope you will visit our blog for the latest information.
You can also receive these updates via email. Click here to subscribe.
Here’s the summary of the Daily Tech Updates for August 2017. Hope the information and ideas prove
useful.
Best,
Paul Vesely
President and Principal Architect
Blue Mountain Data Systems Inc.

Network Security
FEDERAL GOVERNMENT: All the Ways US Government Cybersecurity Falls Flat.
Data breaches and hacks of US government networks, once novel and shocking,
have become a problematic fact of life over the past few years. So it makes sense
that a cybersecurity analysis released today placed the government at 16 out of 18
in a ranking of industries, ahead of only telecommunications and education. Health
care, transportation, financial services, retail, and pretty much everything else
ranked above it. The report goes beyond the truism of government cybersecurity
shortcomings, though, to outline its weakest areas, potentially offering a roadmap
to change. Read more
[WIRED.COM]

Network Security
CYBERSECURITY: Washington, Not Silicon Valley, Leads the Way in Cybersecurity.
It’s a common trope that government has a lot to learn from Silicon Valley when it
comes to technology. But in cybersecurity, Washington is leading the way in many
respects. Read the rest
[NEXTGOV.COM]
PODCAST: Improving Government Productivity by Reducing IT Friction. A recent
FedScoop study shows the federal government workforce could see a meaningful
boost in productivity by reducing friction with devices and applications and
improving secure access to data and information via their mobile devices.
Find out more
[FEDSCOOP.COM]

Network Security
SECURITYSCORECARD: Government Ranks #16 Out of 18 Industries in
Cybersecurity. SecurityScorecard’s annual U.S. State and Federal Government
Cybersecurity Report was released August 24, and it paints a very grim picture of
the government’s cyber health status. Read more
[SDTIMES.COM]

Encyption
COMPUTING: End-to-End Encryption Isn’t Enough Security for “Real People”.
Government officials continue to seek technology companies’ help fighting
terrorism and crime. But the most commonly proposed solution would severely
limit regular people’s ability to communicate securely online. And it ignores the
fact that governments have other ways to keep an electronic eye on targets of
investigations. Read more
[SCIENTIFICAMERICAN.COM]
HOW TO: Use Data Encryption Tools and Techniques Effectively. Data protection
does not have a one-size-fits-all solution. Understand which encryption tools and
methods best fit different scenarios. Read the rest
[SEARCHSECURITY.TECHTARGET.COM]

Encyption
FYI: A Security Solution that’s Simple for Government, Tough for Attackers. Over
the last few decades, the U.S. government created more than 100,000 custom
digital applications. These apps continue to serve different purposes and live at
different levels within the government — spanning teams, departments,
organizations and even entire agencies. At a federal level, the government
manages terabytes of both anonymized and personally identifiable information
(PII). But with such a mammoth amount of information, how does the government
keep its data safe? Find out more
[FCW.COM]

Encyption
FEDERAL GOVERNMENT: After Huge Hack, OPM Still Hasn’t Learned Its Lesson.
The government’s personnel office still isn’t adequately protecting its computer
networks two years after a massive data breach that compromised highly sensitive
security clearance information of over 20 million current and former federal
employees and their families, a congressional watchdog reported in early August.
Read more
[NEXTGOV.COM]

Encyption
ENCRYPTION: Usage Grows Again, but Only at Snail’s Pace. Deployment pains and
problems with finding data in the corporate maze are being blamed for business’
lack of interest in crypto. Read more
[ZDNET.COM]
ATTACKS/BREACHES: The Long Slog To Getting Encryption Right. Encryption
practices have improved dramatically over the last 10 years, but most organizations
still don’t have enterprise-wide crypto strategies. Read the rest
[DARKREADING.COM]

Databases
AMAZON: Wants Your Enterprise Database. Amazon’s awaited release of
PostgreSQL on Aurora sharply raises the stakes in its competition with Oracle. Still
in public preview, when will Aurora PostgreSQL go GA, and what can we look
forward to in the roadmap? Here are some hints of what we expect. Read more
[ZDNET.COM]
MICROSOFT: Upgrading to SQL Server 2016. Here is a series of blog posts that,
when taken as a whole, provide a guide for upgrading to Microsoft® SQL Server®
2016. Read the rest
[SQLMAG.COM]

Databases
ORACLE: What the Annual Oracle Database Release Cycle Means for DBAs. As
Oracle changes its database release cycle to yearly updates with new version
numbers, Oracle users will get faster access to new features — but also new
upgrade questions to weigh. Find out more
[SEARCHORACLE.TECHTARGET.COM]
MySQL: Real-time MySQL Performance Monitoring. A key part of keeping your
MySQL database running smoothly is the regular monitoring of performance
metrics. In fact, there are literally hundreds of metrics that can be measured that
can enable you to gain real-time insight into your database’s health and
performance. Several MySQL monitoring tools have been developed to make
performance monitoring easier. Here’s how to use Monyog to measure a few of the
more important metrics. Read more
[DATABASEJOURNAL.COM]

More About Blue Mountain
BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S.
Dept. of Labor, Employee Benefits Security Administration. Responsible to the
Office of Technology and Information Systems for information systems
architecture, planning, applications development, networking, administration and
IT security, supporting the enforcement of Title I of the Employee Retirement
Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for
design, development and support for its various enforcement database
management systems, as well as all case tracking and customer service inquiry
systems. Blue Mountain also provides IT security services to the EBSA, in the form
of FISMA Assessment and Authorization, System Security Plans, Risk and
vulnerability assessments, monitoring and investigation support. Read more.

Federal Tech
FEDERAL GOVERNMENT: APIs, Shared Services Can Reshape,
Modernize Government Technology. The size and scope of the
federal government’s information technology landscape only
continues to grow and in a way that makes it incredibly difficult to
change. In the Federal Chief Information Officers Council’s latest
study, the current state of government IT is described as monolithic.
And, it is not meant as a compliment. Read more
[FEDERALNEWSRADIO.COM]

Federal Tech
OPINION: Government Efforts to Weaken Privacy are Bad for Business and
National Security. The federal government’s efforts to require technology and
social media companies to relax product security and consumer privacy standards
– if successful – will ultimately make everyone less safe and secure. Read the rest
[INFOSECURITY-MAGAZINE.COM]
PUBLIC SAFETY: Rapid DNA Technology Gives Law Enforcement Access to Your
DNA in 90 Minutes. Before recently-passed legislation, law enforcement agencies
had to send DNA samples to government labs and wait for it to get tested, which
could take days or even weeks. Find out more
[GOVTECH.COM]

Federal Tech
MODERNIZATION: Making Modernization Happen. Now more than ever before,
comprehensive IT modernization for federal agencies is a real possibility. The
question that remains is whether President Donald Trump’s words and actions
during his first months in office will be sustained by the administration and
Congress in the months and years ahead. Read more
[FCW.COM]

State Tech
SURVEY: Cybersecurity Concerns May Keep One in Four Americans
from Voting. Cybersecurity concerns may prevent one in four
Americans from heading to the polls in November, according to a
new survey by cybersecurity firm Carbon Black. The company
recently conducted a nationwide survey of 5,000 eligible US voters to
determine whether reports of cyberattacks targeting election-related
systems are impacting their trust in the US electoral process. The
results revealed that nearly half of voters believe the upcoming
elections will be influenced by cyberattacks. Consequently, more
than a quarter said they will consider not voting in future elections.
Read more
[HSTODAY.US.COM]

State Tech
ALASKA: Unique Challenges in IT Consolidation. The Last Frontier is
centralizing IT operations under Alaska’s newly created Office of
Information Technology. But consolidating IT in a sprawling state like
Alaska offers challenges not found in other environments, says the
state’s new CIO Bill Vajda. Read the rest
[GCN.COM]
ALABAMA: Acting CIO Jim Purcell Is a Man on a Mission for Smarter
State IT. Jim Purcell wasn’t expecting a call from Alabama’s new
governor, Kay Ivey, and he certainly wasn’t expecting her to ask him
to head up the Office of Information Technology (OIT) – but that’s
exactly what happened last week. Find out more
[GOVTECH.COM]

State Tech
ILLINOIS: Inside a State Digital Transformation. Hardik Bhatt, CIO of the State of
Illinois, sought to become the nation’s first Smart State – a process that required
reorganizing its 38 IT departments into one, improving government services, and
finding new sources of innovation to apply to its revenue model. Within 18
months, Illinois rose in national rankings from the bottom fourth of state
governments to the top third. Read more
[ENTERPRISERSPROJECT.COM]

Electronic Document Management

CFPB: Looks to Embrace Cloud for Email, Office Application Needs. The Consumer
Financial Protection Bureau wants to move to a public cloud setup for some of its
core enterprise apps. The financial watchdog agency recently sent out a Request
for Information (RFI) on the process, technical requirements and costs of moving to
cloud services in fiscal year 2017. CFPB wants to establish a more complete
understanding on the costs associated with moving fully to a cloud solution for
email and office applications (e.g., documents, spreadsheets, presentations,
SharePoint and more).Read the rest
[FEDTECHMAGAZINE.COM]

ROI: 4 Ways Business Document Management Software Can Save You Money. Lisa
Croft, Group Product Marketing Manager at Adobe Document Cloud, talks about
the many ways business document management can save your company time,
space, and more importantly, loads of money. Here are the four most obvious ways
these tools provide excellent return-on-investment. Read more
[PCMAG.COM]

Security Patches
GOOGLE: Patches 10 Critical Bugs in August Android Security Bulletin. Google
patched 10 critical remote code execution bugs in its August Android Security
Bulletin issued Monday. It warned the most severe RCE vulnerabilities could enable
a remote attacker, using a specially crafted file, to execute arbitrary code within
the context of a privileged process. Read more
[THREATPOST.COM]
MICROSOFT: Where We Stand with This Month’s Windows and Office Security
Patches. August has seen a relatively normal number of bugs in Windows and
Office patches, some acknowledged by Microsoft, some not. Read the rest
[COMPUTERWORLD.COM]

Security Patches
MALWARE: New Trojan Malware Campaign Sends Users to Fake Banking Site
That Looks Just Like the Real Thing. Trickbot is now redirecting to a counterfeit
site that displays the correct URL and the digital certificate of its genuine
equivalent. Find out more
[ZDNET.COM]
ADOBE: Patches 69 Flaws in Reader, Acrobat. Security updates released by Adobe
for its Flash Player, Reader, Acrobat, Digital Editions and Experience Manager
products address more than 80 vulnerabilities discovered by external researchers.
Read more
[SECURITYWEEK.COM]

For the CIO, CTO & CISO
CIO: The Federal Government Wants Developers’ Help with Quality Control. Ruby
on Rails experts, the federal government wants to hear from you. A government
technology team is looking for information about code reviewers: Outside groups
that can scan source code and web applications for potential improvements or,
sometimes, bugs. The Technology Transformation Services, part of the General
Services Administration and home to digital consultancy 18F, posted the request for
this week. Read more
[NEXTGOV.COM]
REDUX: Former Fed Govt CIO Returns to Public Sector as ACT CTO. A former
federal government CIO who left the public sector for a stint as a government IT
analyst has returned to Canberra to become the ACT government’s chief technology
officer. Al Blake departed the public service in January 2015 after almost ten years
in IT leadership positions at the federal Environment department. Read the rest
[ITNEWS.COM]

CIO, CTO & CISO
CISO: Disruptive Technology Trends and How to Prepare. How to choose the
right test runner, test framework, assertion libraries, and add-on tools for your
React project. Find out more
STATE: Oregon Advances CIO’s Office Toward Cybersecurity Unification with
New Law, Advisory Council. Isolated offices around the state have left Oregon IT
vulnerable, but the passage of a new law creates a policy framework for change.
Read more
[STATESCOOP.COM]

Penetration Testing
RISK MANAGEMENT: Eight Myths Not to Believe About Penetration Testing.
Penetration testing – the process of trying to break into one’s own system to find
vulnerabilities before cybercriminals do – is an integral part of information
security. The data gleaned from these evaluations can help companies remediate
flaws in their security infrastructure before fraudsters have a chance to expose
them. Penetration testing is critical for organizations across all verticals,
especially those that are subject to data privacy laws and regulations. Before
investing in the personnel and resources required to conduct penetration tests,
however, it is important to dispel several myths about the practice. Read more
[SECURITYINTELLIGENCE.COM]

Penetration Testing
PEN TESTING: How Far Should You Let White Hat Hackers Go? Penetration tests
can reveal holes in an organization’s security. But framing the scope of a
penetration test can be challenging, and good results don’t necessarily mean
100 percent security, says attorney Kay Lam-MacLeod. Read the rest
[BANKINFOSECURITY.COM]
DESTRUCTION OF SERVICE: How Ransomware Attacks Have Changed. New
ransomware variants have introduced another threat to enterprises. Rob
Shapland explains what destruction of service attacks are and how organizations
should prepare for them. Find out more

Penetration Testing
EMAIL: Why Everyone Still Falls for Fake Emails. What do nuclear submarines,
top secret military bases and private businesses have in common? They are all
vulnerable to a simple slice of cheddar. This was the clear result of a “pen
testing” exercise, otherwise known as penetration testing, at the annual Cyber
Security Summer School in Tallinn, Estonia, in July. Read more
[GCN.COM]

Open Source
USA: To Protect Voting, Use Open-Source Software. The National Association of
Voting Officials is leading a movement to encourage election officials to stop the
purchase of insecure systems and begin to use software based on open-source
systems that can guard our votes against manipulation. Read more
[NYTIMES.COM]
OPEN SOURCE: To Use Or Not To Use (And How To Choose). Knowing which
open source projects you can rely on is an acquired skill. If you choose wrong, it
will cost you. Consider the following criteria for evaluating a project. Read the
rest
[FORBES.COM]

Open Source
MANAGEMENT: Active Management of Open Source Components Delivers
Measurable Improvements Claims Sonatype Report. In July, Sonatype released
their third annual State of the Software Supply Chain report concluding that when
organisations actively manage the quality of open source components in software
applications they see a 28% improvement in developer productivity (through
reduction in manual governance), a 30% reduction in overall development costs,
and a 48% increase in application quality (as application vulnerabilities are removed
early reducing their incidence in production). Analysis also showed that applications
built by teams utilising automated governance tools reduced the percentage of
defective components by 63%. Read more
[INFOQ.COM]

Open Source
FLASH: A Foolish Petition to Open Source Adobe Flash. In 2020, Adobe promises
us that Adobe Flash will finally be put in its grave. Thank God! But now
developer Juha Lindsted wants to open-source Flash. Oh please! Not just no, but
hell no! Find out more
[ZDNET.COM]

Business Intelligence
MANAGEMENT: How 3 Factors Will Drive Your Approach to Business Intelligence.
Findings from a recent study by Gartner showed that the number of organizations
embracing business intelligence (BI) platforms continues to grow, but more focus is
being placed on business-led, agile analytics and self-service features rather than IT-
led system-of-record reporting. Read more
[SMALLBIZTRENDS.COM]
SALES: KickFire’s Business Intelligence Gets Connected to Google Analytics.
KickFire, a provider of IP address intelligence and company identification
technology, has announced the release of its business intelligence connection into
Google Analytics®. B2B marketers utilizing Google Analytics can identify the actual
companies visiting their website from organic search or digital marketing efforts,
including AdWords campaigns. Read the rest
[MARTECHADVISOR.COM]

FEDERAL GOVERNMENT: Lawmakers Rethink Federal Use of Kaspersky Lab
Products. Congressional lawmakers and federal agencies are reevaluating the
federal government’s relationship with Moscow-based cybersecurity firm Kaspersky
Lab over concerns about the company’s ties with Russian intelligence services. Find
out more
[MORNINGCONSULT.COM]
ENTERPRISE APPS: Microsoft PowerApps Gains Power BI Tile for In-App Insights.
Users can now add Power BI visualizations to the web and mobile business
applications they create in Microsoft PowerApps. Read more
[EWEEK.COM]

Operating Systems
PERSONAL TECH: Preparing for the Jump to a New Operating System. Switching
computer platforms is much easier than it used to be, thanks to programs that help
you copy over your data, applications that have both Windows and Mac versions
and file formats like .JPG photos that can be easily opened on most desktop and
mobile systems. Read more
[NYTIMES.COM]
MICROSOFT: Reveals New Windows 10 Workstations Edition for Power Users.
Microsoft officially unveiled Windows 10 Pro for Workstations August 10. While the
operating system was originally rumored back in June, Microsoft has provided the
full details on the special edition. As expected, Windows 10 Pro for Workstations is
primarily designed for server grade PC hardware and true power users. Windows 10
Pro for Workstations scales up for machines with a high number of logical
processors and large amounts of RAM. Read the rest
[THEVERGE.COM]

Operating Systems
CONTAINERS: Docker Enterprise Now Runs Windows and Linux in One Cluster. The
new version of Docker’s professional version lets applications across multiple
platforms — Windows, Linux, and IBM System Z — run side by side in the same
cluster. Find out more
[INFOWORLD.COM]
OPEN SOURCE: Windows vs Ubuntu: A Look Before You Switch. If you’re
considering switching from Windows to Ubuntu, here are some factors to consider
as you explore the Linux operating system. Read more
[DATAMATION.COM]

Incident Response
INCIDENT RESPONSE & THREAT INTELLIGENCE: A Potent One-Two Punch to Fight
Cybercrime. In a recent interview, Mike Oppenheim, global research lead for IBM X-
Force Incident Response and Intelligence Services (IRIS), shares his thoughts on
some of the major threats that have wreaked havoc so far in 2017. He also
discusses the successes of X-Force IRIS and revealed why combining incident
response and intelligence into a single team is so crucial to the fight against
cybercrime. Read more
[SECURITYINTELLIGENCE.COM]
SECURITY & RISK STRATEGY: Does Your Breach Incident Response Plan Have
Holes? The likelihood of a company suffering a breach is worse than most believe.
Here’s a checklist for building out a plan to deal with a breach. Read the rest
[INFORMATIONWEEK.COM]

Incident Response
NETWORK SECURITY: The Importance of Effective Incident Response – the HBO
Breach Expands. A recent Demisto survey of more than 200 security professionals
found that over 40 percent of organizations aren’t prepared to measure incident
response, and just 14.5 percent are measuring mean time to respond (MTTR). While
54 percent of respondents believe automating incident response would provide
immediate benefits, just 10.9 percent have already done so. Find out more
[ESECURITYPLANET.COM]
CYBERSECURITY: Shifting the Paradigm from Prevention to Incident Response.
Organisations must recognize that breeches are inevitable and shift their focus to
risk reduction. Read more
[ITPROPORTAL.COM]

Incident Response
INSIDER THREATS: Just 18% Have Incident Response Plans. Global organizations
finally understand that insider cyber threats are potentially the most damaging of
all, but are doing little to quantify or respond to the threat, according to new SANS
Institute research. The study, sponsored by Dtex, Rapid7 and Haystax, revealed that
the largest plurality of respondents (40%) rate malicious insiders as the most
damaging threat vector they face, followed by accidental or negligent staff (36%).
Read more
[INFOSECURITY-MAGAZINE.COM]

Cybersecurity
CITIES: As Cities Get Smarter, Hackers Become More Dangerous. This Could Stop
Them. As governments create smarter cities, they need cybersecurity measures
built from the ground up – or they risk costly data breaches which could
compromise the privacy of their citizens. Find out more
[CNBC.COM]
FEDERAL GOVERNMENT: Looking to the Feds for Help in Fighting Cybercriminals.
Cybercriminals are unrelenting in their attacks on state and local government
computer networks, which contain detailed personal and business information —
such as birth certificates, driver’s licenses, Social Security numbers and even bank
account or credit card numbers — on millions of people and companies. Now, state
and local officials are hoping Congress will give them some help in fending off the
constant threat. Find out more
[GCN.COM]

Cybersecurity
INSURANCE: How AIG’s Cyber Security Gamble Could Pay Off. American
International Group (AIG) has recently begun offering personal cyber security
insurance plans to individuals. The company appears to be riding a wave of
individuals’ fears about losing online data or having their bank accounts emptied,
and should find success with wealthier customers who have a lot to lose. But it
remains to be seen whether ordinary consumers will come to regard cyber security
insurance as a necessary expense. Find out more
[FORTUNE.COM]

Cybersecurity
NIST: Must Audit Federal Cybersecurity Because DHS Isn’t, Hill Staffer Says. A
senior House science committee staffer Friday defended controversial legislation
expanding the authorities of the government’s cybersecurity standards agency,
saying it’s necessary because other agencies aren’t stepping up to the job. The bill,
which passed the committee nearly entirely with Republican support earlier this
month, would direct the National Institute of Standards and Technology to audit
agencies’ cyber protections within two years, giving priority to the most at-risk
agencies. Find out more
[NEXTGOV.COM]

Cybersecurity
STATES: Rhode Island Names First State Cybersecurity Officer. Mike Steinmetz
brings a wealth of public- and private-sector experience to the Ocean State, where
he will serve as the first cybersecurity officer. Read more
[GOVTECH.COM]
MANAGEMENT: NASCIO Midyear 2017 – Cybersecurity, Agile Take Center Stage.
Mitigating hacking attacks, implementing more nimble procurement methods and
more will be explored at this year’s National Association of State Chief Information
Officer’s Midyear Conference. Read the rest
[STATETECHMAGAZINE.COM]

Cybersecurity
WHY: You Must Build Cybersecurity Into Your Applications. One of the largest
changes underway in the way we create software is that cybersecurity is no longer
an afterthought, but instead is being built into every application. The challenge
many companies face is how to keep up and make sure the software they create is
just as safe as the products they buy. Find out
[FORBES.COM]
NETWORKS: Trump’s Cybersecurity Mystery: 90 Days In, Where’s the Plan? An
executive order was shelved without explanation, and a promised cybersecurity
report hasn’t materialized. Read more
[NETWORKWORLD.COM]

Cybersecurity
SECURITY: Greg Touhill’s Cyber Advice – Think Like a Hacker. DHS aims to get ahead
of cybersecurity adversaries via automation tools, but the former U.S. CISO
recommends a change of mindset as well. Read more
[FEDTECHMAGAZINE.COM]
OPINION: Here’s Why Agencies Shouldn’t Give Up on Firewalls. There has been a
lot of talk lately about the death of the security perimeter for computer networks,
which is an especially sensitive topic for the federal government that helped to
create the concept. Everyone seems to think it’s now impossible within
cybersecurity to draw a line and keep bad guys on one side and authorized users on
the other. Read the rest
[NEXTGOV.COM]

Cybersecurity
ENTERPRISE: Keeping the Enterprise Secure in the Age of Mass Encryption. How
can businesses ensure enterprise security in a world with mass encryption, given
Mozilla’s revelations recently that over half of webpages loaded by Firefox use
HTTPS. Find out
[INFORMATION-AGE.COM]
COMMENT: Securing the Government Cloud. What many government network
defenders have forgotten is that security in a cloud environment is a shared
responsibility. The cloud provider secures the internet and physical infrastructure,
but the cloud customer is responsible for protecting its own data. FedRAMP and
third-party certifications assure that the cloud provider is doing its part. But it is
ultimately up to customers to ensure they’re taking steps to prevent, detect and
respond to cyber adversaries during the attack lifecycle. Read more
[FCW.COM]

Project Management
GUIDE: Scrum Agile Project Management: The Smart Person’s Guide. Here’s a
go-to guide on scrum, a popular agile project management framework. You’ll
learn scrum terminology, how to use the methodology in software and product
development projects, and more. Find out more
[TECHREPUBLIC.COM]
TOOLS: 7 Project Management Tools Any Business Can Afford. There’s no
shortage of project management solutions for mid-size and large businesses.
Startups, though, have limited budgets and simply can’t afford high-priced
project management software. Here are seven affordable options. Find out more
[CIO.COM]

Project Management
RISK: Open Source Project Management Can Be Risky Business. Learn how
open source code is a huge factor in mitigating risk. Find out more
[OPENSOURCE.COM]
FEDERAL GOVERNMENT: Get on the Same Platform, CIO Council Urges. Taking a
government-as-a-platform approach to IT service delivery by leveraging cloud-
supported solutions can help modernize and digitize federal agencies, according
to a new report from the CIO Council. Find out more
[GCN.COM]

Project Management
FITNESS TRACKING: Weight Loss On Your Wrist? Fitness Trackers May Not Help.
Fitness trackers remain wildly popular, but do they make us fit? Maybe not,
according to a study that asked overweight or obese young adults to use the tiny
tracking tools to lose weight. Read the rest
[NPR.ORG]

Application Development
INDUSTRY INSIGHT: 4 Steps to Agile Success. There’s a noticeable shift toward agile
development taking place within the federal government. Driven by a need for
accelerated application development and meeting internal customers’ needs on the
very first attempt, agencies like the General Services Administration and
Department of Homeland Security have begun to move away from traditional
waterfall project management frameworks and toward iterative, agile frameworks
like scrum. Read more
[GCN.COM]

IT MODERNIZATION: 3 Strategies for Building Successful Agile Teams. Is the
federal government truly ready to embrace agile software development?
Successful agile environments do not start with technology; they start with
creating the right team. This can be harder than it may first appear, because agile
challenges preconceived norms of how federal IT teams should be structured and
the way they approach projects. Agile teams are typically a combination of
individual contributors (particularly those from development and quality assurance
backgrounds) who rarely work together but must now collaborate to achieve
common goals. Read the rest
[NEXTGOV.COM]
ENTERPRISE: Air Force Intelligence Unit Goes Agile. The US Air Force is
determined to get more agile to produce applications that can be useful in times of
conflict. Find out more
[INFORMATIONWEEK.COM]

PEOPLE & CAREERS: Sloughing Off the Government Stereotypes. What are CIOs
doing to lure millennials into government IT? Government CIOs across the board
are being forced to confront the retirement wave that’s about to decimate their
ranks. But does the next generation of IT pros want the jobs their parents and
grandparents are leaving behind? Read more
[GOVTECH.COM]

Big Data
BUSINESS INTELLIGENCE: Fact or Fallacy: How State and Local Agencies Can
Maximize Big Data. The potential advantages of Big Data read like a most-wanted
list for any agency with aims to innovate: increased transparency, collaboration and
citizen engagement. By analyzing Big Data, leaders lean less on subjective factors
and instead measure the success of programs with objective evidence to prove
value to the community. While Big Data opportunities are exciting, citizens, elected
officials and regulatory bodies will scrutinize every dollar spent. As with any
technology, government must ensure a business intelligence deployment is cost-
effective. Read more
[STATETECHMAGAZINE.COM]

Big Data
ADVICE: How to Avoid Big Data Analytics Failures. Follow these six best practices
to blow past the competition, generate new revenue sources, and better serve
customers. Read the rest
[INFOWORLD.COM]
HEALTH CARE: The Real Limitations of Big Data. There is also no question that
digital fuel is driving virtually every transformation in healthcare happening today.
Speaking at the MedCity Converge conference in Philadelphia, John Quackenbush, a
professor of biostatistics and computational biology at Dana-Farber Cancer
Institute, noted that the average hospital is generating roughly 665 terabytes of
data annually, with some four-fifths of it in the unstructured forms of images, video,
and doctor’s notes. But the great limiting factor in harnessing all of this
information-feedstock is not a “big data problem,” but rather a “messy data
problem.” Find out more
[FORTUNE.COM]

Big Data
STORAGE: Tapping Big Data to Predict the Future. Franz Inc. adds future predictive
analytics to its data visualization tool, Gruff 7.0, allowing users to create what-if
scenarios and uncover hidden relationships. Read more
[NETWORKWORLD.COM]

Personal Tech
EDUCATION: As Coding Boot Camps Close, the Field Faces a Reality Check. In the
past five years, dozens of schools have popped up offering an unusual promise:
Even humanities graduates can learn how to code in a few months and join the
high-paying digital economy. Students and their hopeful parents shelled out as
much as $26,000 seeking to jump-start a career. But the coding boot-camp field
now faces a sobering moment, as two large schools have announced plans to shut
down this year – despite backing by major for-profit education companies, Kaplan
and the Apollo Education Group, the parent of the University of Phoenix. Read
more
[NYTIMES.COM]

Personal Tech
MOVING: U-Haul Introduces Self-Service Using Your Smartphone Camera. In what
it calls a first for the move-yourself industry, U-Haul International has unveiled a
self-serve truck-rental option designed for people seeking to conduct the entire
process online — day or night. Read the rest
[USATODAY.COM]
ECOMMERCE: Watch Out, Amazon: Google And Walmart Are Partnering To Enable
Voice-Based Shopping. In a bid to compete with Amazon’s Alexa virtual assistant,
which can be used as a way for customers to order from Amazon using Echo, Google
has partnered with Walmart to offer a similar service to owners of its Home smart
speaker. Find out more
[TECHTIMES.COM]

Personal Tech
TECH TIP: Finding Your iPad Backup Files. Prefer to keep your backups on the
ground and out of the cloud? If so, where does your iPad backup file live on the
computer when you back it up with iTunes? Find out
[NYTIMES.COM]

Mobile
TOOLS: How IT and End Users Can Build Mobile Apps with RMAD Tools. High-
profile cybercrime such as data theft, ransomware and computer hacks seem to be
occurring more frequently and with higher costs, but cloud computing may provide
the security that companies are searching for, experts suggest. Read more
[SEARCHMOBILECOMPUTING.TECHTARGET.COM]
ONLINE BANKING: Hackers Target Your Mobile Bank App; You Can Fight Back. A
veritable flood of consumers is heading for mobile, according to Juniper Research. It
predicts over 3 billion people around the world will be banking on mobile by 2021
— quite a lure for hackers who target financial apps. That means more people are
likely to fall prey, so bank customers will need to be ready to protect their devices
and their bank accounts. Read the rest
[NERDWALLET.COM]

Mobile
SECURITY: How to Expose Flaws in Custom-Built Mobile Apps. A software bill of
materials can help uncover known vulnerabilities and keep corporate apps more
secure. Find out more
[COMPUTERWORLD.COM]
ENTERPRISE: Enterprise Mobile Apps Are Still Treated as Second-Class Citizens.
Surveys document the rising importance of mobile apps to digital-crazed
enterprises — yet, nobody is happy with how they’re being built and deployed.
Read more
[ZDNET.COM]

Programming & Scripting Development
Client & Server-Side

NODE.js: New Node.js API Will Shield Modules from JavaScript Engine Changes.
Help is on the way for developers building native modules for Node.js, as well for
those who want to swap out the underlying JavaScript engine powering the
platform. Currently, modules must be recompiled to work with new versions of
Node.js and the JavaScript engine, which traditionally has been Google’s V8
engine. But N-API is about to make things easier by providing an API for linking in
native add-ons. Independent of the underlying JavaScript runtime, N-API will be
stable for the application binary interface (ABI) across Node versions, to insulate
add-ons from changes in the underlying JavaScript engine. Modules compiled for
one version of Node.js would then run on later versions with no need to recompile.
Read more
[INFOWORLD.COM]

JAVA: How to Convert Java Apps to JavaScript with CheerpJ. Cheerpj is a unique
tool that will convert Java bytecodes into JavaScript, allowing developers to move
their applications and software to the web with relative ease. The best part is it
doesn’t require a plugin or Java installation to work. For good measure, this means
you don’t have to go through the trouble of downloading, installing, and
configuring a Java environment and IDE. Read the rest
[JAXENTER.COM]
JAVASCRIPT: The Best JavaScript Testing Tools for React. How to choose the right
test runner, test framework, assertion libraries, and add-on tools for your React
project. Find out more
[INFOWORLD.COM]

POPULAR: Programming Languages: Python is Hottest, but Go and Swift are
Rising. Python edges out C and Java to become the most popular programming
language. Read more
[ZDNET.COM]
JAVASCRIPT: Get Started with React: The InfoWorld Tutorial. React, also known as
ReactJS, is an open source JavaScript library for building user interfaces, often for
single-page applications or to add interactive views to existing web applications
built in a variety of architectures. React is not an end-to-end JavaScript application
framework. It has no support for models or controllers, although there are projects
related to React that cover these functions, along with routing. You can easily
combine React with other architectures. NOTE: You must sign up for a free account
in order to access this tutorial. Read more
[INFOWORLD.COM]

JAVA: Microsoft Joins Java-oriented Cloud Foundry. What’s Microsoft doing
joining an open-source Platform-as-a-Service (PaaS) cloud provider, which largely
uses Java and Node.js to build applications instead of .NET Core? Easy. Corey
Sanders, Microsoft’s director of Azure Compute, told me: “That’s where the
customers are. Microsoft has been working with Cloud Foundry since 2015. It’s a
natural progression for us and our customers love running on Cloud Foundry on
Azure.” Read the rest
[ZDNET.COM]

PYTHON: A Closer Look at Python-SQL Server 2017 Integration. Do you know
everything you need to take advantage of SQL Server 2017’s support of Python?
NOTE: Email address registration required to gain access. Find out more
[ZDNET.COM]
KOTLIN: The Programmers Guide To Kotlin – The Basics. There is renewed interest
in Kotlin, the open source Java replacement language pioneered by JetBrains, now
that Google has decided to support it as the third official Android development
language. What better time could there be to find out what it is and how to use it.
Read more
[I-PROGRAMMER.INFO]

Cloud Computing
CYBERCRIME: Ransomware Can Cost Firms over $700,000; Cloud Computing May
Provide the Protection They Need. High-profile cybercrime such as data theft,
ransomware and computer hacks seem to be occurring more frequently and with
higher costs, but cloud computing may provide the security that companies are
searching for, experts suggest. Read more
[CNBC.COM]
TUTORIAL: What is Cloud Computing? Everything You Need to Know Now. Cloud
computing has evolved beyond basic SaaS, IaaS, and PaaS offerings, as the cloud
matures to become the engine of enterprise technology innovation. Read the rest
[INFOWORLD.COM]

Cloud Computing
FUTURE: Edge Computing Could Push the Cloud to the Fringe. Peter Levine, a
general partner at venture capital firm Andreessen Horowitz, has an interesting
working theory. He believes that cloud computing is soon going to take a back seat
to edge computing – and we will very quickly see the majority of processing taking
place at the device level. As crazy as that sounds – and he fully recognizes that it
does – Levine says it’s based on sound analysis of where he sees computing going –
and he believes his job as an investor is to recognize where the industry is heading
before it happens. Find out more
[TECHCRUNCH.COM]

Cloud Computing
CLOUD TECH: Cloud Computing’s Open Container Initiative Hits the 1.0 Release
Milestone. Another light-touch cloud standards effort under the auspices of The
Linux Foundation reached a milestone mid-July, with the release of the 1.0 version
of the Open Container Initiative. The Open Container Initiative is a collection of
cloud-computing companies working on a common specification for container
runtimes. Read more
[GEEKWIRE.COM]
CLOUD CAREERS: How to Move into a Coud Career from Traditional IT. From
architects to developers, there is a path from traditional IT to the gold-plated jobs in
the cloud. Read the rest
[INFOWORLD.COM]

Cloud Computing
PROJECTION: The Next Phase Of The Cloud Computing Revolution Is Here. Few
trends in information technology (IT) have had a greater impact than the rise of
cloud computing. In 2016, Amazon Web Services (AWS), the leading public cloud
provider, brought in $12.2 billion in net sales, a 55% increase over the previous year.
Today’s startup companies are practically required to have a cloud strategy or risk
losing funding. Not to mention, just about every enterprise CIO has cloud migration
and security in their top strategic mandates, and about 70% of organizations have at
least one application in the cloud. The cloud has won, and its momentum is only
expected to increase. However, not every company is equally well-positioned to
move to the cloud. Companies will need to adjust their strategies and approach to
remain competitive over the next decade. Read more
[FORBES.COM]

Cloud Computing
STRATEGY: Assessing the Key Reasons Behind a Multi-Cloud Strategy. Everyone
who follows cloud computing agrees that we are starting to see more businesses
utilize a multi-cloud strategy. The question this raises is: why is a multi-cloud
strategy important from a functional standpoint, and why are enterprises deploying
this strategy? Find out more
[CLOUDCOMPUTING-NEWS.NET]
CLOUD COMPUTING: For Firms, Here is Why it is a Challenge to Harness its
Potential. The storage of data on cloud-based servers is the latest iteration in the
digital revolution in India and has enabled organizations not only lower risks of loss
of data but has also increased remote accessibility of such data. Read more
[FINANCIALEXPRESS.COM]

Announcement
Blue Mountain Data Systems DOL Contract Extended Another Six Months
The Department of Labor has extended Blue Mountain Data Systems Inc. contract
DOLOPS16C0017 for 6 months for network administration and application
support.
U.S. Dept. of Labor, Employee Benefits Security Administration
1994 to Present Responsible to the Office of Technology and Information Systems
for information systems architecture, planning, applications development,
networking, administration and IT security, supporting the enforcement of Title I
of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue
Mountain is responsible for design, development and support for its various
enforcement database management systems, as well as all case tracking and
customer service inquiry systems. Blue Mountain also provides IT security services
to the EBSA, in the form of FISMA Assessment and Authorization, System Security
Plans, Risk and vulnerability assessments, monitoring and investigation support.

IT Security | Cybersecurity
INSIGHT: Why State and Local Government Still Struggle with Cybersecurity. State
and local governments are struggling to deal with a number of cybersecurity threats.
Tight budgets, lack of talent in the workforce and the constantly evolving nature of
threats are a few reasons why the challenge is mounting. But cybersecurity cannot
go neglected. State and local agencies store massive amounts of sensitive
constituent data such as Social Security numbers, health care records and driver
license numbers. And without a secure infrastructure, the public transportation
systems, electric grids and water plants powering our nation’s cities remain
vulnerable. Read more
[GCN.COM]
FYI: New Framework Defines Cyber Security Workforce Needs. Both the federal
government and its contractors are locked in a battle for talent with commercial
providers, each vying for the best personnel in critical areas of cybersecurity, and
each dealing with a shortage of available talent. Read the rest
[GOVTECHWORKS.COM]

IT Security | Cybersecurity
OPINION: We’re Thinking about Cybersecurity All Wrong. Obama’s former cyber
advisor, Michael Daniel, on how we need to overhaul the way we manage the new
“tool for statecraft.” Find out more
[TECHNOLOGYREVIEW.COM]
FEDERAL HIRING: One Easy Thing Your Agency Can Do to Attract More
Cybersecurity Talent. Building a well-trained cyber workforce has been a challenge
for the federal government, and the first step in that process is finding well-qualified
candidates to fill the positions. Laura Bate, senior programming associate for New
America’s Cybersecurity Initiative, said there are several factors that make that the
case, but agencies do have options to overcome the obstacles. Read more
[FEDERALNEWSRADIO.COM]

From the Blue Mountain Data Systems Blog
Programming & Scripting
https://www.bluemt.com/programming-scripting-daily-tech-update-august-31-
2017/
Cloud Computing
https://www.bluemt.com/cloud-computing-daily-tech-update-august-30-2017/
Federal Technology
https://www.bluemt.com/federal-technology-daily-tech-update-august-29-2017/
Network Security
https://www.bluemt.com/network-security-daily-tech-update-august-28-2017/

Personal Tech
https://www.bluemt.com/personal-tech-daily-tech-update-august-25-2017/
Databases
https://www.bluemt.com/databases-daily-tech-update-august-24-2017/
Penetration Testing
https://www.bluemt.com/penetration-testing-daily-tech-update-august-23-
2017/
Incident Response
https://www.bluemt.com/incident-response-daily-tech-update-august-22-2017/

Security Patches
https://www.bluemt.com/security-patches-daily-tech-update-august-21-2017/
Operating Systems
https://www.bluemt.com/operating-systems-daily-tech-update-august-17-2017/
Encryption
https://www.bluemt.com/encryption-daily-tech-update-august-16-2017/
Cloud Computing
https://www.bluemt.com/cloud-computing-daily-tech-update-august-15-2017/

Incident Response
https://www.bluemt.com/incident-response-daily-tech-update-august-11-2017/
Cybersecurity
https://www.bluemt.com/cybersecurity-daily-tech-update-august-10-2017/
Big Data
https://www.bluemt.com/big-data-daily-tech-update-august-9-2017/
Mobile Applications
https://www.bluemt.com/mobile-applications-daily-tech-update-august-8-2017/

Open Source
https://www.bluemt.com/open-source-daily-tech-update-october-5-2016/
CTO, CIO and CISO
https://www.bluemt.com/cto-cio-ciso-daily-tech-update-october-4-2016/
Programming & Scripting
https://www.bluemt.com/programming-scripting-daily-tech-update-october-3-
2016/

Open Source
https://www.bluemt.com/open-source-daily-tech-update-august-4-2017/
CIO, CTO & CISO
https://www.bluemt.com/cio-cto-ciso-daily-tech-update-august-3-2017/
https://www.bluemt.com/business-intelligence-daily-tech-update-august-1-
2017/

Security Risks Most Prevalent in Younger Workers
https://www.bluemt.com/security-risks-most-prevalent-in-younger-workers/
The Security World’s Maturation
https://www.bluemt.com/the-security-worlds-maturation/
Data Breach Concerns Keep CISOs Up At Night
https://www.bluemt.com/data-breach-concerns-keep-cisos-up-at-night/
Personalized Govt Equals Instant Gratification for Citizens
https://www.bluemt.com/personalized-govt-equals-instant-gratification-for-
citizens/

People-Centric Security
https://www.bluemt.com/people-centric-security/
Pentagon Tries BYOD To Strike Work/Life Balance
https://www.bluemt.com/pentagon-tries-byod-to-strike-worklife-balance/
Open Source Model Considered for MS Windows
https://www.bluemt.com/open-source-model-considered-for-ms-windows/
Open Internet: To Be or Not to Be?
https://www.bluemt.com/open-internet-to-be-or-not-to-be/

Malware Stays A Step Ahead Infecting One Third of Websites
https://www.bluemt.com/malware-stays-a-step-ahead-infecting-one-third-of-
websites/
Machine-Generated Data: Potential Goldmine for the CIO
https://www.bluemt.com/machine-generated-data-potential-goldmine-for-the-
cio/
Government Legacy Programs: Reuse vs. Replacement
https://www.bluemt.com/government-legacy-programs-reuse-vs-replacement/
It Takes a Whole Village to Protect Networks and Systems
https://www.bluemt.com/it-takes-a-whole-village-to-protect-networks-and-
systems/

Governance For the CIO
https://www.bluemt.com/governance-for-the-cio/
Help Desk Consolidation – Lessons Learned
https://www.bluemt.com/help-desk-consolidation-lessons-learned/
One Year Later, Companies Still Vulnerable to Heartbleed
https://www.bluemt.com/one-year-later-companies-still-vulnerable-to-
heartbleed/
Federal Projects Cultivate Worker Passion
https://www.bluemt.com/federal-projects-cultivate-worker-passion-2/

ABOUT US
Blue Mountain Data Systems Inc.
Blue Mountain Data Systems Inc. is dedicated to application
and systems development, electronic document management,
IT security support, and the automation of workflow processes.
Read more about our experience here:
>> http://bluemt.com/experience

Recent Experience
U.S. Dept. of Labor
Employee Benefits Security Administration
1994 to Present
Responsible to the Office of Technology and Information Systems for information
systems architecture, planning, applications development, networking,
administration and IT security, supporting the enforcement of Title I of the
Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue
Mountain is responsible for design, development and support for its various
enforcement database management systems, as well as all case tracking and
customer service inquiry systems. Blue Mountain also provides IT security services
to the EBSA, in the form of FISMA Assessment and Authorization, System Security
Plans, Risk and vulnerability assessments, monitoring and investigation support.

MANAGEMENT
Paul T. Vesely
Founder, President, CEO and Principal Architect
Mr. Vesely is a recognized thought leader in systems
architecture and delivery, having designed and
delivered many enterprise wide information and
document management solutions. Mr. Vesely’s history
includes 33 years experience in the information
systems industry, with Unisys, Grumman, PRC and a
host of clients in both government and private sectors.

CONTACT US
Contact Us Today to Discuss Your Next IT Project
HEADQUARTERS
366 Victory Drive
Herndon, VA 20170
PHONE 703-502-3416
FAX 703-745-9110
EMAIL
paul@bluemt.com
WEB
https://www.bluemt.com

Tech Update Summary from Blue Mountain Data Systems August 2017

Recommandé

Recommandé

Contenu connexe

Dernier

Dernier (20)

En vedette

En vedette (20)

Tech Update Summary from Blue Mountain Data Systems August 2017