Tech Update Summary from Blue Mountain Data Systems December 2016

Blue Mountain Data Systems Tech Update Summary
December 2016

For CTOs, CIOs & CISOs
Visit Blue Mountain Data Systems
https://www.bluemt.com

For CTOs, CIOs & CISOs
Every business day, we publish a Daily Tech Update for Federal & State CTOs ,CIOs & CISOs on the Blue
Mountain Data Systems Blog. We hope you will visit our blog for the latest information.
You can also receive these updates via email. Click here to subscribe.
Here’s the summary of the Daily Tech Updates for December 2016. Hope the information and ideas
prove useful.
Best,
Paul Vesely
President and Principal Architect
Blue Mountain Data Systems Inc.

Encyption
FUTURE: Three Touchy Questions for Tech Leaders to Ask Trump. The incoming
administration will inherit contentious policy debates about cybersecurity, privacy,
and Internet regulation. Read more
[TECHNOLOGYREVIEW.COM]
SECURITY: This App Wants to Be Your Encrypted, Self-Destructing Slack. If you use
a workplace collaboration tool like Slack or Hipchat, it’s easy to fall into an
assumption of privacy, throwing around gossip and even sensitive business as if it
were normal cubicle chatter. It’s not. Anything you write in one of those
collaborative chatrooms can be stored, and is potentially vulnerable to government
surveillance, hacking, or a subpoena in a run-of-the-mill lawsuit. The encrypted-
messaging startup Wickr wants to solve that potential Slack-snooping problem.
Find out more
[WIRED.COM]

Encyption
TWITTER: Are Encrypted Direct Messages Coming to Twitter? Following his chat
with whistleblower Edward Snowden, @Jack dropped a hint about what privacy
features might be in the cards for Twitter. In the tweeted exchange, Dorsey and
Snowden continued the conversation that streamed on Periscope Tuesday, veering
back to the topic of Twitter itself. When Snowden asked if Twitter might consider
making the platform’s private messages more secure in some way, Dorsey left the
door open for a major security tweak. Find out more
[TECHCRUNCH.COM]

Encyption
OPINION: Mandate Encryption for All Devices. In today’s ever-connected society,
the need for strong, mandatory encryption for all devices is more important than
ever. Current events have shown us the dangers which an unencrypted society
faces – from losses of personal information to leaking critical vulnerabilities in our
nation’s infrastructure. If the federal government wants to ensure a greater degree
of safety (and privacy) for its civilians, it should reverse its stance on encryption
and learn to embrace it as a valuable security tool. Read the rest
[CAVALIERDAILY.COM]

Federal, State & Local IT
REPORT: Cloud Enters Mainstream in Federal IT Investment Plans. United States
government agencies will continue to invest hefty sums in cloud computing
technology over the next five years. After that period, spending on cloud is likely to
moderate, but the amount of investing will remain at impressive levels. Find out
more
[ECOMMERCETIMES.COM]
READ: Debt Myths, Debunked. Sometime in early December, the federal
government’s official debt will likely cross the $20 trillion mark – an amount no
country has ever owed. As we approach this milestone, there are a few myths
regarding the debt that should be debunked. Find out more
[USNEWS.COM]

CHIEF INNOVATION OFFICERS: An Unclear Role in the Federal Government.
Federal obsession with innovation is rampant. The government appears intent
upon emulating a Silicon Valley-style startup culture that can keep up with the
evolution of commercial technology – or at least shake up how agencies approach
problems. Its efforts include the Presidential Innovation Fellows program, a one-
year tour of duty lawmakers are attempting to make permanent; the digital
consultancy 18F, which aims to help other agencies buy agile software
development; and a rash of incubator-style hubs where employees can build out
their own ideas. Find out more
[NEXTGOV.COM]

COLLEGES: Federal Government Shuts Down Controversial College Watchdog. An
organization that was supposed to oversee the embattled for-profit college
industry and protect students from fraud lost its recognition Monday, potentially
putting hundreds of thousands of students in limbo. The Secretary of Education
ruled Monday to terminate his agency’s recognition of the Accrediting Council for
Independent Colleges and Schools (ACICS), which critics say allowed billions of
dollars in federal financial aid funds to flow to bad actors. Find out more
[MARKETWATCH.COM]

Databases
SLIDESHOW: Gartner's 19 In-Memory Databases for Big Data Analytics. Amid the
big data boom, the in-memory database market will enjoy a 43 percent compound
annual growth rate (CAGR) – leaping from $2.21 billion in 2013 to $13.23 billion in
2018, predicts Markets and Markets, a global research firm. What’s driving that
demand? Simply put, in-memory databases allow real-time analytics and situation
awareness on "live" transaction data – rather than after-the-fact analysis on "stale
data,” notes a recent Gartner market guide. Here are 19 in-memory database
options mentioned in that Gartner market guide. Find out more
[ENTERPRISETECH.COM]

Databases
CrateDB: Tackles Machine Analytics with Scale-Out SQL Database. Developers
who want to analyze big, fast-moving machine data without the complexity of a
NoSQL database have another option in CrateDB, an open source, scale-out SQL
database that just became generally available today. The CrateDB project began
two years ago when a group of German programmers felt dissatisfied with the
database options available to them for storing and analyzing fast-moving machine
data, including security log files and sensor data from the Internet of Things. Find
out more
[DATANAMI.COM]

Databases
VIDEO: But I Need a Database that _Scales_. Aaron Spiegel reviews common
scaling techniques for both relational and NoSQL databases, discussing trade-offs
of these techniques and their effect on query flexibility, transactions and
consistency. Find out more
[INFOQ.COM]
GRAPH DATABASES: How Neo4j is Taking Graph Databases into the Mainstream.
Q&A with Neo4j CEO Emil Eifrem on the development of the graph database, his
biggest competition, and taking on the enterprise. Read the rest
[ZDNET.COM]

More About Blue Mountain
BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S.
Dept. of Labor, Employee Benefits Security Administration. Responsible to the
Office of Technology and Information Systems for information systems
architecture, planning, applications development, networking, administration and
IT security, supporting the enforcement of Title I of the Employee Retirement
Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for
design, development and support for its various enforcement database
management systems, as well as all case tracking and customer service inquiry
systems. Blue Mountain also provides IT security services to the EBSA, in the form
of FISMA Assessment and Authorization, System Security Plans, Risk and
vulnerability assessments, monitoring and investigation support. Read more.

Electronic Document Management

SECURE DOCUMENTS: 18 Ways to Secure Your Electronic Documents. Electronic
Document Management Systems (EDMS) are electronic repositories designed to
provide organized, readily retrievable, collections of information for the life cycle of
the documents. How can you keep these electronic files secure during the entire
chain of custody? Here are 18 security suggestions. Read more
[BLUEMT.COM]
LEGAL DEPT DOCUMENT MANAGEMENT: Investing in New Technologies: How
Corporate Legal Departments Are Leading the Way. Many departments are looking
to technology to assist with automation of processes, resource and budgetary
management, and tracking. Connie Brenton, co-founder of Corporate Legal
Operations Consortium (CLOC), a non-profit association of legal operations
executives, explains, “Corporate executives expect the GC’s office to be a business
counselor to the firm, and to discuss numbers, data and analytics. Efficiency is now
essential for legal departments, and this has advanced software’s role and
accelerated technology adoption.” Find out more
[INSIDECOUNSEL.COM]

CFPB: Looks to Embrace Cloud for Email, Office Application Needs. The Consumer
Financial Protection Bureau wants to move to a public cloud setup for some of its
core enterprise apps. The financial watchdog agency recently sent out a Request
for Information (RFI) on the process, technical requirements and costs of moving to
cloud services in fiscal year 2017. CFPB wants to establish a more complete
understanding on the costs associated with moving fully to a cloud solution for
email and office applications (e.g., documents, spreadsheets, presentations,
SharePoint and more).Read the rest
[FEDTECHMAGAZINE.COM]

ROI: 4 Ways Business Document Management Software Can Save You Money. Lisa
Croft, Group Product Marketing Manager at Adobe Document Cloud, talks about
the many ways business document management can save your company time,
space, and more importantly, loads of money. Here are the four most obvious ways
these tools provide excellent return-on-investment. Read more
[PCMAG.COM]

Security Patches
MICROSOFT: Modifies November Patches to Bypass Lenovo Server Conflicts.
Microsoft released patches for Server 2016, 2012R2, and 2012 on Nov. 8 that
freeze specific Lenovo servers on reboot. The servers don’t finish the POST process
and hang at the Lenovo splash screen. After many complaints, Lenovo issued six
new UEFI firmware patches on Nov. 22. The next day, Microsoft altered six of its
security patches, including the latest Win10 version 1607 cumulative update, KB
3200970, to add logic bypassing automatic installation of those patches on the
affected servers. Read more
[INFOWORLD.COM]

Security Patches
TOR: Patched Against Zero Day Under Attack. The Tor Project has provided a
browser update that patches a zero-day vulnerability being exploited in the wild to
de-anonymize Tor users. “The security flaw responsible for this urgent release is
already actively exploited on Windows systems. Even though there is currently, to
the best of our knowledge, no similar exploit for OS X or Linux users available, the
underlying bug affects those platforms as well,” the Tor Project said in its
announcement. “We strongly recommend that all users apply the update to their
Tor Browser immediately. A restart is required for it to take effect.” Find out more
[THREATPOST.COM]
XXS: Flaw on Wix Leaves the Door Open to Worms. A researcher found a cross-
site scripting flaw in Wix templates that a worm could have used to infect all Wix-
hosted sites, but couldn’t find a way to report the vulnerability. Find out more
[INFOWORLD.COM]

Security Patches
FIREFOX: Updated for Security Bugs. Mozilla has released a number of security
fixes affecting two of its Firefox browsers: the widely used consumer edition, v50,
and ESR 45.5, intended for enterprises which manage client desktops. Read the
rest
[SCMAGAZINE.COM]

For the CIO, CTO & CISO
CTO: 5 Key Skills Needed To Succeed As A CTO. Is your dream career to become the
Chief Technology Officer (CTO) of a company you love? According to a list of former
and current CTOs, you should start perfecting these skills. Read more
[FORBES.COM]
CIO: Why AWS is the IBM for the Cloud Computing Age. Scalable cloud computing
that helps businesses get up and running quickly and securely means you’ll never
get fired for buying Amazon Web Services. Find out more
[CIO.COM]

CIO, CTO & CISO
CISO: Aflac CISO Tim Callahan on Global Security, Risk Management. With
today’s cyberthreats, the CISO has to know more about intelligence, working
with government and private industry, and how to tailor the security program to
further the business. Find out more
[SEARCHSECURITY.TECHTARGET.COM]
CAREERS: Arkansas CTO Mark Myers Resigns. The details surrounding Arkansas’
abrupt IT leadership changes are few, but what is clear is that a recent forced
resignation signals a potential shift in the state’s direction. Read the rest
[GOVTECH.COM]

Penetration Testing
ANALYTICS: The New Security Mindset: Embrace Analytics To Mitigate Risk.
Merely conducting a penetration test may find a weakness. But conducting a
creative analysis of the network and carefully analyzing the results will truly
identify key areas of risk. Security professionals who can sniff out abnormalities
in their IT network and applications can foil intruders’ plans before they escalate.
This is a far different approach than simply finding a single weakness and then
declaring “mission accomplished.” Read more
[DARKREADING.COM]

Penetration Testing
HOW TO: Respond to Social Engineering Incidents: An Expert Interview. Steven
Fox is a top government cybersecurity expert, Distinguished Fellow with the
Ponemon Institute and frequent speaker at top security events all over America.
In this exclusive interview, Steven shares several low-tech but sophisticated
social engineering techniques that hackers use to gain (unauthorized) privileged
access into government systems and large and small company networks. Most
important, what can we do to prevent fraud and respond to incidents that do
occur? Find out more
[GOVTECH.COM]
TOOL: Where’s the BeEF? BeEF is short for The Browser Exploitation Framework.
It is a penetration testing tool that focuses on the web browser. Read more
[GITHUB.COM]

Penetration Testing
RISK MANAGEMENT: The Truth About Penetration Testing Vs. Vulnerability
Assessments. Vulnerability assessments are often confused with penetration
tests. In fact, the two terms are often used interchangeably, but they are worlds
apart. To strengthen an organization’s cyber risk posture, it is essential to not
only test for vulnerabilities, but also assess whether vulnerabilities are actually
exploitable and what risks they represent. To increase an organization’s
resilience against cyber-attacks, it is essential to understand the inter-
relationships between vulnerability assessment, penetration test, and a cyber
risk analysis. Find out more
[SECURITYWEEK.COM]

Open Source
FEDERAL GOVERNMENT: Code.gov is the US Government’s Open-Source
Software Hub. Back in August, the Obama Administration announced a new
policy that requires 20 percent of the federal government’s software projects be
open source. To make all of that material easily accessible, there’s now a place
for you to view all of the code. Code.gov is the web-based hub for the initiative
and it features around 50 projects from 10 different agencies. Those projects
include the White House Facebook chat bot, Data.gov and the “We the People”
petitions API. Read more
[ENGADGET.COM]

Open Source
VIDEO: Technical Writing as Public Service: Working on Open Source in
Government. What if U.S. federal agencies decided to reuse and contribute to
open source software projects built by other agencies, since agencies often have
similar technology problems to solve? And what if they hired technical writers
with open source community experience to write documentation for these
projects? Britta Gustafson explains surprising and rewarding aspects of working
on documentation in government, through the lens of the cross-agency
eRegulations project. Find out more
[YOUTUBE.COM]

Open Source
TOOLS: 10 Open Source Tools for Your Sysadmin Toolbox. Here’s a handy list of
open source tools for admins, highlighting well-known – and not-so-well-known
– tools that have released new versions in 2016. Find out more
[OPENSOURCE.COM]
OPINION: Open Source Has Won, and Microsoft Has Surrendered. Many Linux
users are ticked off and anxious about Microsoft joining the Linux Foundation.
They are missing the real significance of that move. Read the rest
[COMPUTERWORLD.COM]

Business Intelligence
AMAZON: AWS Launches Enterprise Tier of its QuickSight Business Intelligence
Tool. Public cloud infrastructure provider Amazon Web Services (AWS) today
announced the availability of an enterprise tier of its Amazon QuickSight cloud
software for business intelligence (BI). AWS launched QuickSight out of preview last
month after introducing it a year ago. The new Enterprise Edition stands out from
the Standard Edition in a few important ways. First, organizations can connect it
with Microsoft’s Active Directory identity management software, whether it’s
running on AWS or in an on-premises data center.. Find out more
[VENTUREBEAT.COM]

LEADERSHIP: In Business Intelligence, Sound Governance Drives Adoption And
Success Via Enablement. How are best-of-breed BI programs able to balance self-
service against the need for data governance? In Forbes' October 2016 report
"Breakthrough Business Intelligence," those companies achieving the greatest value
from their BI programs were doing so through a nuanced and sophisticated blend of
governance and distributed BI. Find out more
[FORBES.COM]
CHANGE MANAGEMENT: Health Care Leaders About Their Industry, and They’re
Worried. However the Trump administration and the Republican U.S. Congress
replace or revamp the Affordable Care Act, it is unlikely to halt America’s ongoing
move from the rightfully maligned fee-for-service payment system to one that pays
for "value" - the quality of outcomes relative to the price. Despite the progress
that’s been made, there is still a long way to go. What new investments will be
required? What legacy costs will be incurred as providers strive to optimize their
business processes to deliver comprehensive value-based health care? How will
leadership teams and boards of directors orchestrate the strategic transformations
of their currently successful businesses? Find out more
[HBR.ORG]

READ: 12 Ways to Empower Government Users With the Microsoft Business
Intelligence (MBI) Stack. Are your organization’s Federal IT resources under
constant pressure, with no end in sight? Your agency is not alone. With limited
access to dedicated information technology resources, non-technical end users
often play the waiting game, relying on IT staff to do simple tasks like generating
custom queries and embedding them within applications. Here are ways to
empower your end users with the Microsoft Business Intelligence (MBI) Stack. Find
out more
[BLUEMT.COM]

Operating Systems
GOOGLE: Just Launched A Totally New Operating System. Android Things, Google’s
new operating system to power your toasters, routers, refrigerators and just about
everything. Find out more
[TECHWORM.COM]
OPEN SOURCE: Why the Operating System Matters Even More in 2017. The
computing technology landscape has changed considerably over the past couple of
years. This has had the effect of shifting how we think about operating systems and
what they do, even as they remain as central as ever. Consider changes in how
applications are packaged, the rapid growth of computing infrastructures, and the
threat and vulnerability landscape. Find out more
[OPENSOURCE.COM]

Operating Systems
SERVERS: Future of the Server Operating System. Microsoft’s new Windows Server
2016 operating system (OS) is just being launched. Linux is celebrating its 25th
birthday. IBM has its mainframe operating system and its Power operating system,
Oracle has Solaris – and that is just a few of the OSs that still abound in the market.
But what is the role of an OS in the modern world? Here’s a look at the evolution of
the server operating system, and how the next generation is moving into the cloud.
Find out more
[COMPUTERWEEKLY.COM]

Operating Systems
NIST: Enterprise Linux 7.1 meets NIST Crypto Standards. Red Hat’s Enterprise Linux
7.1 has been awarded a critical security certification for nine modules, including its
OpenSSL component. According to company officials, the certifications establish the
platform as a secure operating system for mission-critical systems and national
security data. The National Institute of Standards and Technology sets standards for
federal cryptographic-based security systems, including those in open-source
software libraries. The Federal Information Processing Standard 140-2 was
established in 2001 for native systems that process sensitive information, secure
communications and encrypt data. Read the rest
[GCN.COM]

Incident Response
CYBERSECURITY: Distributed Denial of Service Attacks - Four Best Practices for
Prevention and Response. In November 2016, Internet users across the eastern
seaboard of the United States had trouble accessing popular websites, such as
Reddit, Netflix, and the New York Times. As reported in Wired Magazine, the
disruption was the result of multiple distributed denial of service (DDoS) attacks
against a single organization: Dyn, a New Hampshire-based Internet infrastructure
company. DDoS attacks can be extremely disruptive, and they are on the rise. The
Verisign Distributed Denial of Service Trends Report states that DDoS attack activity
increased 85 percent in each of the last two years with 32 percent of those attacks
in the fourth quarter of 2015 targeting IT services, cloud computing, and software-
as-a-service companies. Find out more
[INSIGHTS.SEI.CMU.EDU]

Incident Response
STATE GOVERNMENT: How Government Can Become More like Amazon. Colorado
CIO Suma Nallapati wants to transform IT systems so that people look forward to
interacting with government. Find out more
[GOVTECH.COM]
SLIDESHOW: 6 Security Best Practices You Need to Have In Place. Information
security firm ID Experts recently engaged a number of thought leaders that included
attorneys, insurance executives and security professionals to share six best
practices on preparing for and responding to a data breach. Here is what they want
you to know. Find out more
[INFOMATION-MANAGEMENT.COM]

Incident Response
GOVERNMENT: Hackers Expect Replies, Not Rewards, for Finding Bugs. More than
9 in 10 cybersecurity researchers who find software vulnerabilities generally let the
makers know and coordinate their disclosure, according to a survey from a
Commerce Department working group. Find out more
[CYBERSCOOP.COM]

Incident Response
NEWS: Positioning Security Intelligence in Front of Incident Response. With recent
announcement of IBM’s $200 million commitment to expanding its security
leadership position in the incident response (IR) market, IBM is working to help
clients address the challenges in adopting a more proactive approach to IR. As part
of the initiative, IBM established a new global incident response team. The mandate
for IBM X-Force Incident Response and Intelligence Services (IRIS) is to deliver the
next evolution in incident response management. Read more
[SECURITYINTELLIGENCE.COM]
US-CERT: Updates Cybersecurity Incident Notification Guidelines. New
cybersecurity incident reporting guidelines will go into effect on April 1, 2017,
designed to help federal, state, and local organizations. Find out more
[HEALTHITSECURITY.COM]

Incident Response
DHS: Georgia Incident Was Legitimate Work, Not a Hack. The Department of
Homeland Security told Georgia’s Office of Secretary of State that the IP address
associated with an attempted breach of the state agency’s firewall was tracked to
an office in U.S. Customs and Border Protection, a revelation that has DHS “deeply
concerned.” According to DHS, someone on the federal department’s security
network was conducting legitimate business on the state office’s website, verifying
a professional license administered by the state. The state office manages
information about corporate licenses and certificates on its website. Find out more
[FEDSCOOP.COM]

Incident Response
LEARN: 10 Tips for Planning, Leading and Learning From a Cybersecurity Tabletop
Exercise. The National Institute of Standards and Technology (NIST) recommends
that organizations not only develop incident response plans, but also maintain them
in a “state of readiness” and engage in exercises to “validate their content.” The
potential vehicles for such tests can take many forms, but one of the most common
and easy to implement is a “tabletop exercise.” Read the rest
[CORPCOUNSEL.COM]

Tech Research News
MIT: Cache Management Improved Once Again. New version of breakthrough
memory management scheme better accommodates commercial chips. A year
ago, researchers from MIT’s Computer Science and Artificial Intelligence
Laboratory unveiled a fundamentally new way of managing memory on
computer chips, one that would use circuit space much more efficiently as chips
continue to comprise more and more cores, or processing units. In chips with
hundreds of cores, the researchers’ scheme could free up somewhere between
15 and 25 percent of on-chip memory, enabling much more efficient
computation. Their scheme, however, assumed a certain type of computational
behavior that most modern chips do not, in fact, enforce. Last week, at the
International Conference on Parallel Architectures and Compilation Techniques –
the same conference where they first reported their scheme – the researchers
presented an updated version that’s more consistent with existing chip designs
and has a few additional improvements. Read more
[NEWS.MIT.EDU]

Tech Research News
REPORT: Digital Readiness Gaps. According to Pew Research Center, Americans
fall along a spectrum of preparedness when it comes to using tech tools to
pursue learning online, and many are not eager or ready to take the plunge. Find
out more
[PEWINTERNET.ORG]
DOD: Ashton Carter – Cyber Tech, Automation, Biological Research Essential for
DoD Missions. Defense Secretary Ashton Carter has said automated systems,
cyber technology and biological research efforts are necessary to keep the
Defense Department moving forward. Find out more
[EXECUTIVEGOV.COM]

Tech Research News
FITNESS TRACKING: Weight Loss On Your Wrist? Fitness Trackers May Not Help.
Fitness trackers remain wildly popular, but do they make us fit? Maybe not,
according to a study that asked overweight or obese young adults to use the tiny
tracking tools to lose weight. Read the rest
[NPR.ORG]

Search Technology
SOLR: Not Just For Text Anymore. When Solr came out, it was supposed to be an
OpenSource text search engine. Now it has a big place in Big Data. Read what
Ness's CTO, Moshe Kranc has to say about how it has evolved. Read more
[DZONE.COM]
INGALLS: Spring Data 'Ingalls' Release Train Leaves Station. The Spring Data team
has announced the first milestone release of the Ingalls Release Train. This
coordinated release of subprojects under the Spring Data umbrella ships with 230
fixes and a number of new features. Find out more
[ADTMAG.COM]

Search Technology
GOOGLE: Announces New Cloud Natural Language API While Cloud Search API Goes
Beta. Google says that the Cloud Natural Language API gives developers access to
three Google-powered engines– sentiment analysis, entity recognition, and syntax
analysis. The service is currently available in open beta and is based on the
company’s natural language understanding research. It will initially support three
languages– English, Spanish and Japanese and will help developers reveal the
structure and meaning of your text in the given language. Read more
[THETECHPORTAL.COM]
AMAZON: Amazon EC2 Container Service Now Supports Networking Modes and
Memory Reservation. Docker networks provide isolation for your containers. It is
important to have control over the networks your applications run on. With
Amazon ECS, you can now specify an optional networking mode for your containers
that cater towards different use cases. Find out more
[DABCC.COM]

Application Development
IoT: Why App Development Is The Key To Unlocking The IoT Vault. Solution
providers are positioning themselves for success in the lucrative Internet of Things
market by bolstering their application development teams. Companies bringing IoT
solutions to market face several hurdles, including interoperability, security and
data management challenges – and staffing up with IoT application developers is
critical for tackling these issues. Read more
[CRN.COM]
SDKS: How Imaging SDKs Can Solve Today’s Application Development Challenges. In
a mobile-first world, developers understand the importance of creating a next-
generation app that fits in with client or user expectations. Developers should
consider the myriad of SDK options if they want to improve functionality for the
user, especially imaging SDKs. Although they are a niche market, these SDKs can
add better imaging capabilities and target industry-related problems that
companies are trying to tackle. Find out more
[SDTIMES.COM]

Application Development
SECURITY: Application Security Requires More Talk Than Tech. If you think
application security only involves installing a tool, or scanning a few apps and
moving on, you’re wrong. Application security is a unique security initiative, and its
success hinges on people as much as technology. Read more
[INFOWORLD.COM]
SPEED: How to Speed Enterprise App Development and Meet Digital
Transformation Demands. Low-code platforms are key in accelerating digital
transformation with rapid application development. Find out more
[INFORMATION-AGE.COM]

BYOD
SLIDESHOW: 6 Best Practices for Managing BYOD Technology. The mobile workforce
population is expected to surpass 105 million by 2020, according to IDC. Keeping all
those workers and devices from causing security risks is becoming increasingly hard.
Here are 6 tips on how to best manage it all. Find out more
[INFORMATION-MANAGEMENT.COM]
POLICY: 10 Best Practices For BYOD Policy. Bring-your-own device doesn't have to
mean bring your own security problems. Many enterprises now allow users to access
corporate resources via their personal mobile devices. According to a global survey of
CIOs by Gartner, nearly 40 percent of companies by 2016 will require employees to
provide their own mobile products. Find out more
[DARKREADING.COM]

BYOD
CIO: Shadow BYOD Runs Rampant in Federal Government. A new survey highlights
the extent to which government employees insist on bringing their own devices to
work, despite rules to the contrary. Find out more
[CIO.COM]
NIST: Gives Agencies Guidance on Boosting Cybersecurity for BYOD, Telework.
Security concerns increase as more federal offices offer workers greater flexibility
through telework options and the ability to use their own devices. Read the rest

Big Data
WHY: Cultural Change Is Necessary For Big Data Adoption. Love it or hate it, big
data is here to stay. As data volumes and sources of data proliferate at ever
increasing rates, leading companies will be forced to plan for a data-driven future.
Data is pervasive. Businesses operate in an Age of Data. Rapid access to the latest
data can accelerate innovation and disrupt traditional markets. Businesses are
finding new ways to do business that serve their customers more effectively and
responsively. Businesses can adapt or risk burying their heads in the sand. Should
there be any doubt about the prevalence of data, consider these few “data points”.
Read more
[FORBES.COM]

Big Data
PODCAST: Hadoop, Kafka Creators Big on Big Data Streaming Analytics. In this
edition of the Talking Data podcast, big data streaming analytics comes into focus.
The technology formed a strong undercurrent at Strata + Hadoop World 2016. Find
out more
[SEARCHDATAMANAGEMENT.TECHTARGET.COM]
REAL TIME ECONOMICS: How Big Data Is Creating a Detailed Picture of U.S.
Earnings. A new monthly report from Glassdoor uses millions of employees’
reviews of their employers to estimate U.S. wage growth. Find out more
[BLOGS.WSJ.COM]

Mobile Applications
INTERVIEW: Why Developers Benefit When Implementing a Cloud Backend into
Apps. Here’s an interview with Ashruti Singh, Product Marketing Manager for SAP
HANA Cloud Platform at SAP, who discusses how app developers stand to benefit
from implementing mobile cloud back ends into their programs and where she sees
the future of mobile app development heading in 2017. Read more
[APPDEVELOPERMAGAZINE.COM]
FED TECH: Why Citizen Input is Crucial to the Government Design Process. As
digital technology practices such as modular procurement and DevOps become
widely adopted across government, the gap between IT and operations is closing
and benefits from the new approach are becoming clearer each day. Now,
government must take the next step: close the gap between citizen-specific needs
and the process for designing, developing and deploying digital government. Find
out more
[NEXTGOV.COM]

Mobile Applications
MANAGEMENT: Organizations Need to Balance Value and Security When
Adopting New Mobile Devices. As new products hit the market, enterprises must
decide whether to introduce the device or wait. Find out more
CLOUD: Will Digital Economy Create A Developer Shortage? As more companies
seek to transform themselves digitally and effectively become software companies,
some are going to have trouble filling “the developer gap,” according to a Cloud
Foundry report. Read the rest
[INFORMATIONWEEK.COM]

IT Management
TECH MANAGEMENT: Decentralized IT Management Raises Concerns. IT isn't happy
about the shift to decentralized IT management, so VMware tries to provide the best
of both worlds: developer flexibility and centralized IT. Find out more
[NETWORKWORLD.COM]
DOD: Congress Creates New DoD Chief Management Officer, Punts on Role of CIO.
The annual Defense authorization bill Congress sent to the President last week
includes several provisions to redraw the Defense Department's organizational chart,
including one that creates a powerful new Chief Management Officer whose primary
job will be overseeing and reforming DoD headquarters functions. While the
department already has a full-time position - the deputy chief management officer -
to handle functions like business process reengineering and other management
concerns, the new position will carry more stature in the Defense bureaucracy. Find
out more
[FEDERALNEWSRADIO.COM]

IT Management
VETERANS AFFAIRS: VA CIO Creating IT Demand Management Office. The
Department of Veterans Affairs will launch a new tech office in 2017 to help meet the
needs of the department's health care, benefits and cemetery lines of business. Ron
Thompson, who was the principal deputy assistant secretary and deputy CIO for VA's
Office of Information and Technology, will lead the creation of a new Demand
Management Office. Find out more
[FEDSCOOP.COM]
LEARN: What Great Managers Do Daily. So much depends upon managers. For
example, a Gallup study found that at least 70% of the variance in employee
engagement scores is driven by who the boss is. This is disconcerting because the
same research found that about 70% of people in management roles are not well
equipped for the job. This state of affairs is hurting not just employee engagement
and quality of life, but also corporate performance. What makes managers of highly
engaged employees different than the rest on a day-to-day basis? Read the results of
a recent survey. Find out more
[HBR.ORG]

Programming & Scripting Development
Client & Server-Side

HISTORY: Top 10 Programming Languages and Their Inventors. Behind every great
product, there is a great man or woman. Ditto for the programming languages.
Each programming language was developed by a man/woman who sought to think
different. Some made it to the top of the charts while other fell by wayside. Here
are the top 10 programming languages and their inventors. Read more
[TECHWORM.NET]
JAVA: Oracle Cuts Management, Messaging Specs in Java EE 8. Oracle is making
good on plans to cut management and messaging improvements from the next
version of enterprise Java. The company is axing Management 2.0 and Java
Message Service (JMS) 2.1 from the Java EE 8 road map. Also, Oracle is
investigating a possible transfer of the MVC functionality planned EE 8 to another
community member or organization. Find out more
[INFOWORLD.COM]

JAVASCRIPT: 15 JavaScript Frameworks and Libraries. JavaScript’s open source
stance is also one of the best. Contrary to popular belief, JavaScript is not a project,
but a specification with an open standard where the language is evolved and
maintained by its core team. ECMAScript, another fancy name of JavaScript, is not
open source, but it too has an open standard. Find out more
[OPENSOURCE.COM]
HTML5: HTML 5.1 Is Here, Replaces HTML5 As The New “W3C Recommendation”.
The World Wide Web Consortium (W3C) has released the official HTML 5.1
specification. In an announcement, W3C said that the specification defines “the
5th major version, first minor revision” of the core language of the World Wide
Web: the HTML. This way, 5.1 has become a “W3C Recommendation”, replacing
HTML 5. Read the rest
[FOSSBYTES.COM]

BEST PRACTICES: More Guidelines and Best Practices on Asynchronous
Programming. Follow the recommended practices when working with
asynchronous programming to achieve scalability and performance benefits. Read
more
[INFOWORLD.COM]
JAVA: Latest Java 9 Schedule Appears to Be at Risk from the Outset. After
reaching approval of the feature extension process, Oracle has confirmed July 2017
as the new target for the Java 9 release. The date is very similar to that previously
predicted by InfoQ, although for various reasons this might indicate risk: while our
estimation was based on a feature extension period of three months, the actual
period will last seven months, with cuts in testing effort to make up the difference.
Early, informal testing might be in place to compensate. Find out more
[INFOQ.COM]

PHP: New PHP Release Brings Another Speed Boost. The PHP 7 line, which
debuted a year ago, has received its first point release upgrade, improving
performance and featuring nullable types. Version 7.1.0 also offers capabilities like
a void return type and class constant visibility modifiers. But a key PHP advocate
stressed performance. The upgrade “[provides] up to 35 percent better
performance in CPU-intensive workloads,” said Zeev Suraski, CTO at PHP tools
producer Zend. Find out more
[INFOWORLD.COM]
C#: Amazon Cloud Adds C# Support to Lambda Service. Amazon Web Services Inc.
(AWS) announced that its AWS Lambda tool — providing serverless functionality
for projects such as app back-end services — now supports Microsoft’s C#
programming language. AWS said developers using the Lambda service can run
their code without having to worry about provisioning or managing servers, using a
pay-as-you-go pricing model. Read the rest
[ADTMAG.COM]

Cloud Computing
GOOGLE CLOUD: Have Cloud Your Way: Step-by-Step Best Practices for Secure
Migration. Get insights about Google’s security technology underpinnings within GCP
that protect your data and your customers. Learn about Google’s views on threats,
end-to-end security, and solutions at each point of potential compromise. Read more
[YOUTUBE.COM]
HOW: Will Amazon’s Cloud-Computing Price Cuts Impact Investors? The growth of
Amazon’s cloud-computing platform, known as AWS, has been a major factor in the
company’s recent spurt of profit growth. But in typical Amazon fashion, the company
is prepared to completely backpedal on AWS’ profits in order to beat out the
competition and grab an even bigger piece of the market down the road. Find out
more
[FOOL.COM]

Cloud Computing
PUBLIC VS. PRIVATE CLOUD: 5 Trends to Watch. Security tops the concerns of
federal information technology managers as they look to move data and
applications into the cloud – and that’s consistent with other public sector IT
executives. But federal managers are substantially more likely to settle on private
cloud solutions when compared to those managing state and local or higher
education IT services. Here are five trends that define the differences between how
IT chiefs in each sector are approaching cloud migration. Find out more
[GOVTECHWORKS.COM]
FEDS: Rest Their Digital Transformation Hopes on the Cloud. Like most businesses,
the U.S. federal government is being forced to evolve their IT operations to
accommodate today’s mobile- and cloud-enabled workstyles (and lifestyles). A
recent survey from Dell EMC, conducted by Penn Schoen Berland (PSB), reveals that
most agencies are rising to the occasion. Read the rest
[DATAMATION.COM]

Cloud Computing
TRENDS: 6 Trends That Will Shape Cloud Computing in 2017. Public, private and
hybrid cloud implementations will accelerate in 2017 as CIOs seek to take advantage
of the cloud’s economies of scale to build core applications. Read more
[CIO.COM]
AMAZON: Cloud Computing Remains Secure. Amazon.com Inc.’s top cloud
computing executive said that even with last week’s massive internet outages, the
web remains the most secure place for companies to run their computing. Amazon
Web Services CEO Andy Jassy said that for most companies, security is “priority
zero.” Find out more
[WSJ.COM]

Cloud Computing
NETWORKS: Your Network, IoT, Cloud Computing and the Future. Anyone in charge
of a network has to think about how that network will evolve. Find out more
[NETWORKWORLD.COM]
READ: Cloud Investments & the Future of Cloud Computing. The cloud industry is
evolving – a point that is made abundantly clear by the scope of industry
investments being made today. In the early days of cloud, investments went toward
companies that were working to create acceptable usable cloud experiences for
users. These companies were focused on fundamentals, such as cloud security and
cloud maintenance. Read the rest
[ENTERPRISETECH.COM]

Cloud Computing
SLIDESHOW: 10 Examples of the AWS Path of Disruption. $13 billion later…Amazon
Web Services is not only a serious contender in the enterprise, it has changed the
business strategy of some of the biggest names in tech. Read more
[CIO.COM]
LOCAL: Seattle’s Cloud-Computing Boom is New Force Helping to Drive
Washington Economy. Companies like Amazon and Microsoft are now experts in
the cloud, generating thousands of jobs and opportunities for those in the tech
industry. Find out more
[SEATTLETIMES.COM]

Cloud Computing
AMAZON: Amazon Cloud Computing Division Unveils New Cyber Security Service.
AWS Shield will help customers defend against so-called distributed denial-of-
service attacks that can knock websites offline. Find out more
[WSJ.COM]
NETWORKS: Serverless – The Next Step in Cloud Computing’s Evolution.
Expectations are high and steadily growing for how this new architecture can
revolutionize the way organizations approach development and innovation. Read
the rest
[NETWORKWORLD.COM]

Personal Tech
ONLINE QUIZ: How Many Times Has Your Personal Information Been Exposed to
Hackers? At least one billion Yahoo users had their information stolen in 2013, the
company said last week, months after it disclosed a different attack in 2014 that
affected 500 million users. Several other major companies have been attacked
since. Answer a few questions to learn which parts of your identity may have been
stolen in some of the major hacking attacks in the last three years and what you
can do about it. Find out more
[NYTIMES.COM]

Personal Tech
TRAVEL: 6 Ways To Keep Phone Charges Low During International Travel. t's a sure-
fire way to dampen the holiday cheers: Spend a week on a dream vacation abroad,
then come back to find an additional several hundred dollars on your cellphone bill.
Although some U.S. phone plans cover international travel, especially to Canada and
Mexico, many don't. Leaving your phone off isn't practical these days. But you don't
have to pay a fortune if you follow these tips. Find out more
[TOPTECHNEWS.COM]
PRIVACY: Worried About the Privacy of Your Messages? Download Signal. you
would be foolish not to download the messaging app Signal onto your smartphone
and computer. The free encrypted messaging service has won the acclaim of
security researchers and privacy advocates, including Edward J. Snowden. All have
said that Signal goes above and beyond other chat tools in keeping electronic
communications private. Find out more
[NYTIMES.COM]

Personal Tech
2017: The 7 Unmissable Tech Predictions That Will Define 2017. Big Data. Internet
of Things. Virtual Reality. Industry 4.0. These were all prime fields of growth and
innovation in 2016. These trends are predicted to continue into next year and
probably far beyond. Find out more
[FORBES.COM]

IT Security | Cybersecurity
PLANNING: Obama Has a Plan to Fix Cybersecurity, But Its Success Depends on
Trump. The White House’s Commission on Enhancing National Cybersecurity
released the results of a nine-month study of America’s cybersecurity problems. Its
recommendations, in a hundred-page report, cover a lot of ground. It proposes
fixing the shambolic security of internet-of-things consumer devices like routers and
webcams, re-organizing responsibility for the cybersecurity of federal agencies, and
fostering a new generation of skilled American cybersecurity experts, among other
actionable steps. Read more
[WIRED.COM]

VIDEO: NIST Cybersecurity Framework 2016 Cybersecurity professionals talk about
what the Cybersecurity Framework means to their organizations. The Framework,
which was created through collaboration between industry and government,
consists of standards, guidelines, and practices to promote the protection of critical
infrastructure. The prioritized, flexible, repeatable, and cost-effective approach of
the Framework helps owners and operators of critical infrastructure to manage
cybersecurity-related risk. Find out more
[NIST.GOV]
FUTURE: The Trump Effect on Cybersecurity: Tough to Tell. Donald Trump’s effect
on cybersecurity after he’s sworn in as president next month will likely be toward
military uses of cyber weapons and stronger tools for law enforcement to crack
encryption, but the impact is hard to predict due to the vagueness of his proposals
so far. The most detailed Trump cyber plan is just 175 words long and includes some
initiatives that sound like what’s already in place. Find out more
[NETWORKWORLD.COM]

DATA BRIEFING: Cybersecurity Culture Shift is More Than People, Official Says. The
government is still constantly inundated with cyber attacks and the weakest link is
not the computers, but the humans using them. Rod Turk, the acting deputy chief
information officer for the Commerce Department, recognizes that, but getting
government employees to abide by the cybersecurity rules set out for them is a
tough job. That’s why IT managers need a multi-layered approach to cybersecurity
and cybersecurity training. Read the rest
[FEDERALNEWSRADIO.COM]

From the Blue Mountain Data Systems Blog
Personal Tech
https://www.bluemt.com/personal-tech-daily-tech-update-october-28-2016
IT Management
https://www.bluemt.com/it-management-daily-tech-update-october-27-2016
https://www.bluemt.com/business-intelligence-daily-tech-update-october-26-
2016
Incident Response
https://www.bluemt.com/incident-response-daily-tech-update-october-25-2016

Security Patches
https://www.bluemt.com/security-patches-daily-tech-update-october-24-2016/
BYOD
https://www.bluemt.com/byod-daily-tech-update-october-21-2016/
Databases
https://www.bluemt.com/databases-daily-tech-update-october-20-2016/
Operating Systems
https://www.bluemt.com/operating-systems-daily-tech-update-october-19-
2016/

Encryption
https://www.bluemt.com/encryption-daily-tech-update-october-18-2016/
Cloud Computing
https://www.bluemt.com/cloud-computing-daily-tech-update-october-17-2016/
Programming & Scripting
https://www.bluemt.com/programming-scripting-daily-tech-update-october-14-
2016/
Incident Response
https://www.bluemt.com/incident-response-daily-tech-update-october-13-
2016/

Cybersecurity
https://www.bluemt.com/cybersecurity-daily-tech-update-october-12-2016/
Big Data
https://www.bluemt.com/big-data-daily-tech-update-october-11-2016/
Mobile Applications
https://www.bluemt.com/mobile-applications-daily-tech-update-october-7-
2016/
Cloud Computing
https://www.bluemt.com/cloud-computing-daily-tech-update-october-6-2016/

Open Source
https://www.bluemt.com/open-source-daily-tech-update-october-5-2016/
CTO, CIO and CISO
https://www.bluemt.com/cto-cio-ciso-daily-tech-update-october-4-2016/
Programming & Scripting
https://www.bluemt.com/programming-scripting-daily-tech-update-october-3-
2016/

Feds Report Mixed Responses to Shared Services
https://www.bluemt.com/feds-report-mixed-responses-to-shared-services
Federal Employees Are Not Security Experts
https://www.bluemt.com/federal-employees-are-not-security-experts
Survival Guide for Network Administrators
https://www.bluemt.com/survival-guide-for-network-administrators
DBaaS: OpenStack Trove Changes DB Management
https://www.bluemt.com/dbaas-openstack-trove-changes-db-management

Help Wanted: Certified Cybersecurity Professionals
https://www.bluemt.com/help-wanted-certified-cybersecurity-professionals
Cyber Threat Intelligence Integration Center Preview
https://www.bluemt.com/cyber-threat-intelligence-integration-center-preview/
Cloud Moves in 1-2-3
https://www.bluemt.com/cloud-moves-in-1-2-3/
Change Management for Disaster Recovery
https://www.bluemt.com/change-management-for-disaster-recovery/

Jeffersonian Advice For C-Suite Career Advancement
https://www.bluemt.com/jeffersonian-advice-for-c-suite-career-advancement/
Ways To Survive The “Mobile-Pocalypse”
https://www.bluemt.com/ways-to-survive-the-mobile-pocalypse/
Microsoft Cloud Services Receive FedRAMP Authority to Operate
https://www.bluemt.com/microsoft-cloud-services-receive-fedramp-authority-
to-operate/
Hiring Pentesters? Here Are 10 Things You Need to Know
https://www.bluemt.com/hiring-pentesters-here-are-10-things-you-need-to-
know/

Home Router Malware Alert
https://www.bluemt.com/home-router-malware-alert/
Threat Model Deconstruction
https://www.bluemt.com/threat-model-deconstruction/
Business Email Scam Nets $214 Million
https://www.bluemt.com/business-email-scam-nets-214-million/
How to Prevent Unauthorized Software from Taking Over Your Organization
https://www.bluemt.com/the-cios-guide-to-happy-end-users-2/

Digital Marketing Predictions for 2015
https://www.bluemt.com/digital-marketing-predictions-for-2015/
SDN: Network Administrator’s Friend or Foe?
https://www.bluemt.com/sdn-network-administrators-friend-or-foe/
Mobile Payments: A Must for Federal Agencies
https://www.bluemt.com/mobile-payments-a-must-for-federal-agencies/
Soft Skills Are A Must-Have For Careers In IT
https://www.bluemt.com/soft-skills-are-a-must-have-for-careers-in-it/

Security Risks Most Prevalent in Younger Workers
https://www.bluemt.com/security-risks-most-prevalent-in-younger-workers/
The Security World’s Maturation
https://www.bluemt.com/the-security-worlds-maturation/
Data Breach Concerns Keep CISOs Up At Night
https://www.bluemt.com/data-breach-concerns-keep-cisos-up-at-night/
Personalized Govt Equals Instant Gratification for Citizens
https://www.bluemt.com/personalized-govt-equals-instant-gratification-for-
citizens/

People-Centric Security
https://www.bluemt.com/people-centric-security/
Pentagon Tries BYOD To Strike Work/Life Balance
https://www.bluemt.com/pentagon-tries-byod-to-strike-worklife-balance/
Open Source Model Considered for MS Windows
https://www.bluemt.com/open-source-model-considered-for-ms-windows/
Open Internet: To Be or Not to Be?
https://www.bluemt.com/open-internet-to-be-or-not-to-be/

Malware Stays A Step Ahead Infecting One Third of Websites
https://www.bluemt.com/malware-stays-a-step-ahead-infecting-one-third-of-
websites/
Machine-Generated Data: Potential Goldmine for the CIO
https://www.bluemt.com/machine-generated-data-potential-goldmine-for-the-
cio/
Government Legacy Programs: Reuse vs. Replacement
https://www.bluemt.com/government-legacy-programs-reuse-vs-replacement/
It Takes a Whole Village to Protect Networks and Systems
https://www.bluemt.com/it-takes-a-whole-village-to-protect-networks-and-
systems/

Governance For the CIO
https://www.bluemt.com/governance-for-the-cio/
Help Desk Consolidation – Lessons Learned
https://www.bluemt.com/help-desk-consolidation-lessons-learned/
One Year Later, Companies Still Vulnerable to Heartbleed
https://www.bluemt.com/one-year-later-companies-still-vulnerable-to-
heartbleed/
Federal Projects Cultivate Worker Passion
https://www.bluemt.com/federal-projects-cultivate-worker-passion-2/

ABOUT US
Blue Mountain Data Systems Inc.
Blue Mountain Data Systems Inc. is dedicated to application
and systems development, electronic document management,
IT security support, and the automation of workflow processes.
Read more about our experience here:
>> http://bluemt.com/experience

Recent Experience
U.S. Dept. of Labor
Employee Benefits Security Administration
1994 to Present
Responsible to the Office of Technology and Information Systems for information
systems architecture, planning, applications development, networking,
administration and IT security, supporting the enforcement of Title I of the
Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue
Mountain is responsible for design, development and support for its various
enforcement database management systems, as well as all case tracking and
customer service inquiry systems. Blue Mountain also provides IT security services
to the EBSA, in the form of FISMA Assessment and Authorization, System Security
Plans, Risk and vulnerability assessments, monitoring and investigation support.

MANAGEMENT
Paul T. Vesely
Founder, President, CEO and Principal Architect
Mr. Vesely is a recognized thought leader in systems
architecture and delivery, having designed and
delivered many enterprise wide information and
document management solutions. Mr. Vesely’s history
includes 33 years experience in the information
systems industry, with Unisys, Grumman, PRC and a
host of clients in both government and private sectors.

CONTACT US
Contact Us Today to Discuss Your Next IT Project
HEADQUARTERS
366 Victory Drive
Herndon, VA 20170
PHONE 703-502-3416
FAX 703-745-9110
EMAIL
paul@bluemt.com
WEB
https://www.bluemt.com

Tech Update Summary from Blue Mountain Data Systems December 2016

Recommandé

Recommandé

Contenu connexe

Dernier

Dernier (20)

En vedette

En vedette (20)

Tech Update Summary from Blue Mountain Data Systems December 2016