Tech Update Summary from Blue Mountain Data Systems March 2018

Blue Mountain Data Systems
Tech Update Summary
March 2018

For CTOs, CIOs & CISOs
Visit Blue Mountain Data Systems
https://www.bluemt.com

For CTOs, CIOs & CISOs
Every business day, we publish a Daily Tech Update for Federal & State CTOs ,CIOs & CISOs on the Blue
Mountain Data Systems Blog. We hope you will visit our blog for the latest information.
You can also receive these updates via email. Click here to subscribe.
Here’s the summary of the Daily Tech Updates for March 2018. Hope the information and ideas prove
useful.
Best,
Paul Vesely
President and Principal Architect
Blue Mountain Data Systems Inc.

Network Security
VIRTUALIZATION: What is Microsegmentation? How Getting Granular Improves
Network Security. Microsegmentation is a way to create secure zones in data
centers and cloud deployments that allow you to isolate workloads and protect
them individually. Read more
[NETWORKWORLD.COM]
CLOUD: Defense Department’s Secret Weapon for Network Security. Lessons
civilians—or other organizations—can learn from how the military approaches
cybersecurity. Read more
[NEXTGOV.COM]

Network Security
OPINION: Blurred Lines Between Networking and Security. Not so long ago,
networking and security were largely separate entities. Traditionally, networks
were constructed on standard building blocks such as switches and routers and
security solutions such as perimeter firewalls or intrusion prevention systems
applied afterwards. Each had its own set of tools, strategic approaches and
dedicated operational teams. IT security departments typically focused on the
delivery of time-honored threat detection methods and perimeter-based security
defense mechanisms, as well as incident response and remediation. Networking
teams spent time on issues around latency, reliability and bandwidth. However, the
move to hybrid networks means traditional approaches cannot cope with the
scale, automation requirements or the rate of change. So what are the reasons for
this evolution? Read more.
[INFOSECURITY-MAGAZINE.COM]

Network Security
FEDERAL GOVERNMENT: Proposal for Federal Wireless Network Shows Fear of
China. Today’s mobile networks are known as “4G” networks because they are the
fourth generation of wireless technologies. Carriers are already planning “5G”
networks. But a presentation and memo by the National Security Council disclosed
by Axios proposes that the government build a nationalized 5G network out of
fears of falling behind China both economically and militarily. Read more.
[WIRED.COM]

Encyption
APPLE: iOS Might Have a Backdoor That Can Be Used to Hack into any iPhone,
even the iPhone X. Apple has been advertising its focus on user data security and
privacy for years now. Encryption ensures data security as long as you protect your
devices with a password, pin, fingerprint, or face. Nobody should be able to access
the contents of your iPhone without access to your password, and that’s why the
FBI tried to force Apple in early 2016 to create a backdoor into an iPhone belonging
to the San Bernardino shooters. Ultimately, the FBI backed down because it
discovered it could use a third-party’s services to access the password-protected
iPhone. In other words, someone found a backdoor into Apple’s 2016 software and
was able to use it to access the contents of encrypted iPhones. Fast forward to
2018, and it looks like a similar backdoor still exists and can unlock encrypted any
device, including the iPhone X. Read more
[BGR.COM]

Encyption
STATE & LOCAL GOVERNMENT: As Google’s Deadline for Web Encryption Looms,
Many State and Local Websites Don’t Meet the Standard. The most popular Web
browser wants every page on the Internet encrypted. Government is still behind.
Read more
[GOVTECH.COM]
TECH GUIDE: How to Encrypt Your Text Messages for Private Conversations on
iPhone and Android. If you want to send messages without worrying that other
people might be poking around in the texts you’re sending, you should be using an
encrypted messaging service. Read more.
[CNBC.COM]

Encyption
SMARTER LIVING: The One Thing That Protects a Laptop After It’s Been Stolen.
When your laptop is lost or stolen, you aren’t just out $800 (or more). Your
personal information is also accessible to whoever takes it, even if you have a
password. Good news. You can protect your data against this type of attack with
encryption. Read more.
[NYTIMES.COM]

Databases
HOW TO: Connect RazorSQL Database Client to Your MySQL Server. Here’s how to
connect the RazorSQL database client to a remote MySQL server, so you can gain
even more power and efficiency with your database admin tasks. Read more
[TECHREPUBLIC.COM]
TUTORIAL: Optimizing Data Queries for Time Series Applications. You understand
what time series data is and why you want to store it in a time series database. Yet
you now have a new challenge. As with any application, you want to ensure your
database queries are smart and performant, so here’s how you can avoid some
common pitfalls. Read more
[THENEWSTACK.IO]

Databases
MICROSOFT: Boosts Azure SQL Database Migration Features. Microsoft recently
launched previews of new Azure SQL Database improvements that are aimed at
helping organizations move their workloads into the Azure cloud from on-premises
database management systems. Read more.
[RCPMAG.COM]
GRAPH DATABASES: Does Graph Database Success Hang on Query Language? If
the history of relational databases is any indication, what is going on in graph
databases right now may be history in the making. Read more.
[ZDNET.COM]

More About Blue Mountain
BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S.
Dept. of Labor, Employee Benefits Security Administration. Responsible to the
Office of Technology and Information Systems for information systems
architecture, planning, applications development, networking, administration and
IT security, supporting the enforcement of Title I of the Employee Retirement
Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for
design, development and support for its various enforcement database
management systems, as well as all case tracking and customer service inquiry
systems. Blue Mountain also provides IT security services to the EBSA, in the form
of FISMA Assessment and Authorization, System Security Plans, Risk and
vulnerability assessments, monitoring and investigation support. Read more.

Federal Tech
FEDERAL GOVERNMENT: APIs, Shared Services Can Reshape,
Modernize Government Technology. The size and scope of the
federal government’s information technology landscape only
continues to grow and in a way that makes it incredibly difficult to
change. In the Federal Chief Information Officers Council’s latest
study, the current state of government IT is described as monolithic.
And, it is not meant as a compliment. Read more
[FEDERALNEWSRADIO.COM]

Federal Tech
OPINION: Government Efforts to Weaken Privacy are Bad for Business and
National Security. The federal government’s efforts to require technology and
social media companies to relax product security and consumer privacy standards
– if successful – will ultimately make everyone less safe and secure. Read the rest
PUBLIC SAFETY: Rapid DNA Technology Gives Law Enforcement Access to Your
DNA in 90 Minutes. Before recently-passed legislation, law enforcement agencies
had to send DNA samples to government labs and wait for it to get tested, which
could take days or even weeks. Find out more
[GOVTECH.COM]

Federal Tech
MODERNIZATION: Making Modernization Happen. Now more than ever before,
comprehensive IT modernization for federal agencies is a real possibility. The
question that remains is whether President Donald Trump’s words and actions
during his first months in office will be sustained by the administration and
Congress in the months and years ahead. Read more
[FCW.COM]

State Tech
SURVEY: Cybersecurity Concerns May Keep One in Four Americans
from Voting. Cybersecurity concerns may prevent one in four
Americans from heading to the polls in November, according to a
new survey by cybersecurity firm Carbon Black. The company
recently conducted a nationwide survey of 5,000 eligible US voters to
determine whether reports of cyberattacks targeting election-related
systems are impacting their trust in the US electoral process. The
results revealed that nearly half of voters believe the upcoming
elections will be influenced by cyberattacks. Consequently, more
than a quarter said they will consider not voting in future elections.
Read more
[HSTODAY.US.COM]

State Tech
ALASKA: Unique Challenges in IT Consolidation. The Last Frontier is
centralizing IT operations under Alaska’s newly created Office of
Information Technology. But consolidating IT in a sprawling state like
Alaska offers challenges not found in other environments, says the
state’s new CIO Bill Vajda. Read the rest
[GCN.COM]
ALABAMA: Acting CIO Jim Purcell Is a Man on a Mission for Smarter
State IT. Jim Purcell wasn’t expecting a call from Alabama’s new
governor, Kay Ivey, and he certainly wasn’t expecting her to ask him
to head up the Office of Information Technology (OIT) – but that’s
exactly what happened last week. Find out more
[GOVTECH.COM]

State Tech
ILLINOIS: Inside a State Digital Transformation. Hardik Bhatt, CIO of the State of
Illinois, sought to become the nation’s first Smart State – a process that required
reorganizing its 38 IT departments into one, improving government services, and
finding new sources of innovation to apply to its revenue model. Within 18
months, Illinois rose in national rankings from the bottom fourth of state
governments to the top third. Read more
[ENTERPRISERSPROJECT.COM]

Electronic Document Management

CFPB: Looks to Embrace Cloud for Email, Office Application Needs. The Consumer
Financial Protection Bureau wants to move to a public cloud setup for some of its
core enterprise apps. The financial watchdog agency recently sent out a Request
for Information (RFI) on the process, technical requirements and costs of moving to
cloud services in fiscal year 2017. CFPB wants to establish a more complete
understanding on the costs associated with moving fully to a cloud solution for
email and office applications (e.g., documents, spreadsheets, presentations,
SharePoint and more).Read the rest
[FEDTECHMAGAZINE.COM]

ROI: 4 Ways Business Document Management Software Can Save You Money. Lisa
Croft, Group Product Marketing Manager at Adobe Document Cloud, talks about
the many ways business document management can save your company time,
space, and more importantly, loads of money. Here are the four most obvious ways
these tools provide excellent return-on-investment. Read more
[PCMAG.COM]

Section 508 Compliance & WCAG 2.0
LEGAL: No Relief in Sight from Website Accessibility Lawsuits. There’s been a
surge in website accessibility lawsuits brought under the Americans with
Disabilities Act (“ADA”). This litigation trend has accelerated over the past year and
shows no signs of slowing down. Read more
[LEXOLOGY.COM]
META TAGS: How Not to Use Them When Coding for Compliance. Here are three
ways to make sure the meta tags you use are compliant. Read more
[ACCESSIBLEWEBSITESERVICES.COM]

INDUSTRY INSIGHT: How Does the Refreshed Section 508 Rule Affect Your
Agency? Here’s what’s changed in the refresh and how the refresh affects agency
systems. If agencies complied with the original Section 508 rule, then they are
ahead of the game concerning the refreshed rule. Simply put – agencies that were
compliant are still compliant because there is a “safe harbor” clause embedded in
the new rule that exempts existing or “legacy” IT from having to meet the
refreshed rule. Keep in mind, though, that new or updated web pages created
after the new rule went into effect should have complied with the new rule by
January of 2018. Read more.
[GCN.COM]

WEBSITE COMPLIANCE TIPS: 17 Website Adjustments You Can Make Today for
Better Accessibility. Owners of brick and mortar stores, restaurants and office
buildings are required by law to accommodate the needs of customers with
disabilities via wheelchair ramps, braille product signage, accessible restrooms,
and more. As a public-facing website owner, you are required to have a website
that is accessible as well. Read more.
[ACCESSIBLEWEBSITESERVICES.COM]

Security Patches
GOOGLE: Android Security Report 2017: We Read It So You Don’t Have To. Google
wants you to know that it’s really progressing well on Android security. Here’s a
look at the key lessons learned, but save the rather futile debate over Android vs.
Apple iOS on security. Read more
[ZDNET.COM]
MICROSOFT: Patches 15 Critical Bugs in March Patch Tuesday Update. Microsoft
patched 15 critical vulnerabilities this month as part of its March Patch Tuesday
roundup of fixes. In all, the company issued 75 fixes, with 61 rated important.
Products receiving the most urgent patches included Microsoft browsers and
browser-related technologies such as the company’s JavaScript engine Chakra.
Read more
[THREATPOST.COM]

Security Patches
FYI: Flash, Windows Users: It’s Time to Patch. Adobe and Microsoft each pushed
critical security updates to their products today. Adobe’s got a new version of
Flash Player available, and Microsoft released 14 updates covering more than 75
vulnerabilities, two of which were publicly disclosed prior to the latest patch
release. Read more.
[KREBSONSECURITY.COM]
WINDOWS SERVER 2008 R2: Microsoft’s Windows Server 2008 R2 Patches Took
Some Servers Offline. Released on Patch Tuesday, the patches are causing
problems for virtual network cards, with many administrators reporting resets and
disconnects. Read more.
[TECHREPUBLIC.COM]

For the CIO, CTO & CISO
CIO: An Open Letter to the New Federal CIO. The White House finally named a new
federal chief information officer on Jan. 19 after a year of waiting. Suzette Kent
comes to the government with little or no background in the public sector and no
clear information technology background, according to her LinkedIn profile. Federal
News Radio asked those who came before Kent at the Office of Management and
Budget for some insights, advice and words of wisdom as she takes on this new
role. Read more
[NEXTGOV.COM]

CIO, CTO & CISO
CTO: Meet the 7 Leaders Who Will Be Steering Modernization Dollars. The
Office of Management and Budget announced seven members for its new
Technology Modernization Fund board, drawing IT expertise from across the
federal government to oversee the distribution of $500 million in IT
modernization funds over the next two years as part of the Modernizing
Government Technology Act. The board will be chaired by new Federal CIO
Suzette Kent. The other members named by OMB Director Mick Mulvaney on
March 1 are Alan Thomas, commissioner of the Federal Acquisition Service and
the General Services Administration; Mark Kneidinger, director of federal
network resilience at the Department of Homeland Security; Matt Cutts, acting
administrator for the U.S. Digital Service; Social Security Administration CIO
Rajive Mathur; Small Business Administration CIO Maria Roat; and Charles
Worthington, CTO for the Department of Veterans Affairs. Read more
[FCW.COM]

CIO, CTO & CISO
CISO: How the First-Ever Federal CISO Helped Secure Government’s IT. Driving
change in government is notoriously hard – but not impossible. Discover how
Greg Touhill successfully drove change and transformation in a bureaucracy.
Read more.
[GOVERNMENTCIOMEDIA.COM]
CIO: Striking the Balance Between Legacy and Modern. Chief information
officers must walk the tightrope between their agency’s older systems and
newer ones. If balance isn’t achieved, it can mean trouble. Read more.
[GOVTECH.COM]

Penetration Testing
VULNERABILITIES: The State of Application Penetration Testing. Data from real-
world pen tests shows configuration errors and cross-site scripting are the most
commonly found vulnerabilities. Read more
[DARKREADING.COM]
LEGAL: The Good, the Bad and the Agreement. Although conducting pen testing
is prudent and becoming common, it is also fraught with potential pitfalls. When
embarking on such a project, a company should fully understand its scope and
include certain contractual protections with the pen tester. Read more
[LAW.COM]

Penetration Testing
FEDERAL GOVERNMENT: What the Trump Administration Can Do to Boost
Software and IoT Security. Last May, President Trump ordered his administration
to come up with a plan for securing the U.S. government and the nation’s
infrastructure from cyberattacks that threaten the country’s economy and
national security. The Department of Homeland Security and Department of
Commerce have put together a draft report, outlining the administration’s goals
and key recommendations. The report is now available for public comment, with
the government seeking feedback from the security industry, along with other
stakeholders in industry, academia, and the public sector, as it prepares to deliver
a final report the President in May 2018. Among the highlights of this report is the
importance of reducing vulnerabilities in software and Internet of Things (IoT)
devices. Read more.
[SCMAGAZINE.COM]

Penetration Testing
CLOUD: Critical Vulnerability Reports Grew 64% in 2017. The launch and growth
of new operating systems is mirrored by an increase in reported vulnerabilities.
Read more.
[DARKREADING.COM]

Open Source
QUESTION: Should Microsoft Open Source Windows Mobile? It’s highly unlikely
(basically impossible) that it would ever happen, but do you think it would help
the platform live on? Read more
[WINDOWSCENTRAL.COM]
CLOUD: Open-Source Cloud Royalty: OpenStack Queens Released. The latest
version of the open-source OpenStack cloud boasts better container and new
GPU support. Read more
[ZDNET.COM]

Open Source
FUTURE: Weighing Open Source’s Worth for the Future of Big Data. Nearly all of
the groundbreaking products in big data have been open source, and most of them
originated at tech giants. Hadoop owes its origins to the Google File System and
MapReduce paper, and gestated at Yahoo, while Cassandra and Hive were both
created at Facebook. Airflow came from Airbnb, while Storm elevated its game at
Twitter. Read more.
[DATANAMI.COM]
DOD: Defense Department (Re)Launches Open Source Software Portal. The
Defense Department has re-launched the Code.mil website, a new, streamlined
portal for its similarly named Code.mil initiative, a collaborative approach to
meeting the government’s open source policy. Read more.
[NEXTGOV.COM]

Business Intelligence
FEDERAL GOVERNMENT: 12 Ways to Empower Government Users With the
Microsoft Business Intelligence (MBI) Stack. Are your organization’s Federal IT
resources under constant pressure, with no end in sight? Your agency is not alone.
Read more
[BLUEMT.COM]
QUESTION: Will Business Intelligence Negate the Need for Data Scientists?. A
controversial study notes how Business Intelligence tools advance, giving rise to
self-service analytics, is there still a need for data scientists? This is the context of
improved algorithms that yield quicker and simpler results.
Read more
[DIGITALJOURNAL.COM]

SUPPLY CHAIN MANAGEMENT: Five Steps to Implementing a Successful Business
Intelligence Strategy. Data contains lucrative insights that can unlock a world of
opportunities and assist long-term business growth. Read more.
[SCMR.COM]
APPLE: Updates All of its Operating Systems to Fix App-Crashing Bug. Apple has a
fix out for a bug that caused crashes on each of its platforms. The company pushed
new versions of iOS, macOS and watchOS to fix the issue, which was caused when
someone pasted in or received a single Indian-language character in select
communications apps — most notably in iMessages, Safari and the app store. Read
more.
[ENGADGET.COM]

Operating Systems
GOOGLE: What Is Fuchsia, Google’s New Operating System? Fuchsia a totally new
operating system, currently in the very early stages of development at Google. How
does it differ from Android and Chrome, and might it replace either one? Let’s break
it down. Read more
[HOWTOGEEK.COM]
LINUX: The Shift to Linux Operating Systems for IoT. As IoT devices become more
full-featured, the Operating System that drives them is shifting from Real Time
Operating Systems (RTOS) to Linux. Read more
[IOTFORALL.COM]

Operating Systems
MICROSOFT: Changing Its Windows 10 S Operating System into ‘S Mode’. Less
than a year after introducing Microsoft Windows 10 S, a lightweight version of
Microsoft’s operating system marketed to students and businesses, the company is
now folding the separate systems’s main features into every version of Windows.
Read more.
[WASHINGTONPOST.COM]
APPLE: Updates All of its Operating Systems to Fix App-Crashing Bug. Apple has a
fix out for a bug that caused crashes on each of its platforms. The company pushed
new versions of iOS, macOS and watchOS to fix the issue, which was caused when
someone pasted in or received a single Indian-language character in select
communications apps — most notably in iMessages, Safari and the app store. Read
more.
[ENGADGET.COM]

BYOD
SECURITY: Why BYOD Authentication Struggles to be Secure. A recent Bitglass
study pointed out some interesting statistics: Over a quarter (28%) of organizations
rely solely on user-generated passwords to secure BYOD, potentially exposing
countless endpoints to credential guessing, cracking and theft. 61% of respondents
also had reservations about Apple’s Face ID technology. Given that the general
concept in security has always been to eliminate passwords and use MFA, the
results are surprising, so why the disconnect? Read more

BYOD
DOD: ‘Wrong Trajectory’ in Mobile Strategy Stifles Marines’ BYOD Ambitions. The
Marine Corps has been talking about implementing a bring-your-own-device
strategy for more than three years as one way to cut costs and speed up its
adoption of commercial smartphone technology. But the service’s chief information
officer says the goal is still a long way off, and the Marines are still struggling to
bring aboard the most modern mobile devices, even when they’re owned by the
government. Read more.
TEXTBOOKS OPTIONAL: What Unbundling and BYOD Mean for Learning
Technology. Today, schools across the country look to educators to customize
learning for their unique classrooms. Here is how educators are accomplishing this
through unbundling and BYOD. Find out more
[ESCHOOLNEWS.COM]

BYOD
FEDERAL GOVERNMENT BYOD: The Mobile Security Conundrum. There are
currently more than 7.7 billion mobile connections around the world. Thanks to the
Internet of Things, it is predicted that the number of connected devices will reach
an astounding 20.8 billion by 2020. With the average number of mobile devices
owned per person currently estimated at 3.64, those devices are becoming
necessary equipment for today’s workers. Yet while the private sector has been
quick to establish Bring-your-own-device policies, the public sector has lagged
behind because of security and privacy concerns. Despite several initiatives —
including a White House-issued BYOD toolkit and two National Institute of
Standards and Technology documents (800-124 and 800-164) giving guidance on
securing devices that connect with government networks — many federal agencies
are still reluctant to establish BYOD policies. Read more
[GCN.COM]

Incident Response
DATA SECURITY: Building an Incident Response Program: Creating the Framework.
An incident response (IR) plan does not need to be overly complicated or require
reams and reams of policy, standard, and other documentation. However, having a
solid and tested framework for the program is key in the ability of an organization to
respond to and survive a security incident. Read more
[SECURITYBOULEVARD.COM]
SECURITY EXECUTIVES: The Dos and Don’ts of a Successful Incident Response
Program. Many organizations have adopted a herd mentality by assigning the
security incident responsibility to the Chief Information Officer (CIO) or senior
security official (CISO). Unfortunately, this myopic approach is a prescription for the
organization to make serious errors and delay responding based on two key
observations. Read more
[SECURITYINFOWATCH.COM]

Incident Response
STUDY: New Incident Response Study Reveals More Than Half of Attackers Use
Social Engineering to Target Organizations. More than half of external attackers use
social engineering as their point of entry into target organizations, a new study on
incident response revealed. According to F-Secure’s “Incident Response Report,” 52
percent of external attackers used social engineering to infiltrate target companies.
The remaining 48 percent exploited technical weaknesses. Read more.
[SECURITYINTELLIGENCE.COM]

Incident Response
FEDERAL GOVERNMENT: Agencies Should Prioritize Data-Level Protections to
Secure Citizen Information. Americans share numerous pieces of data about
themselves every day with companies and government agencies, including
personally identifiable information like Social Security numbers and health care
information. With all this personal information being shared, protecting an
organization’s network and infrastructure is no longer sufficient to protect this data.
Government now needs to secure each piece of data at a document level to fully
protect against cyber risks. Read more.
[NEXTGOV.COM]

Cybersecurity
STATES: Arizona Governor Launches Cybersecurity Task Force. The Arizona
Cybersecurity Team, created by an executive order on March 1, is expected to foster
a collaborative approach to cybersecurity and education throughout the state. Read
more
[GOVTECH.COM]
LEARN: Six Common Misconceptions About Cybersecurity. Interest in cybersecurity
is escalating across the legal profession, reflecting the complex and potentially
catastrophic threats that clients, particularly financial services firms, now face.
Because these risks are deep and potentially disastrous, lawyers are increasingly
tasked with counseling clients about how to contain them. Read more
[LAW.COM]

Cybersecurity
BUSINESS: The Roles CFOs And CMOs Need To Play In Cybersecurity Protection.
There are a lot of players in the C-Suite these days, and chances are good they all
have their own strategic priorities. The CFO wants to save money and deliver quality
returns to investors. The CMO wants to churn data to find better and smarter ways
to reach customers. The CIO wants to find ways to utilize new technology while
keeping the company—and its customers—safe. And while all of those priorities are
important, the silos and the “divide and conquer” mentality are no longer relevant
in today’s digital landscape. Yet there is one thing that should be the top priority for
every executive—cyber security. Read more.
[FORBES.COM]

Cybersecurity
CLOUD: How & Why the Cybersecurity Landscape Is Changing. A comprehensive
new report from Cisco should “scare the pants off” enterprise security leaders.
Read more.
[DARKREADING.COM]
READ: 5 Ways the 2018 Omnibus Promotes IT Modernization, Cybersecurity. Rep.
Will Hurd (R-Texas) said about 10 days before the end of the latest continuing
resolution that he was optimistic that congressional appropriators would find some
money for the Technology Modernization Fund. Read more

Cybersecurity
TRENDS: 18 Cyber Security Trends We Are Watching in 2018. If any trend is
obvious, it’s that 2018 will continue to be interesting for the cybersec industry. How
interesting? Here is are the 18 trends that will be making the headlines and should
be on your radar for 2018. Read more.
[SECURITYBOULEVARD.COM]
FEDERAL GOVERNMENT: 10 Tips for Agencies Looking to Address Cyber Threats.
Given new threat vectors, federal agencies must increase their cyber defense
strategies. Here are 10 tips designed to help federal IT teams better prioritize cyber
threats, shift their approach to spending and improve cyber defense. Read more
[FCW.COM]

Cybersecurity
MOBILE: What Federal Mobile Security is Missing. Leading U.S. intelligence
agencies recently issued a warning to Americans to not buy Chinese-made
smartphones. Companies like Huawei and ZTE are known to have close ties to the
Chinese government, and U.S. agencies appear to have reason to suspect these
companies of cyber espionage. Read more.
[NEXTGOV.COM]
CLOUD: How & Why the Cybersecurity Landscape Is Changing. A comprehensive
new report from Cisco should “scare the pants off” enterprise security leaders.
Read more.
[DARKREADING.COM]

IT Management
READ: All Management Is Change Management. Change management is having its
moment. There’s no shortage of articles, books, and talks on the subject. But many
of these indicate that change management is some occult subspecialty of
management, something that’s distinct from “managing” itself. This is curious
given that, when you think about it, all management is the management of
change. Read more
[HBR.ORG]
NARA: Improvements Seen in Federal Records Management, but ‘There is Work
to be Done’. Compliance, collaboration and accountability are the themes of the
National Archives’ recommendations to agencies for improving how they handle
paper – and electronic – trails. That’s according to NARA’s 2016 Federal Agency
Records Management Annual Report. Read more.

IT Management
FINANCIAL: Washington State’s Strategy for Tracking IT Spending. The state of
Washington’s first efforts to bring technology business management to its IT
spending practices began in 2010 when the legislature mandated annual reports
and specific evaluation requirements for investments. As interest grew in
monitoring the cost of IT along with the business services IT provides, officials in
the Washington’s Office of the CIO worked to refine the strategy through the
creation of a state TBM program. Find out more
[GCN.COM]

IT Management
HR: A Blueprint for Improving Government’s HR Function. Government, at its
core, is its employees and their commitment to serve the country. That fact is
too often overlooked. While technology enables employees to make better,
faster decisions, until artificial intelligence replaces the acquired knowledge of
employees, agency performance will continue to depend on the skill and
dedication of government workers. As such, civil service reform is increasingly
important because workforce rules and regulations are out of sync with current
management thinking. To use a basketball analogy, government is still shooting
two handed set shots. Read more
[GOVEXEC.COM]

Application Development
OPINION: Why IT As You Know It Is Dead (and Long Live the Citizen Developer).
CIOs simply can’t afford to ignore the opportunities that citizen development offers.
Today’s IT department has a very different job. A recent survey revealed that IT
leaders’ top two challenges are “innovating for the business” and “project speed.”
Ultimately, the IT department is becoming the “central nervous system” of the
organization, tasked with helping a company measure up to customer demands to
become more productive, more innovative, and more agile. Read more
[ZDNET.COM]
ACQUISITION: Delivering Digital Government Services Using Transaction
Contracting Models. Citizen expectations are clear. Leadership is listening. And now
agencies must work to deliver on the demand: Make government more customer-
focused, more efficient and more effective. Read more
[FEDERALTIMES.COM]

Application Development
JAVA: What’s New in the Spring Boot 2.0 Builder for Java Apps. The first major
Spring Boot upgrade in four years supports Java 9 and Spring Framework 5. Read
more.
[INFOWORLD.COM]
EVALUATE: Five Rapid Application Development Tools to Consider for Mobile.
Rapid mobile application development vendors offer a variety of options, from
low-code and no-code platforms to micro apps, workflow apps and more. Listen
here.
[SEARCHMOBILECOMPUTING.TECHTARGET.COM]

Big Data
AI: An AI-Driven Big Data Catalog Will Impact B2B Sales — And It’s Closer Than
You Think. Savvy leadership teams have made data-driven thinking an imperative.
They have realized that in order to have an expanded worldview of their business
they must tap into the vastness of data that is available to them about their
customers, their competitors and their markets. This is true for companies of all
sizes, and it’s particularly applicable in B2B relationships. Read more
[FORBES.COM]
FIGHTING CYBER CRIME: Israeli lab Uses AI and Big Data to Fight Cyber Crime.
New research center in Beersheva will make use of technology that can provide
unprecedented investigative tools and sources of evidence for police. Read more
[ISRAEL21c.ORG]

Big Data
BIG DATA AND AI: 30 Amazing (And Free) Public Data Sources For 2018. Machine
learning, artificial intelligence, blockchains, predictive analytics – all amazing
technologies which have promised to revolutionize business and society. They are
useless, however, without data. Fortunately for businesses and organizations which
don’t have the resources to methodically collect every piece of useful information,
they will need themselves, a huge (and growing) amount is available freely online.
Read more.
[FORBES.COM]

Big Data
HEALTH: Experts Predict How Big Data (and Family Ties) Will Shape the Future of
Health. It’s no secret that a rising flood of data, from the results of sophisticated
genetic tests to the vital signs recorded by your smartphone, is transforming the
way we approach health and wellness. But one of the pioneers of that trend says
big data could well shift the focus of the quest for wellness from the hospital to the
home. Read more.
[GEEKWIRE.COM]

Internet of Things (IoT)
BIG DATA: Blockchain And The Internet Of Things: 4 Important Benefits Of
Combining These Two Mega Trends. The Internet of Things (IoT) and blockchain are
two topics which are causing a great deal of hype and excitement, not just in the
technology circle but in the wider business world, too. Many say they are set to
revolutionize all aspects of our lives, while others point out that there is a lot of hot
air around both ideas, and a lot is yet to be proved. However, the idea that putting
them together could result in something even greater than the sum of its (not
insignificant) parts, is something which is starting to gain traction. Read more
[FORBES.COM]

BUSINESS: Why Should You Beware of ‘Internet of Things’? Baltimore Firm
Explains. The “internet of things” — any device other than your computer, laptop,
tablet or phone that’s connected to the internet — is a rapidly expanding
technology. It includes anything from your Fitbit to your thermostat, home security
system, even your refrigerator or your child’s teddy bear. The internet of things is
making our lives more productive and entertaining — and making our privacy more
vulnerable. Read more
[WTOP.COM]
IoT & CRIME: An Internet of Things ‘Crime Harvest’ is Coming Unless Security
Problems are Fixed. Internet of Things product manufacturers must get their act
together and secure their devices or they risk creating new ways for wrongdoers to
commit crimes, a senior police officer has warned. Read more.
[ZDNET.COM]

DATA MANAGEMENT: The Internet of Things: Still Lots for You to Learn. IT groups
will need to provide architecture, data-mining tools and connectivity, while giving
business groups the freedom to innovate on their own with the Internet of Things.
Read more.
[INFORMATIONWEEK.COM]

Personal Tech
FACEBOOK: Want to #DeleteFacebook? You Can Try. You can quit Facebook if you
simply find no joy in it. But if you’re looking to leave for philosophical reasons
concerning privacy, it’s a futile effort. You may be better off tweaking your privacy
settings on the site. Here are some answers to questions that many people are
posing to The New York Times via social media. Read more
[NYTIMES.COM]
HOW-TO: 6 Mac Tips That Will Make You More Productive. Apple designs its
products so users can be productive from the moment they power their hardware
up. These six handy Mac hints will let you do even more. Read more
[COMPUTERWORLD.COM]

Personal Tech
LEARN: 10 Ways Tech Will Shape Your Life in 2018, for Better and Worse. Tech’s
not just about shiny new gadgets anymore. Here’s a list of 10 technologies to look
out for in 2018, for better and worse. Read more.
PODCAST: Jordan Jankus – Personal Tech & Smart Phones: How to Utilize Apps for
People with Special Needs. Jordan Jankus is the Coordinator of Person-Centered &
Cognitive Supports at Arc of Westchester, the largest agency in Westchester County
supporting children, teens and adults with intellectual and developmental
disabilities, including individuals on the autism spectrum, and their families. Jordan
joins Bernie Krooks to discuss personal technology and smart phones, how to utilize
apps for people with special needs, and, helping people with cognitive disabilities
find person-centered technology solutions. Listen here.
[LITTMANKROOKS.COM]

Mobile
ENTERPRISE: How Killing Net Neutrality Will Affect Enterprise Mobility. As the FCC
prepares to eliminate net neutrality rules, allowing ISPs to charge more for some
internet traffic based on speed of delivery, companies will have to rethink how
mobile apps are created and how they host content. Read more
[COMPUTERWORLD.COM]
FINANCIAL: Most Cryptocurrency Mobile Apps Are Vulnerable. Mobile
cryptocurrency app report finds that many apps are vulnerable to cybersecurity
threats after testing the Google Play Store’s Top 30 Financial apps. Read more.
[APPDEVELOPERMAGAZINE.COM]

Mobile
DIGITAL WORKSPACE: DOD Creates New Security Requirements for Mobile Apps.
The Defense Department has outlined baseline standards that mission-critical and
business mobile applications need to meet. Find out more
[FEDTECHMAGAZINE.COM]
LOCAL: App Brings SA Government Contract Leads to Local Bidders. A pair of U.S.
military veterans-turned-entrepreneurs in San Antonio are banking on big returns
from a app geared toward connecting small businesses with the government
procurement process — both for municipalities seeking bids from local companies
and for businesses looking to break into the market. Find out more
[BIZJOURNALS.COM]

Programming & Scripting Development
Client & Server-Side

APPS & SOFTWARE: This Single Interface Lets You Work with 75+ Programming
Languages Anywhere on Earth. Working with multiple coding languages and
platforms from a single laptop can get messy—with different languages requiring
access to separate services, cloud storage platforms, and data banks.
Codeanywhere solves this problem by acting as an all-in-one cloud-based editor for
more than 75 different programming language – meaning you can handle multiple
projects using a single, simple program. Read more
[INTERESTINGENGINEERING.COM]

IoT: Java is the Perfect Match for Internet of Things Apps. Java remains the
number one choice among developers and is the leading development platform in
the world, with millions of Java developers worldwide. It’s the go-to language for
IoT apps. Read more.
[JAXENTER.COM]
DEVELOPERS: Node.js vs PHP: Which Programming Language Should I Learn?
Want to learn a new programming language? Time to compare Node.js vs PHP to
help you decide the one to go for. Read more
[TECHWORLD.COM]

MICROSOFT: Makes More AI Programming Interfaces Available to Developers.
Microsoft is making available new vision, face recognition and entity search
interfaces to developers who want to add more AI smarts to their apps and
services. Read more.
[ZDNET.COM]

Cloud Computing
FED TECHNOLOGY: Open Platforms Can Speed up Government Shift to Cloud. The
White House has ordered federal agencies to accelerate the adoption of cloud usage
in 2018, and that has many federal agencies struggling with significant technical and
organizational challenges in this shift. But open source cloud platforms (PaaS) can
help accelerate this process and make it more manageable. Read more
[FEDWEEK.COM]
DOD: Pentagon’s $1 Billion Cloud Deal May Signal New Era in Government Buying.
Congress wants the Defense Department to buy technology faster. Now it’s beginning
to do just that. In early February, a small Virginia-based company—REAN Cloud—that
partners with Amazon Web Services announced a nearly $1 billion deal to provide
cloud computing services for the Defense Department. Read more
[NEXTGOV.COM]

Cloud Computing
OPINION: Look Beyond Efficiency When It Comes to Cloud. Cloud computing
continues to permeate the federal government as agencies embrace its cost and
productivity benefits. Nearly two-thirds of the federal employees responding to a
recent Deloitte survey indicated their agency has moved at least some applications
to the cloud. Identifying the primary motivators of cloud migration, survey
respondents gave similar weight to cost savings, organizational efficiency and better
data sharing. Read more.
[FCW.COM]

Cloud Computing
IDEAS: How Agencies Can Effectively Implement Artificial Intelligence. The IBM
Center for The Business of Government has released a new report to help agencies
understand effective practices in adopting AI and cognitive technologies: Delivering
Artificial Intelligence in Government: Challenges and Opportunities, by Kevin
Desouza, ASU Foundation Professor in the School of Public Affairs at Arizona State
University. Desouza reviews recent progress made in applying artificial intelligence
to public sector service provision, drawing on lessons learned from commercial
experience as well as burgeoning cognitive computing activity by federal, state,
local, and international governments. Read more.
[GOVEXEC.COM]

Cloud Computing
SURVEY: Cloud Computing Delivers Best Results When Cloudiness Is Cleared Away.
If you’re thinking that cloud leaders have it all figured out… think again. Cloud can
be challenging, even for those who do it very well. Which makes it even more
important to exchange ideas, share best practices and learn from failures.
Read more
[FORBES.COM]
DOD: Pentagon Kicks Off a Winner-Take-All Among Tech Companies for
Multibillion-Dollar Cloud-Computing Contract. After months of scrutiny, complaints
and at least one legal action, a group of Pentagon leaders sought to assure the
country’s top technology companies that the competition to build an Internet cloud
network for the Defense Department would be an open and fair competition.
Read more

Cloud Computing
FYI: Cloud Computing is Eating the World: Should We Be Worried? The cloud has
many benefits, but we must be clear-eyed about the downsides as well. Here are a
few things to consider. Read more.
[ZDNET.COM]
FEDERAL GOVERNMENT: Agencies Should Prioritize Data-Level Protections to
Secure Citizen Information. Americans share numerous pieces of data about
themselves every day with companies and government agencies, including
personally identifiable information like Social Security numbers and health care
information. With all this personal information being shared, protecting an
organization’s network and infrastructure is no longer sufficient to protect this data.
Government now needs to secure each piece of data at a document level to fully
protect against cyber risks. Read more.
[NEXTGOV.COM]

Announcement
Blue Mountain Data Systems DOL Contract Extended Another Six Months
The Department of Labor has extended Blue Mountain Data Systems Inc. contract
DOLOPS16C0017 for 6 months for network administration and application
support.
U.S. Dept. of Labor, Employee Benefits Security Administration
1994 to Present Responsible to the Office of Technology and Information Systems
for information systems architecture, planning, applications development,
networking, administration and IT security, supporting the enforcement of Title I
of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue
Mountain is responsible for design, development and support for its various
enforcement database management systems, as well as all case tracking and
customer service inquiry systems. Blue Mountain also provides IT security services
to the EBSA, in the form of FISMA Assessment and Authorization, System Security
Plans, Risk and vulnerability assessments, monitoring and investigation support.

IT Security | Cybersecurity
SECURITY: 5 Things You Need to Know About the Future of Cybersecurity. Terrorism
researchers, AI developers, government scientists, threat-intelligence specialists,
investors and startups gathered at the second annual WIRED conference to discuss
the changing face of online security. These are the people who are keeping you safe
online. Their discussions included Daesh’s media strategy, the rise of new forms of
online attacks, how to protect infrastructure, the threat of pandemics and the
dangers of hiring a nanny based on her Salvation Army uniform. Read more
[WIRED.CO.UK]
IT MANAGEMENT: Top 5 Cybersecurity Mistakes IT Leaders Make, and How to Fix
Them. Cybersecurity teams are largely understaffed and underskilled. Here’s how to
get the most out of your workers and keep your business safe. Read more.
[TECHREPUBLIC.COM]

FEDERAL GOVERNMENT: Rep. Hurd Champions Modernizing Federal Cybersecurity.
The federal government is and will continue to be a target of cyber crimes.
According to the Identity Theft Resource Center, U.S. companies and government
agencies suffered a total of 1,093 data breaches in 2016. Mid-year numbers for 2017
show 791 incidents as of the end of June – a 29 percent increase over the same
period in 2016. With that said, is the government doing enough to prepare for cyber
threats? On this episode of CyberChat, host Sean Kelley, former Environmental
Protection Agency chief information security officer and former Veterans Affairs
Department deputy chief information officer, spoke with Rep. Will Hurd (R-Texas)
about initiatives to modernize the federal cybersecurity space. Read more

STATE GOVERNMENT: To Simplify Cybersecurity Regulations, State Groups Ask
Federal Government for Help. A letter to the Office of Management and Budget
says that today’s regulatory environment “hampers” states in their pursuit of cost
savings and IT optimization. Find out more
STATESCOOP.COM]

From the Blue Mountain Data Systems Blog
Programming & Scripting
https://www.bluemt.com/programming-scripting-daily-tech-update-september-
29-2017/
Cloud Computing
https://www.bluemt.com/cloud-computing-daily-tech-update-september-18-
2017/
https://www.bluemt.com/business-intelligence-daily-tech-update-september-15-
2017/
Mobile Applications
https://www.bluemt.com/mobile-applications-daily-tech-update-september-11-
2017/

Personal Tech
https://www.bluemt.com/personal-tech-daily-tech-update-september-28-2017/
Databases
https://www.bluemt.com/databases-daily-tech-update-september-21-2017/
Penetration Testing
https://www.bluemt.com/penetration-testing-daily-tech-update-september-26-
2017/
Incident Response
https://www.bluemt.com/incident-response-daily-tech-update-september-14-
2017/

Security Patches
https://www.bluemt.com/security-patches-daily-tech-update-september-22-
2017/
Operating Systems
https://www.bluemt.com/operating-systems-daily-tech-update-september-20-
2017/
Encryption
https://www.bluemt.com/encryption-daily-tech-update-september-19-2017/
Cloud Computing
https://www.bluemt.com/cloud-computing-daily-tech-update-september-18-
2017/

Open Source
5-2017/
CTO, CIO and CISO
https://www.bluemt.com/cio-cto-ciso-daily-tech-update-september-6-2017/
Programming & Scripting
5-2017/

Security Risks Most Prevalent in Younger Workers
https://www.bluemt.com/security-risks-most-prevalent-in-younger-workers/
The Security World’s Maturation
https://www.bluemt.com/the-security-worlds-maturation/
Data Breach Concerns Keep CISOs Up At Night
https://www.bluemt.com/data-breach-concerns-keep-cisos-up-at-night/
Personalized Govt Equals Instant Gratification for Citizens
https://www.bluemt.com/personalized-govt-equals-instant-gratification-for-
citizens/

People-Centric Security
https://www.bluemt.com/people-centric-security/
Pentagon Tries BYOD To Strike Work/Life Balance
https://www.bluemt.com/pentagon-tries-byod-to-strike-worklife-balance/
Open Source Model Considered for MS Windows
https://www.bluemt.com/open-source-model-considered-for-ms-windows/
Open Internet: To Be or Not to Be?
https://www.bluemt.com/open-internet-to-be-or-not-to-be/

Malware Stays A Step Ahead Infecting One Third of Websites
https://www.bluemt.com/malware-stays-a-step-ahead-infecting-one-third-of-
websites/
Machine-Generated Data: Potential Goldmine for the CIO
https://www.bluemt.com/machine-generated-data-potential-goldmine-for-the-
cio/
Government Legacy Programs: Reuse vs. Replacement
https://www.bluemt.com/government-legacy-programs-reuse-vs-replacement/
It Takes a Whole Village to Protect Networks and Systems
https://www.bluemt.com/it-takes-a-whole-village-to-protect-networks-and-
systems/

Governance For the CIO
https://www.bluemt.com/governance-for-the-cio/
Help Desk Consolidation – Lessons Learned
https://www.bluemt.com/help-desk-consolidation-lessons-learned/
One Year Later, Companies Still Vulnerable to Heartbleed
https://www.bluemt.com/one-year-later-companies-still-vulnerable-to-
heartbleed/
Federal Projects Cultivate Worker Passion
https://www.bluemt.com/federal-projects-cultivate-worker-passion-2/

ABOUT US
Blue Mountain Data Systems Inc.
Blue Mountain Data Systems Inc. is dedicated to application
and systems development, electronic document management,
IT security support, and the automation of workflow processes.
Read more about our experience here:
>> http://bluemt.com/experience

Recent Experience
U.S. Dept. of Labor
Employee Benefits Security Administration
1994 to Present
Responsible to the Office of Technology and Information Systems for information
systems architecture, planning, applications development, networking,
administration and IT security, supporting the enforcement of Title I of the
Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue
Mountain is responsible for design, development and support for its various
enforcement database management systems, as well as all case tracking and
customer service inquiry systems. Blue Mountain also provides IT security services
to the EBSA, in the form of FISMA Assessment and Authorization, System Security
Plans, Risk and vulnerability assessments, monitoring and investigation support.

MANAGEMENT
Paul T. Vesely
Founder, President, CEO and Principal Architect
Mr. Vesely is a recognized thought leader in systems
architecture and delivery, having designed and
delivered many enterprise wide information and
document management solutions. Mr. Vesely’s history
includes 33 years experience in the information
systems industry, with Unisys, Grumman, PRC and a
host of clients in both government and private sectors.

CONTACT US
Contact Us Today to Discuss Your Next IT Project
HEADQUARTERS
366 Victory Drive
Herndon, VA 20170
PHONE 703-502-3416
FAX 703-745-9110
EMAIL
paul@bluemt.com
WEB
https://www.bluemt.com

Tech Update Summary from Blue Mountain Data Systems March 2018

Recommandé

Recommandé

Contenu connexe

Dernier

Dernier (20)

En vedette

En vedette (20)

Tech Update Summary from Blue Mountain Data Systems March 2018