Tech Update Summary from Blue Mountain Data Systems October 2016

Blue Mountain Data Systems
Tech Update Summary
October 2016

For CTOs, CIOs & CISOs
Visit Blue Mountain Data Systems
https://www.bluemt.com

For CTOs, CIOs & CISOs
Every business day, we publish a Daily Tech Update for Federal & State CTOs ,CIOs & CISOs on the Blue
Mountain Data Systems Blog. We hope you will visit our blog for the latest information.
You can also receive these updates via email. Click here to subscribe.
Here’s the summary of the Daily Tech Updates for October 2016. Hope the information and ideas prove
useful.
Best,
Paul Vesely
President and Principal Architect
Blue Mountain Data Systems Inc.

Encyption
OPEN SOURCE: GPG Sync Simplifies Encryption Key Management. Open source
project GPG Sync makes it easier for organizations already using GPG to encrypt
email messages to manage different user keys. Read more
[INFOWORLD.COM]
SECURITY: How Federal Agencies Can Improve Cybersecurity with Better Data
Encryption. Recent data breaches within the government show the importance of
protecting data itself and not just erecting perimeter security. Find out more
[FEDTECHMAGAZINE.COM]

Encyption
STATE GOVERNMENT: Maryland Government Adopts Email Encryption Tool with
NSA Roots. The Maryland state government has adopted an email encryption
system first developed by the NSA so that employees can share sensitive
information with one another. Virtru, a company founded by a former National
Security Agency employee to market the technology, announced Thursday that
after a pilot program in the prisons department some 15,000 employees are now
using the system. Find out more
[BALTIMORESUN.COM]
INTERVIEW: Ron Wyden Discusses Encryption, Data Privacy and Security. Ron
Wyden, a Democratic senator from Oregon, has been a leading voice on the side of
encryption and against giving the Justice Department more power to get consumer
data from tech companies. Mr. Wyden, a member of the Senate Select Committee
on Intelligence, recently talked to The New York Times about the privacy-versus-
security debate. Read the rest
[NYTIMES.COM]

Federal, State & Local IT
FEDERAL: 3 Ways Governments Are Working to Make Broadband Universally
Accessible. Broadband is commonly described as a critical piece of modern
infrastructure. Here’s how a city, a state and a school district are working to make
sure everyone has access. Read more
[GOVTECH.COM]
STATE: Texas Makes Major Progress on IT Consolidation. Like many states, Texas is
battling against an aging IT infrastructure in an age where agility, reduced
complexity and transparency are king. That’s why as part of its consolidation
efforts, the state has also implemented a hardware refresh policy. The Lone Star
State is already three-quarters of the way through its IT consolidation efforts,
which other states can derive lessons from. Find out more
[STATETECHMAGAZINE.COM]

LOCAL: A Blueprint for Crisis Communications in Local Government. Does your
team have contingency plans for how the chain of command and the flow of
information will work, including if certain members are unavailable? Advance
visioning is crucial to making sure you’re prepared to help when the unthinkable
takes place. Read more
[GOVTECH.COM]

COLLABORATION: Technology Gives Police and Public Safety Agencies the Upper
Hand. Cities put common IT infrastructure to work in the ongoing effort to prevent
and reduce criminal activity. When a suspicious person or activity happens at
Newburgh, N.Y.’s City Hall, police are notified directly. City employees can push a
button to silently page the nearby police department in an emergency, one of
many new features available since the city upgraded its communications
infrastructure, adding new IP phones, paging and emergency notification software
on top of a new Cisco Systems phone system. Find out more
[STATETECHMAGAZINE.COM]

Databases
BREACHES: Database Breaches: An Alarming Lack Of Preparedness. It’s no secret
that databases are fertile ground for malicious activities. Here’s how a seven-step
process for monitoring known harbingers of an imminent attack can help reduce
the risk. Read more
[DARKREADING.COM]
NoSQL: Couchbase and the Future of NoSQL Databases. In this interview, Arun
Gupta, VP of Developer Advocacy at Couchbase, shares his views on how open
source has made an impact on the database industry. Find out more
[OPENSOURCE.COM]

Databases
MICROSOFT: Migrating SQL Server to Microsoft Azure SQL Database as a Service.
Microsoft Azure SQL Database compatibility problems disappeared in V12, clearing
the path for a SQL database migration to the cloud. Here’s how to make the move.
Find out more
[SEARCHSQLSERVER.TECHTARGET.COM]
ORACLE: Monster Oracle Update Patches Database, Java. Oracle’s Critical Patch
Updates keep getting bigger. The database giant addressed a number of remotely
exploitable flaws in Java, MySQL, and Oracle Database this quarter. Read the rest
[INFOWORLD.COM]

More About Blue Mountain
BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S.
Dept. of Labor, Employee Benefits Security Administration. Responsible to the
Office of Technology and Information Systems for information systems
architecture, planning, applications development, networking, administration and
IT security, supporting the enforcement of Title I of the Employee Retirement
Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for
design, development and support for its various enforcement database
management systems, as well as all case tracking and customer service inquiry
systems. Blue Mountain also provides IT security services to the EBSA, in the form
of FISMA Assessment and Authorization, System Security Plans, Risk and
vulnerability assessments, monitoring and investigation support. Read more.

Electronic Document Management

SECURE DOCUMENTS: 18 Ways to Secure Your Electronic Documents. Electronic
Document Management Systems (EDMS) are electronic repositories designed to
provide organized, readily retrievable, collections of information for the life cycle of
the documents. How can you keep these electronic files secure during the entire
chain of custody? Here are 18 security suggestions. Read more
[BLUEMT.COM]
LEGAL DEPT DOCUMENT MANAGEMENT: Investing in New Technologies: How
Corporate Legal Departments Are Leading the Way. Many departments are looking
to technology to assist with automation of processes, resource and budgetary
management, and tracking. Connie Brenton, co-founder of Corporate Legal
Operations Consortium (CLOC), a non-profit association of legal operations
executives, explains, “Corporate executives expect the GC’s office to be a business
counselor to the firm, and to discuss numbers, data and analytics. Efficiency is now
essential for legal departments, and this has advanced software’s role and
accelerated technology adoption.” Find out more
[INSIDECOUNSEL.COM]

CFPB: Looks to Embrace Cloud for Email, Office Application Needs. The Consumer
Financial Protection Bureau wants to move to a public cloud setup for some of its
core enterprise apps. The financial watchdog agency recently sent out a Request
for Information (RFI) on the process, technical requirements and costs of moving to
cloud services in fiscal year 2017. CFPB wants to establish a more complete
understanding on the costs associated with moving fully to a cloud solution for
email and office applications (e.g., documents, spreadsheets, presentations,
SharePoint and more).Read the rest
[FEDTECHMAGAZINE.COM]

ROI: 4 Ways Business Document Management Software Can Save You Money. Lisa
Croft, Group Product Marketing Manager at Adobe Document Cloud, talks about
the many ways business document management can save your company time,
space, and more importantly, loads of money. Here are the four most obvious ways
these tools provide excellent return-on-investment. Read more
[PCMAG.COM]

Security Patches
CISCO: Releases Five Security Patches. Cisco released security updates for several
products, one of which fixes a flaw that could allow remote execution if exploited.
Cisco’s ASA Software Identity Firewall, CVE-2016-6432, patch repairs a buffer
overflow issue that can be exploited through a specially crafted NetBIOS packet
leading to the execution of arbitrary code. Cisco Firepower System Software’s flaw,
CVE-2016-6439, is due to the improper handling of an HTTP packet stream that can
create a Denial of Service condition if not patched. The company’s ASA Software’s
problem, CVE-2016-6431, would allow an attacker to cause a reload if he sent a
crafted enrollment request to the infected system. Cisco Meeting Server required
two patches for CVE-2016-6446 and CVE-2016-6444. The former could allow an
attacker to retrieve memory from a connected server and the latter would allow a
cross-site request forgery against a Web Bridge user. Read more
[SCMAGAZINE.COM]

Security Patches
ORACLE: Fixes 253 Security Flaws in October Update. Oracle released its October
Critical Patch Update, fixing 253 different vulnerabilities across the company
product portfolio. The update, released Oct. 18, is the second-largest ever issued
by Oracle, outpaced only by the company’s July CPU in which 276 vulnerabilities
were patched. Overall, Oracle’s patching updates have been growing in recent
years, with 2016 set to be larger than in past years. Find out more
[INFOWORLD.COM]
GOOGLE CHROME: 21 Google Chrome Security Holes You Need to Patch Now.
Google released security patches for 21 vulnerabilities in its Chrome browser,
including six high-severity flaws. Most of these flaws were discovered and
reported by bug hunters through the tech giant’s bounty program. Chrome
Update 54 is available for Mac, Windows and Linux operating systems. Read the
rest
[KOMANDO.COM]

Security Patches
WINDOWS: 5 Critical Updates for October Patch Tuesday. October’s change of
season brings a fundamental change to how Microsoft presents and delivers
updates to Windows 7 and 8.x systems. As of this month, Microsoft will now
follow the Windows 10 cumulative update model for all currently supported
versions of Windows platforms — including Windows 7 and 8.x systems. This is a
big departure from a more granular approach using individual updates and
patches. Microsoft will now “roll-up” security, browser and system component
(.NET) into aggregate patches. This month Microsoft has released ten updates
with five rated as critical, four rated as important and one update with a lower
security rating of moderate. This release cycle includes several “Patch Now”
updates for IE, Edge, Adobe Flash Player and a small component of Microsoft
Office. All of these patches will require a restart. Find out more
[COMPUTERWORLD.COM]

For the CIO, CTO & CISO
CTO: A CTO’s IT Spending Strategy for a Fast-Growing Platform Startup. What is
the optimal IT spending strategy for a fast-growing startup? If you’re Brian Morgan,
CTO at Catalant, a Boston-based platform startup that delivers business expertise
on demand, IT investments are dictated by what the company is trying to achieve,
period. Read more
[SEARCHCIO.TECHTARGET.COM]
CIO: A New Generation of CIO Thinking Emerges. As both business leadership and
investment in technology grows outside the IT department in a era of large
generational technology shifts, CIOs are considering new ways to think about the
nature and role of IT. Find out more
[ZDNET.COM]

CIO, CTO & CISO
CISO: So Now We Have a Federal CISO. So now we have a federal CISO (Brigadier
General [retired] Gregory J. Touhill) as part of the OMB (Office of Management
and Budget). But what does that really mean? Find out more
[TECHCRUNCH.COM]
MORE CISO NEWS: CISOs Need to Be More Business-Focused, says Publicis
CISO. Information security leadership is about politics, getting a place at the top
table and showing what security can do for the business, according to Publicis
CISO Thom Langford. Read the rest
[COMPUTERWEEKLY.COM]

Penetration Testing
ANALYTICS: The New Security Mindset: Embrace Analytics To Mitigate Risk.
Merely conducting a penetration test may find a weakness. But conducting a
creative analysis of the network and carefully analyzing the results will truly
identify key areas of risk. Security professionals who can sniff out abnormalities
in their IT network and applications can foil intruders’ plans before they escalate.
This is a far different approach than simply finding a single weakness and then
declaring “mission accomplished.” Read more
[DARKREADING.COM]

Penetration Testing
HOW TO: Respond to Social Engineering Incidents: An Expert Interview. Steven
Fox is a top government cybersecurity expert, Distinguished Fellow with the
Ponemon Institute and frequent speaker at top security events all over America.
In this exclusive interview, Steven shares several low-tech but sophisticated
social engineering techniques that hackers use to gain (unauthorized) privileged
access into government systems and large and small company networks. Most
important, what can we do to prevent fraud and respond to incidents that do
occur? Find out more
[GOVTECH.COM]
TOOL: Where’s the BeEF? BeEF is short for The Browser Exploitation Framework.
It is a penetration testing tool that focuses on the web browser. Read more
[GITHUB.COM]

Penetration Testing
RISK MANAGEMENT: The Truth About Penetration Testing Vs. Vulnerability
Assessments. Vulnerability assessments are often confused with penetration
tests. In fact, the two terms are often used interchangeably, but they are worlds
apart. To strengthen an organization’s cyber risk posture, it is essential to not
only test for vulnerabilities, but also assess whether vulnerabilities are actually
exploitable and what risks they represent. To increase an organization’s
resilience against cyber-attacks, it is essential to understand the inter-
relationships between vulnerability assessment, penetration test, and a cyber
risk analysis. Find out more
[SECURITYWEEK.COM]

Open Source
LINUX: A $5 Linux Server. Onion Corp., a Boston-based startup, announced a
Linux development computer called the Omega 2. It’s the size of a postage
stamp and sells for just $5. According to Onion Corp., its Omega 2 is an IoT
computer that “combines the tiny form factor and power-efficiency of the
Arduino, with the power and flexibilities of the Raspberry Pi.” The Omega 2 is
expected to ship in December. The company said that the tiny computer is fully
functional out of the box and does not need Wi-Fi dongles or OS installation. It
has a number of simple apps with it and a store where more can be obtained.
Read more
[OPENSOURCE.COM]
APACHE SPOT: Meet Apache Spot, a New Open-Source Project for
Cybersecurity. The effort taps big data analytics and machine learning for
advanced threat detection. Find out more
[COMPUTERWORLD.COM]

Open Source
WEB SECURITY: Facebook Debuts Open Source Detection Tool for Windows.
Facebook successfully ported its SQL-powered detection tool, osquery, to
Windows this week, giving users a free and open source method to monitor
networks and diagnose problems. The framework, which converts operating
systems to relational databases, allows users to write SQL-based queries to
detect intrusions and other types of malicious activity across networks. Find out
more
[THREATPOST.COM]
IoT: GE, Bosch and Open Source Could Bring More IoT Tools. The two
companies will work through the Eclipse Foundation to make more IoT software
components work together . Read the rest
[PCWORLD.COM]

Business Intelligence
MICROSOFT: Hershey Relies on Microsoft for Collaboration and Business
Intelligence. Microsoft stock hit an all-time high this week—breaking a record that
was initially achieved in 1999 during the dot com era. Investors were responding to
Microsoft’s quarterly results, which exceeded expectations and show that Microsoft
is on a solid path. Much of Microsoft’s success in the recent quarter—and in recent
years—has been driven by its Microsoft Azure cloud business, thanks to customers
like Hershey. Read more
[TECHSPECTIVE.NET]
ENTERPRISE APPLICATIONS: MicroStrategy Desktop BI Software Now Free. BI
vendor MicroStrategy announced that its Desktop software is now free, adding to
the affordable self-service BI landscape that includes Tableau Public, Microsoft
Power BI and others. MicroStrategy Desktop 10.5 is available for download at
https://www.microstrategy.com/us/desktop. Find out more
[COMPUTERWORLD.COM]

CLOUD: The Power of Machine Learning and Artificial Intelligence in the Data
Centre. Data is everywhere – masses of it. And it’s helping businesses to make
better decisions across departments. Marketing can utilise data to discover the
effectiveness of email campaigns, finance can analyse past trends to make
predictions and projections for the future, and sales can target their follow-up with
detailed information on prospective customers. But data is only useful when
business tools transform it into valuable information. Data intelligence through
algorithms and analytics make business data relatable. The most advanced
solutions require enormous amounts of data to be able to offer accurate insight to
users. As a result, many solutions are cloud based, as most businesses do not have
the IT capacity or budget to store this amount of information. So where does all this
data reside? The data centre. Read the rest
[CLOUDCOMPUTING-NEWS.NET]

QUESTION: What’s the Difference Between Business Intelligence (BI) and EPM?
John O’Rourke describes the difference between business intelligence (BI) and
enterprise performance management (EPM) solutions. Find out more
[SMARTDATACOLLECTIVE.COM]

Operating Systems
WINDOWS 10: In a World of Free Operating Systems, Can Windows 10 Survive? Do
you give up a decades-long relationship with Windows just because it costs a few
bucks more than its competitors? In a world where PC adoption has cratered, what
of the future of Windows? David Gewirtz makes the case that there’s still life in
them old bits. Read more
[ZDNET.COM]
WHY: Google Andromeda Might Be Too Little, Too Late. John C. Dvorak writes
about Google’s plan for a new OS…why it is a fantastic idea…and why it will never
pull it off. Find out more
[PCMAG.COM]

Operating Systems
LINUX: Fedora 25 Linux OS to Officially Offer Support for Raspberry Pi 2 and 3
Devices. Fedora Project has proudly announced that support for Raspberry Pi 2 and
Raspberry Pi 3 single-board computers is finally coming to the Fedora Linux
operating system. Find out more
[NEWS.SOFTPEDIA.COM]
SECURITY: Critical Flaws Found in Open-Source Encryption Software VeraCrypt.
Many issues were found in the new UEFI bootloader and have been patched in
VeraCrypt 1.19. Read the rest
[PCWORLD.COM]

Incident Response
ATTACKS/BREACHES: Cyber Hunters, Incident Response & The Changing Nature Of
Network Defense. Or how network defense needs to evolve from a game of
“stumbled upon” to “search and discover.” Read more
[DARKREADING.COM]
CLOUD: 4 Fundamentals of an Effective Cloud Access Security Broker. The federal
government’s efforts to eliminate legacy systems and modernize federal IT seems to
be paying off. According to a recent Government Accountability Office report, $2.8
billion has already been saved by closing 3,125 data centers since 2011, and that’s
just the data reported from 19 out of 24 agencies that participated in the Federal
Data Center Consolidation Initiative. The same report also suggests another 2,078
closings will result in an additional $5.4 billion in savings by the end of fiscal 2019.
Find out more
[NEXTGOV.COM]

Incident Response
NEW DRAFT: Cyber Response Plan Nearly Ready for Release. The Department of
Homeland Security is nearly ready to release a draft of the National Cyber Incident
Response Plan that has been anticipated and debated for months. The latest
version, which was shared with stakeholders for final comment, moves the NCIRP
from the interim draft status under which it’s languished since 2009 and inches it
closer to a final plan. Find out more
[FCW.COM]
NSA: Another NSA Breach Hits Booz Allen. Will Anything Change? Booz Allen
Hamilton Holding Corp. is once again at the center of a major U.S. intelligence
breach. And for the second time in three years, the company known in Washington
for its classified contracts and influential alumni will probably face criticism but
suffer few consequences. Read the rest
[BLOOMBERG.COM]

Incident Response
ANALYTICS: Incident Response – A Challenge For 98% Of InfoSec Pros. Too many
alerts and too little staff leave security pros swimming in threat intel and begging
for automation. According to a recent survey, ninety-eight percent of IT security
pros find incident response to be a challenge and 71% say it’s grown more difficult
over the past two years. Read more
[DARKREADING.COM]
FEDERAL GOVERNMENT: Warner – Procurement and Personnel Key for Cyber.
Fixing the way the U.S. government buys technology and hires and deploys its
workforce is the key to improving the nation’s cybersecurity defenses, not changing
the way authorities and responsibilities are divided up between federal agencies,
said Sen. Mark Warner, D-Va. Find out more
[CYBERSCOOP.COM]

Incident Response
NSA: Hackers Find an Easy Path to U.S. Systems. For all the concern about zero-day
exploits, a senior NSA official said that the high-profile hacks of U.S. networks in the
last two years show there are far easier ways for cybercriminals to infiltrate
government systems. Curtis Dukes, deputy national manager for national security
systems at the NSA, said that none of the high-profile government hacks the NSA
responded to — Office of Personnel and Management, the White House, State
Department, Department of Defense — used zero-day exploits. Find out more
[FCW.COM]
CYBER-EXPOSURE: No Standard Cyberinsurance Policy for Government Exists.
While offsetting the cost of a data breach is the most common coverage for
cyberinsurance, policies may cover physical cyber-risks as well, such as the danger
of attacks on utilities and medical facilities, and property damage and injury from
cyberattacks. Read the rest
[GOVTECH.COM]

Tech Research News
MIT: Cache Management Improved Once Again. New version of breakthrough
memory management scheme better accommodates commercial chips. A year
ago, researchers from MIT’s Computer Science and Artificial Intelligence
Laboratory unveiled a fundamentally new way of managing memory on
computer chips, one that would use circuit space much more efficiently as chips
continue to comprise more and more cores, or processing units. In chips with
hundreds of cores, the researchers’ scheme could free up somewhere between
15 and 25 percent of on-chip memory, enabling much more efficient
computation. Their scheme, however, assumed a certain type of computational
behavior that most modern chips do not, in fact, enforce. Last week, at the
International Conference on Parallel Architectures and Compilation Techniques –
the same conference where they first reported their scheme – the researchers
presented an updated version that’s more consistent with existing chip designs
and has a few additional improvements. Read more
[NEWS.MIT.EDU]

Tech Research News
REPORT: Digital Readiness Gaps. According to Pew Research Center, Americans
fall along a spectrum of preparedness when it comes to using tech tools to
pursue learning online, and many are not eager or ready to take the plunge. Find
out more
[PEWINTERNET.ORG]
DOD: Ashton Carter – Cyber Tech, Automation, Biological Research Essential for
DoD Missions. Defense Secretary Ashton Carter has said automated systems,
cyber technology and biological research efforts are necessary to keep the
Defense Department moving forward. Find out more
[EXECUTIVEGOV.COM]

Tech Research News
FITNESS TRACKING: Weight Loss On Your Wrist? Fitness Trackers May Not Help.
Fitness trackers remain wildly popular, but do they make us fit? Maybe not,
according to a study that asked overweight or obese young adults to use the tiny
tracking tools to lose weight. Read the rest
[NPR.ORG]

Search Technology
SOLR: Not Just For Text Anymore. When Solr came out, it was supposed to be an
OpenSource text search engine. Now it has a big place in Big Data. Read what
Ness's CTO, Moshe Kranc has to say about how it has evolved. Read more
[DZONE.COM]
INGALLS: Spring Data 'Ingalls' Release Train Leaves Station. The Spring Data team
has announced the first milestone release of the Ingalls Release Train. This
coordinated release of subprojects under the Spring Data umbrella ships with 230
fixes and a number of new features. Find out more
[ADTMAG.COM]

Search Technology
GOOGLE: Announces New Cloud Natural Language API While Cloud Search API Goes
Beta. Google says that the Cloud Natural Language API gives developers access to
three Google-powered engines– sentiment analysis, entity recognition, and syntax
analysis. The service is currently available in open beta and is based on the
company’s natural language understanding research. It will initially support three
languages– English, Spanish and Japanese and will help developers reveal the
structure and meaning of your text in the given language. Read more
[THETECHPORTAL.COM]
AMAZON: Amazon EC2 Container Service Now Supports Networking Modes and
Memory Reservation. Docker networks provide isolation for your containers. It is
important to have control over the networks your applications run on. With
Amazon ECS, you can now specify an optional networking mode for your containers
that cater towards different use cases. Find out more
[DABCC.COM]

Application Development
IoT: Why App Development Is The Key To Unlocking The IoT Vault. Solution
providers are positioning themselves for success in the lucrative Internet of Things
market by bolstering their application development teams. Companies bringing IoT
solutions to market face several hurdles, including interoperability, security and
data management challenges – and staffing up with IoT application developers is
critical for tackling these issues. Read more
[CRN.COM]
SDKS: How Imaging SDKs Can Solve Today’s Application Development Challenges. In
a mobile-first world, developers understand the importance of creating a next-
generation app that fits in with client or user expectations. Developers should
consider the myriad of SDK options if they want to improve functionality for the
user, especially imaging SDKs. Although they are a niche market, these SDKs can
add better imaging capabilities and target industry-related problems that
companies are trying to tackle. Find out more
[SDTIMES.COM]

Application Development
SECURITY: Application Security Requires More Talk Than Tech. If you think
application security only involves installing a tool, or scanning a few apps and
moving on, you’re wrong. Application security is a unique security initiative, and its
success hinges on people as much as technology. Read more
[INFOWORLD.COM]
SPEED: How to Speed Enterprise App Development and Meet Digital
Transformation Demands. Low-code platforms are key in accelerating digital
transformation with rapid application development. Find out more
[INFORMATION-AGE.COM]

BYOD
HOW TO: Implement an Effective BYOD Policy. Companies have accepted that BYOD
is a reality. The challenge now is striking a balance between security and flexibility.
Concerns around BYOD once revolved around security with third-party services, but
that’s getting easier to manage, says Fred Mouawad, founder and CEO of TaskWorld,
a company focused on employee performance and management. Now businesses
are finding it more difficult to govern BYOD policies internally. Read more
[CIO.COM]
BACKLASH: If BYOD Costs You Too Much, You’re Doing It Wrong — Or Making Up An
Excuse to Regain Mobile Control. Recent research shows a clear picture: IT
organizations are increasingly unhappy about BYOD and now want to curtail or end
the practice. Their stated concern: The costs are too high and the savings too low. But
those concerns are misguided and likely masking a secret agenda to regain control
over mobile devices, not to save money. Face it: BYOD was never popular with IT.
Find out more
[INFOWORLD.COM]

BYOD
CLOUD: Why Preparation is Key to Securing Your Cloud Migration. The benefits of
big data and BYOD are real. And with so many businesses looking to migrate their
data to the cloud, they want to make sure everything arrives safely and intact. After
all, much of this data contains sensitive and proprietary information, and the
prospect of moving it from the safety of the corporate firewall to a cloud
environment is cause for concern. Find out more
FEDERAL GOVT: Federal BYOD: The Mobile Security Conundrum. There are currently
more than 7.7 billion mobile connections around the world. Thanks to the Internet of
Things, it is predicted that the number of connected devices will reach an astounding
20.8 billion by 2020. With the average number of mobile devices owned per person
currently estimated at 3.64, those devices are becoming necessary equipment for
today’s workers. Read the rest
[GCN.COM]

BYOD
ENTERPRISE: Enterprise Mobile Security Tools May Not Protect BYOD. For employees,
bring-your-own-device workplace policies can increase efficiency and improve
remote work capabilities. For the organization, BYOD can reduce equipment costs,
but it can also open the enterprise up to all sorts of new exploits and breaches. Find
out more
[GCN.COM]
POLICY: Malware and ‘Connection Hijacking’ Remain Biggest BYOD Risks. A new
report from data centre provider CyrusOne outlines malware, device theft and
phishing as among the key risks for organisations looking to implement a bring your
own device (BYOD) policy. Find out more
[APPSTECHNEWS.COM]

Big Data
PREDICTIONS: 5 Amazing Things Big Data Helps Us To Predict Now. Big data is
predicting things about your life almost every minute of your day – whether you’re
aware of it or not. Read more
[FORBES.COM]
CLOUD: More Money in Big Data Initiatives, Gartner Argues – But is the ROI Still
Unclear? The big data landscape is approaching a state of maturation: according to
the latest note from analyst house Gartner, more money is being invested in big
data but fewer companies are deciding to commit. Find out more

Big Data
LANGUAGE: Why Java in Big Data? What About Scala? Here’s what to keep in mind
when comparing and determining what language to use with big data applications
and data access. Find out more
[DZONE.COM]
ROI: Big Data: Why the Boom is Already Over. Too many big data projects have
been poorly built, and lack return on investment – so companies are spending their
money on other priorities. Read the rest
[ZDNET.COM]

Mobile Applications
ORACLE: Oracle Visual Code Brings Cloud-Based App Dev to Business Users. With
its Project Visual Code platform, Oracle is taking a swing at Salesforce in cloud-
based application development. The platform for low-code development provides a
browser-based interface for building standalone applications or extensions to
existing applications. Geared to “citizen developers,” Visual Code is a direct
competitor to the Salesforce Lightning component-based development platform.
Read more
[INFOWORLD.COM]
RAD: How Rapid Application Development is Changing Everything. RAD has
evolved into a very viable option for just about any type of app project. Vijay Pullur,
CEO of WaveMaker talks about the changes RAD has gone through, the advantages
of RAD in the cloud, low-code options, what application projects are best suited for
a RAD build, and more. Find out more
[APPDEVELOPERMAGAZINE.COM]

Mobile Applications
ONGOING EDUCATION: IT Certifications Report Card – What Are They Worth
Now? Which Ones Pay Off the Most? Unique keywords such as CompTIA, MCSE,
CISSP and PMP — all indicators of popular IT certifications or certification bodies
themselves — serve as a proven means to filter candidates in technology’s highly
competitive environment. (That’s also something to keep in mind if the next
economic downturn hits IT as hard as it will other occupations.) Bolstering this
argument is the comprehensive, substantive and credible research from sources
like established IT search firms on the higher wages typically granted to those with
advanced certifications. To help you chart your ongoing education wisely, here’s a
full review of today’s most rewarding IT certification areas, based on the trends
driving the value of the knowledge and competencies they impart. These are:
mobile application development, IT networking and security, HTML5 programming,
project management certification and CRM software expertise. Find out more
[COMPUTERWORLD.COM]

Mobile Applications
ACCELERATED MOBILE PAGES: Get Started with AMP HTML. For many, reading on
the mobile web is a slow, clunky and frustrating experience – but it doesn’t have to
be that way. The Accelerated Mobile Pages (AMP) Project is an open source
initiative that embodies the vision that publishers can create mobile optimized
content once and have it load instantly everywhere. Read the rest
[AMPPROJECT.ORG]

IT Management
PERFORMANCE: Why Performance Management Is Dead & Performance
Motivation Is Here To Stay. How's your team performing? Before you start the
process of performance evaluations, take 10 minutes and discover why performance
management is dead and performance motivation is here to stay. Read more
[FORBES.COM]
CXO: 3 Survival Skills for Reluctant IT Managers. Textbook management practices
don't always work in IT disciplines. Here are some strategies for tech professionals
who find themselves in a management role. Find out more
[TECHREPUBLIC.COM]

IT Management
LEGAL: How to Avoid Failure by Design. When it comes to technology projects,
lawyers have a dual role. Firstly, to help the parties convert the commercial deal into
a robust contract. Secondly, to help identify what could go wrong and make sure that
the contract has appropriate mechanisms to deal with failures and disputes. This
second role is particularly essential because the evidence shows that many
technology projects do fail. Projects are delayed, exceed budget, and/or don’t deliver
technology that meets the customer's needs. Find out more
[COMPUTERWORLDUK.COM]

IT Management
SLIDESHOW: Why Managers Lack Confidence in Their Firm's Data. Nearly all
managers lack complete confidence in their company's data, according to a recent
survey from Experian Data Quality. The accompanying report, "Building a Business
Case for Data Quality," indicates that, despite the trust issues, it often takes many
months for companies to approve data quality initiatives. Meanwhile, IT managers
overseeing these efforts struggle to deal with large data volumes, human error and a
lack of data standardization. Read the rest
[BASELINEMAG.COM]

Programming & Scripting Development
Client & Server-Side

TYPESCRIPT: Microsoft’s JavaScript for Big Applications, Reaches Version 2.0.
TypeScript, the JavaScript-based language that Microsoft devised to make
developing large Web applications easier, reached its version 2.0 milestone last
month. Since its introduction, TypeScript has included new features to improve
performance, enhance JavaScript compatibility, and extend the range of error
checking that the TypeScript compiler performs. TypeScript 2.0 introduces a big
step forward here by giving developers greater control over null values. Read more
[ARSTECHNICA.COM]

GOOGLE: Beats Back Oracle Again in Java Android Case. Oracle loses in court once
again in its latest attempt to obtain Java copyright damages from Google. To recap,
Oracle claimed the 37 Java application programming interface (API) packages
Google used to develop Android are covered by copyright. Of course, that’s not
really the issue. True, the the US Federal Circuit Court of Appeals foolishly ruled
that APIs could be copyrighted. But the US District Court for the Northern District
of California ruled in May 2016 that Google’s use of the Java APIs were not subject
to copyright licensing fees. Instead, Android’s use of the APIs was covered by “fair
use.” Find out more
[ZDNET.COM]

CASE STUDY: JavaScript Blocking Google’s View of hreflang. Sam Gipson
troubleshoots issues with a client’s hreflang implementation, testing to see if
JavaScript elements might interfere with Google recognizing these tags. Find out
more
[SEARCHENGINELAND.COM]
CODE: What It Means To Be a ‘Popular’ Programming Language. A lot of people
like JavaScript for sure, but its popularity has much more to do with its current
utility. Web browsers (and now servers, via Node.js) feature engines for
interpreting JavaScript and so JavaScript is the default programming language for
web applications. If web development weren’t popular – especially so among Stack
Overflow users—then we would see a different ranking. Read the rest
[MOTHERBOARD.VICE.COM]

Cloud Computing
AMAZON: Boosts Cloud-Computing Performance With New, GPU-Accelerated AWS
Instances. Amazon Web Services has announced a new Elastic Compute Cloud (EC2)
instance type, dubbed P2, which leverages NVIDIA GPUs (Graphics Processing Units)
to offer customers massive amounts of compute performance via the cloud. Read
more
[FORBES.COM]
CLOUD BUDGETS: Cloud Computing Embraced As Cost-Cutting Measure. When it
comes to implementing a cloud infrastructure, whether it’s public, private, or hybrid,
most IT departments view the technology as a way to cut costs and save money,
according to a recent analysis from CompTIA. The report also shows that SaaS is seen
as the most useful cloud service. Find out more
[INFORMATIONWEEK.COM]

Cloud Computing
MICROSOFT: Signs Up Adobe for its Azure Cloud Computing Services. Microsoft
and Adobe announced a major partnership that will see Adobe deliver its cloud
services on Microsoft Azure and that will make Adobe the preferred marketing
service for Microsoft’s Dynamics 365 Enterprise CRM solution. Find out more
[TECHCRUNCH.COM]
STORAGE: Avoiding Cloud Computing Storage Lock-In: Does Hedvig Have the
Answer? Rigid storage platforms could become a single, universal solution for all a
company’s storage requirements thanks to the cloud. Read the rest
[ZDNET.COM]

Personal Tech
DEVICES: ‘Smart’ Devices ‘Too Dumb’ to Fend Off Cyber-Attacks, Say Experts.
Internet-connected gadgets vulnerable because they don’t have enough memory
for safety software, use generic code and access web by default. Read more
[THEGUARDIAN.COM]
HEALTH TECH: Digital Health Technology Poised to Help an Aging Population.
Startups and established mHealth and health IT vendors showcase care
coordination and telehealth apps, while speakers talk about tech tools for the
elderly and mentally ill. Find out more
[SEARCHHEALTHIT.TECHTARGET.COM]

Personal Tech
EMAIL: Hacking Specialist Warns of Election-Themed Email Attacks. Heading
toward Election Day in the U.S., hackers may target your inbox instead of the ballot
box. It’s difficult to alter overall ballot counts in the U.S., which doesn’t have a
centralized voting system, but hackers could take advantage of the Nov. 8 election to
dupe people and gain access to their personal information, according to Oren
Falkowitz, chief executive officer of Redwood City, California-based Area 1 Security.
Read the rest
[CHICAGOTRIBUNE.COM]

Personal Tech
TIPS: Cybersecurity Awareness Month Tips for Online Security. Never forget that
any kind of business or work you do online — including email, shopping, social
media sites, and surfing – warrants some level of scrutiny. So spend some time
during Cybersecurity Awareness Month thinking about what you need to do to make
yourself less vulnerable to attack as you use the Internet. Find out more
[COMPUTERWORLD.COM]

IT Security | Cybersecurity
G7: Sets Common Cyber-Security Guidelines for Financial Sector. The Group of
Seven industrial powers on Tuesday said they had agreed on guidelines for
protecting the global financial sector from cyber attacks following a series of cross-
border bank thefts by hackers. Read more
[REUTERS.COM]
NOTE: To The Next President…Get A National Cybersecurity Strategy. Do the
candidates have coherent positions for responding to cyber-attacks or on cyber
warfare? Find out more
[FORBES.COM]

IT Security | Cybersecurity
OMB: Launching Cyber.gov for Best Practices Repository. Cyber.gov will be a
repository for best practices, said Federal CISO Brigadier General (retired) Greg
Touhill, during an Oct. 11 Washington, D.C. AFCEA chapter Cybersecurity Summit.
“We have to focus on implementing best practices throughout our organizations,”
Touhill said. “I want to emphasize that I don’t believe that compliance is…always the
right approach, because compliance doesn’t bring you best practices, but best
practices bring you compliance.” Find out more
[FEDERALNEWSRADIO.COM]
ECONOMICS: Cybersecurity Economics In Government — Is Funding The Real
Problem? Government leadership and those chartered with creating budgets could
benefit from applying sound value-management practices when considering the
cybersecurity budget process. Read the rest
[DARKREADING.COM]

From the Blue Mountain Data Systems Blog
Personal Tech
https://www.bluemt.com/personal-tech-daily-tech-update-october-28-2016
IT Management
https://www.bluemt.com/it-management-daily-tech-update-october-27-2016
https://www.bluemt.com/business-intelligence-daily-tech-update-october-26-
2016
Incident Response
https://www.bluemt.com/incident-response-daily-tech-update-october-25-2016

Security Patches
https://www.bluemt.com/security-patches-daily-tech-update-october-24-2016/
BYOD
https://www.bluemt.com/byod-daily-tech-update-october-21-2016/
Databases
https://www.bluemt.com/databases-daily-tech-update-october-20-2016/
Operating Systems
https://www.bluemt.com/operating-systems-daily-tech-update-october-19-
2016/

Encryption
https://www.bluemt.com/encryption-daily-tech-update-october-18-2016/
Cloud Computing
https://www.bluemt.com/cloud-computing-daily-tech-update-october-17-2016/
Programming & Scripting
https://www.bluemt.com/programming-scripting-daily-tech-update-october-14-
2016/
Incident Response
https://www.bluemt.com/incident-response-daily-tech-update-october-13-
2016/

Cybersecurity
https://www.bluemt.com/cybersecurity-daily-tech-update-october-12-2016/
Big Data
https://www.bluemt.com/big-data-daily-tech-update-october-11-2016/
Mobile Applications
https://www.bluemt.com/mobile-applications-daily-tech-update-october-7-
2016/
Cloud Computing
https://www.bluemt.com/cloud-computing-daily-tech-update-october-6-2016/

Open Source
https://www.bluemt.com/open-source-daily-tech-update-october-5-2016/
CTO, CIO and CISO
https://www.bluemt.com/cto-cio-ciso-daily-tech-update-october-4-2016/
Programming & Scripting
https://www.bluemt.com/programming-scripting-daily-tech-update-october-3-
2016/

Feds Report Mixed Responses to Shared Services
https://www.bluemt.com/feds-report-mixed-responses-to-shared-services
Federal Employees Are Not Security Experts
https://www.bluemt.com/federal-employees-are-not-security-experts
Survival Guide for Network Administrators
https://www.bluemt.com/survival-guide-for-network-administrators
DBaaS: OpenStack Trove Changes DB Management
https://www.bluemt.com/dbaas-openstack-trove-changes-db-management

Help Wanted: Certified Cybersecurity Professionals
https://www.bluemt.com/help-wanted-certified-cybersecurity-professionals
Cyber Threat Intelligence Integration Center Preview
https://www.bluemt.com/cyber-threat-intelligence-integration-center-preview/
Cloud Moves in 1-2-3
https://www.bluemt.com/cloud-moves-in-1-2-3/
Change Management for Disaster Recovery
https://www.bluemt.com/change-management-for-disaster-recovery/

Jeffersonian Advice For C-Suite Career Advancement
https://www.bluemt.com/jeffersonian-advice-for-c-suite-career-advancement/
Ways To Survive The “Mobile-Pocalypse”
https://www.bluemt.com/ways-to-survive-the-mobile-pocalypse/
Microsoft Cloud Services Receive FedRAMP Authority to Operate
https://www.bluemt.com/microsoft-cloud-services-receive-fedramp-authority-
to-operate/
Hiring Pentesters? Here Are 10 Things You Need to Know
https://www.bluemt.com/hiring-pentesters-here-are-10-things-you-need-to-
know/

Home Router Malware Alert
https://www.bluemt.com/home-router-malware-alert/
Threat Model Deconstruction
https://www.bluemt.com/threat-model-deconstruction/
Business Email Scam Nets $214 Million
https://www.bluemt.com/business-email-scam-nets-214-million/
How to Prevent Unauthorized Software from Taking Over Your Organization
https://www.bluemt.com/the-cios-guide-to-happy-end-users-2/

Digital Marketing Predictions for 2015
https://www.bluemt.com/digital-marketing-predictions-for-2015/
SDN: Network Administrator’s Friend or Foe?
https://www.bluemt.com/sdn-network-administrators-friend-or-foe/
Mobile Payments: A Must for Federal Agencies
https://www.bluemt.com/mobile-payments-a-must-for-federal-agencies/
Soft Skills Are A Must-Have For Careers In IT
https://www.bluemt.com/soft-skills-are-a-must-have-for-careers-in-it/

Security Risks Most Prevalent in Younger Workers
https://www.bluemt.com/security-risks-most-prevalent-in-younger-workers/
The Security World’s Maturation
https://www.bluemt.com/the-security-worlds-maturation/
Data Breach Concerns Keep CISOs Up At Night
https://www.bluemt.com/data-breach-concerns-keep-cisos-up-at-night/
Personalized Govt Equals Instant Gratification for Citizens
https://www.bluemt.com/personalized-govt-equals-instant-gratification-for-
citizens/

People-Centric Security
https://www.bluemt.com/people-centric-security/
Pentagon Tries BYOD To Strike Work/Life Balance
https://www.bluemt.com/pentagon-tries-byod-to-strike-worklife-balance/
Open Source Model Considered for MS Windows
https://www.bluemt.com/open-source-model-considered-for-ms-windows/
Open Internet: To Be or Not to Be?
https://www.bluemt.com/open-internet-to-be-or-not-to-be/

Malware Stays A Step Ahead Infecting One Third of Websites
https://www.bluemt.com/malware-stays-a-step-ahead-infecting-one-third-of-
websites/
Machine-Generated Data: Potential Goldmine for the CIO
https://www.bluemt.com/machine-generated-data-potential-goldmine-for-the-
cio/
Government Legacy Programs: Reuse vs. Replacement
https://www.bluemt.com/government-legacy-programs-reuse-vs-replacement/
It Takes a Whole Village to Protect Networks and Systems
https://www.bluemt.com/it-takes-a-whole-village-to-protect-networks-and-
systems/

Governance For the CIO
https://www.bluemt.com/governance-for-the-cio/
Help Desk Consolidation – Lessons Learned
https://www.bluemt.com/help-desk-consolidation-lessons-learned/
One Year Later, Companies Still Vulnerable to Heartbleed
https://www.bluemt.com/one-year-later-companies-still-vulnerable-to-
heartbleed/
Federal Projects Cultivate Worker Passion
https://www.bluemt.com/federal-projects-cultivate-worker-passion-2/

ABOUT US
Blue Mountain Data Systems Inc.
Blue Mountain Data Systems Inc. is dedicated to application
and systems development, electronic document management,
IT security support, and the automation of workflow processes.
Read more about our experience here:
>> http://bluemt.com/experience

Recent Experience
U.S. Dept. of Labor
Employee Benefits Security Administration
1994 to Present
Responsible to the Office of Technology and Information Systems for information
systems architecture, planning, applications development, networking,
administration and IT security, supporting the enforcement of Title I of the
Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue
Mountain is responsible for design, development and support for its various
enforcement database management systems, as well as all case tracking and
customer service inquiry systems. Blue Mountain also provides IT security services
to the EBSA, in the form of FISMA Assessment and Authorization, System Security
Plans, Risk and vulnerability assessments, monitoring and investigation support.

MANAGEMENT
Paul T. Vesely
Founder, President, CEO and Principal Architect
Mr. Vesely is a recognized thought leader in systems
architecture and delivery, having designed and
delivered many enterprise wide information and
document management solutions. Mr. Vesely’s history
includes 33 years experience in the information
systems industry, with Unisys, Grumman, PRC and a
host of clients in both government and private sectors.

CONTACT US
Contact Us Today to Discuss Your Next IT Project
HEADQUARTERS
366 Victory Drive
Herndon, VA 20170
PHONE 703-502-3416
FAX 703-745-9110
EMAIL
paul@bluemt.com
WEB
https://www.bluemt.com

Tech Update Summary from Blue Mountain Data Systems October 2016

Recommandé

Recommandé

Contenu connexe

En vedette

En vedette (8)

Plus de BMDS3416

Plus de BMDS3416 (7)

Dernier

Dernier (20)

Tech Update Summary from Blue Mountain Data Systems October 2016