Tech Update SummaryApril 2016

Blue Mountain Data Systems

For CTOs, CIOs & CISOs

Visit Blue Mountain Data Systems https://www.bluemt.com

For CTOs, CIOs & CISOs

Every business day, we publish a Daily Tech Update for Federal & State CTOs ,CIOs & CISOs on the

Blue Mountain Data Systems Blog. We hope you will visit our blog for the latest information.

You can also receive these updates via email. Click here to subscribe.

Here’s the summary of the Daily Tech Updates for April 2016. Hope the information and ideas prove

useful.

Best,Paul VeselyPresident and Principal ArchitectBlue Mountain Data Systems Inc.

Databases

Databases & StorageRANSOMWARE: Why Hospitals Are the Perfect Targets for Ransomware. Ransomware has been an Internet scourge for more than a decade, but only recently has it made mainstream media headlines. That’s primarily due to a new trend in ransomware attacks: the targeting of hospitals and other healthcare facilities. The malware works by locking your computer to prevent you from accessing data until you pay a ransom, usually demanded in Bitcoin. Hospitals are the perfect mark for this kind of extortion because they provide critical care and rely on up-to-date information from patient records. Without quick access to databases that hold drug histories, surgery directives and other information, patient care can get delayed or halted, which makes hospitals more likely to pay a ransom rather than risk delays that could result in death and lawsuits. Read more[WIRED.COM]

Databases & StorageTO SQL OR NoSQL? That’s the Database Question. Poke around the infrastructure of any startup website or mobile app these days, and you’re bound to find something other than a relational database doing much of the heavy lifting. Today, the database landscape continues to become increasingly complicated. The usual SQL suspects—SQL Server-Oracle-DB2-Postgres, et al.—aren’t handling this new world on their own, and some say they can’t. But the division between SQL and NoSQL is increasingly fuzzy, especially as database developers integrate the technologies together and add bits of one to the other. Read more[ARSTECHNICA.COM]

Databases & StorageSECURITY: Data and Identity: Two New Security Perimeters. It’s clear that organizations embracing new cloud and mobile infrastructure have less control of some IT assets than they did in the past. What does this mean for security of your data? Read more[NETWORKWORLD.COM]

HYBRID CLOUD: The 5 Phases of Overcoming Hybrid Cloud Data Integration. An effect hybrid integration strategy can be broken down into five phases, each with its own level of complexity. Phase 1: Replicating SaaS apps to on-premise databases. The first stage in developing a hybrid integration platform is to replicate SaaS applications to on-premises databases. Companies in this stage typically either need analytics on some of the business-critical information contained in their SaaS apps, or they are sending SaaS data to a staging database so that it can be picked up by other on-premise apps. Read more[INFORMATION-AGE.COM]

Databases & Storage

SECURITY: DB Networks Launches Real-Time Database Security Sensor. By integrating this sensor into their products, security OEMs provide their customers with more usage detail and metrics from data-tier cyber-threats. Read the rest[EWEEK.COM]

MongoDB: Security, and How Not to Get Stung. Recently, Microsoft got roundly savaged for a database security leak. In the back and forth, MongoDB’s database security got caught in the crossfire. Find out why MongoDB was mistakenly blamed. Read more[DZONE.COM]

Databases & Storage

DATA PROTECTION: Safeguarding Databases Against Insider Threats. While phishing, malware, distributed denial-of-service (DDoS) and similar types of external threats rightfully receive significant attention from organizations, they only represent one aspect of the threat equation. Insider threats are the other piece of this puzzle and can be equally damaging. Read more[SECURITYINTELLIGENCE.COM]

HOMELAND SECURITY: Visa Waiver Program Now Includes Daily Database Check. A change to how Customs and Border Protection vets applicants for the Visa Waiver Program is helping prevent a potential blind spot in the process, the agency’s chief told a House panel on March 1. Read more[FCW.COM]

Databases & Storage

SPECIALIZED SEARCH DATABASES: Sorting Through the Crowded Specialized Database Toolbox. With so many choices today, matching database to need isn’t getting any easier. The database landscape is increasingly complicated. As of April, Solid IT’s DB-Engines initiative was tracking 303 separate relational and non-relational databases. Read more[ARSTECHNICA.COM]

GOOGLE: Shuts Out Competitors on Android? Hardly. One of the persistent tragedies of Android, Google’s globe-conquering mobile operating system, is that it continues to be better in theory than in reality. Read the rest[NYTIMES.COM]

Databases & StorageSECURITY: From Encrypted Drives To Amazon’s Cloud — The Amazing Flight Of The Panama Papers. The firm ran a three-month old version of WordPress for its main site, known to contain some vulnerabilities, but more worrisome was that, according to Internet records, its portal used by customers to access sensitive data was most likely run on a three-year-old version of Drupal, 7.23. That platform has at least 25 known vulnerabilities at the time of writing, two of which could have been used by a hacker to upload their own code to the server and start hoovering up data. Back in 2014, Drupal warned of a swathe of attacks on websites based on its code, telling users that anyone running anything below version 7.32 within seven hours of its release should have assumed they’d been hacked. Read more[FORBES.COM]

Databases & StorageELASTICSEARCH: Elastic Gives Search Engine a Graph Option. Elastic has announced that it has added a graph query engine to the Elasticsearch engine. Users now have the option of using their search indexes as the basis for conducting graph analyses. The new option will make it relatively easy for customers to conduct big data analysis for use cases such as fraud detection and product recommendations. Find out more[DATANAMI.COM]

More About Blue Mountain

BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S. Dept. of Labor, Employee Benefits Security Administration. Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support. Read more.

Security Patches

Security Patches

MICROSOFT: Microsoft Rated 6 of 13 Security Updates as Critical, Badlock Bug Fix Rated Important. Microsoft released 13 security updates, including patches for zero-days. The patch for the Badlock bug is among those rated only as important. Read the rest[NETWORKWORLD.COM]

ANDROID: Keeping Up With Android Security Patches. When did Google start rolling out monthly security patches for Nexus tablets, and what do these fix? Read more[NYTIMES.COM]

Security Patches

JAVA: Three-year-old IBM Patch for Critical Java Flaw is Broken. Attackers can easily bypass the patch to exploit a vulnerability that allows them to escape from the Java security sandbox. Read more[CIO.COM]

ADOBE: Adobe Patches Flash Bug That’s Being Exploited to Install Ransomware. “Actively exploited” critical flaw has been in wild for more than a week. Read more[ARSTECHNICA.COM]

Penetration Testing

Penetration TestingREGULAR CHECKUPS: Pentesting-as-a-Service. Ten years ago, penetration testing was viewed as a luxury service, typically aimed at ensuring that companies’ network perimeters were secured against malicious external attacks. More recently, we have seen the emergence of vulnerability scanning software, an automated way to perform more frequent vulnerability testing, but not to the level of rigour the company would receive from a penetration test performed by a security expert. Read more[INFOSECURITY-MAGAZINE.COM]

THINK TANK: Penetration Testing Still Relevant, but Approach Needs to Change. How can an organization ensure it gets value from penetration and security testing services? Security managers need permission from their respective companies to test live networks, and they need the right pen testing tools for the job. Read more[COMPUTERWEEKLY.COM]

Penetration Testing

HOW: A White Hat Hacker Breaks Into a Business. A pen tester talks through how to break into a company. Read more[NEWSWEEK.COM]

PENTAGON: Sees White Hat Hackers as Low-Cost Penetration Testers. The Defense Department announced it would be launching the federal government’s first-ever "bug bounty," banking on the idea that there’s a nascent community of white hat hackers that’s been itching to help the Pentagon with its cybersecurity challenges but hasn’t been able to until now. Read more[FEDERALNEWSRADIO.COM]

IT Management

IT Management

SURVEY: 8 Project Management Skills in High Demand. By 2020, reports estimate that there will 700,000 new project management jobs in the United States. Do you have what employers will be looking for? Read more[CIO.COM]

STATE & LOCAL GOVERNMENT: State and Local IT Departments Reorganize for Innovation. In a bid to shake things up and better serve residents, Massachusetts and Seattle have restructured, consolidated and reengineered their IT teams. Read the rest[STATETECHMAGAZINE.COM]

IT ManagementSTAFFING: Tackling the Government’s Tech Worker Shortage. Richard Spires, former DHS CIO, is on a mission to help cultivate tech talent. Whether it is developing the employees they have, recruiting talented outsiders or finding contracting companies with first-rate professionals, organizations, including government agencies such as DHS, struggle to maintain a workforce with the proper skills. This is particularly difficult in the technology area, as approximately 500,000 of the nation’s 5.5 million unfilled jobs are in IT. Read more[FEDTECHMAGAZINE.COM]

LEADERSHIP: Tackling Gender Bias In Tech And Beyond: Evolving Towards Equality. Gender bias (both conscious and unconscious) remains a critical problem in today’s workforce, especially in tech, with many complex influences and factors sustaining the problem. While hundreds of experts and business and HR leaders have shared their suggested strategies, solutions and approaches to this serious challenge, the needle has been slow to move. Read more [FORBES.COM]

For the CIO, CTO & CISO

For the CIO, CTO & CISO

CTO: Greg Godbout to Leave EPA. The former executive director of GSA’s 18F tiger team will join Danish tech company cBrain as it looks to make its mark on the U.S. market. Read more[FEDSCOOP.COM]

CIO: CIOs, CMOs Share Tips for Successful Partnerships. The importance of technology in marketing continues to grow, and the stakes for those leading the charge to a digital transformation have never been higher. Savvy CIOs can turn the challenge into an opportunity and make their roles indispensable to the business. Read the rest[CIO.COM]

For the CIO, CTO & CISO

CISO: What Agency Security Chiefs Want from the Federal CISO. Federal security chiefs don’t want a boss in the new federal chief information security officer. Instead, they want someone who is willing to collaborate, build on the ideas they’ve been developing and give them more of a voice in federal policy circles. Read more[FCW.COM]

CSO: Two Perspectives on Social Media for Security Leaders. Brian Reed and Ian Amit from ZeroFox blend two unique perspectives and experience on social media into an action plan for security leaders. Read more[CSOONLINE.COM]

Application Development

Application Development

STRATEGY: Choosing Your Application Development Strategy. Which is more effective: the top-down or bottom-up application strategy? Discover why choosing one requires an in-depth understanding of application requirements. Read the rest[SEARCHSOA.TECHTARGET.COM]

CLOUD: Why Amazon and OpenStack Continue to Thrive in a Complex Cloud World. Amazon announcing AWS hitting a $10B annual run rate and OpenStack’s 13th release—lead some to wonder who is winning. Both are. Read more[EWEEK.COM]

Application Development

MICROSOFT: Power BI Hits 5M Subscribers, Adds Deeper Excel Integration. Microsoft has a ton of new features planned for its cloud-based BI service. Microsoft’s cloud-based business intelligence service is celebrating a major user growth milestone with a handful of new features, including the ability to import data from an Excel spreadsheet and turn it into live-updating charts and graphs. Power BI now has more than 5 million subscribers, who are using the service to take in business data and create dashboards they can use to better understand their businesses. Subscribers will be able to use an Excel connector to easily “pin” live-updating data from the Excel desktop app to a Power BI dashboard. Both that feature, and one that allows users to analyze data from Power BI in Excel, were previously available for beta testing and are now generally available. Read more[PCWORLD.COM]

Application Development

NODE.js: Top Reasons to Use Node.js for Web Application Development. There are many reasons why developers (regardless of experience level) should use Node.js for web application development, starting with its speed and ending with its proficiency at multi-user, real-time web applications. Not to mention that three years ago Nodejitsu reached out to the npm community for help running the public npm servers and raised over $300,000 for the project, proving that the community is both active and generous. Read more[JAXENTER.COM]

BYOD

BYODPRODUCTIVITY: BYOD Brings Greater Productivity – as Well as Security Issues. The bring-your-own-device (BYOD) trend continues to be perplexing for many enterprises. It holds the promise of greater employee productivity and mobility, but also comes with its share of security problems. Past studies and surveys note the benefits and challenges of BYOD, but also stress the need for businesses to adopt policies to manage and secure the devices coming onto the network. Read the rest[EWEEK.COM]

CLOUD: Shadow IT and Other Cloud Excuses. In an age of bring your own device (BYOD) to work, those in charge must take charge. They must balance their employees’ use of self-selected technology and/or their self-deployment of commercially available cloud services with senior managements’ lack of direction. Unfortunately in many large entities those with initiative are viewed as rogue “shadow IT” users who detract from the mission, not as innovative, clever individuals who optimize off-the-shelf solutions to soldier on. Read more [FEDERALNEWSRADIO.COM]

BYODMOBILITY: Seattle Retools Its Technology to Attract Younger Workers. As baby boomers retire from public-sector IT departments, state and local governments are revamping their technology to attract a millennial workforce. Whether tablets and smartphones arrive in offices through bring-your-own-device (BYOD) initiatives or government-procurements, their expanded use heightens the need for optimized software, appropriate security and precise use policies. Read more[STATETECHMAGAZINE.COM]

SECURITY: 7 Potential Security Concerns for Wearables. Is your organization safe from all these connected devices? Wearables are rapidly invading the workplace in much the same way that smartphones did. Fitness trackers, smartwatches, head-mounted displays and other new form factors are beginning to capture the public imagination. Sales of wearable electronic devices topped 232 million in 2015, and Gartner forecasts they’ll rise 18.4% this year, when another 274.6 million devices are sold. Read more [NETWORKWORLD.COM]

Big Data

Big DataGOVERNMENT: Why Big Data Needs a Soul. “Data is a story with soul,” said Dr. Kristen Honey, a policy advisor in the White House’s Office of Science and Technology Policy. Honey, who appeared with a number of other experts on an April 22 AFFIRM panel on taming the explosion of government data, was quoting author and storyteller Brene Brown. But she and other panelists said much the same thing, stressing that the most effective tool for dealing with the oceans of data generated by federal agencies isn’t technological, but human. Read more[FCW.COM]

ENTERPRISE: Flexing the Muscles of Big Data. When the term ‘big data’ gets mentioned, what springs to mind? Massive databases? Hadoop clusters? Business analytics engines? How about data aggregation systems, filters, metadata creation systems, indexers, results renderers and reporting systems? All of these should be part of a big data strategy and require different resources at different times. Read the rest [ZDNET.COM]

Big Data

MICROSOFT: Integrating Big Data and SQL Server 2016. Many Big Data projects are implemented using systems like Microsoft’s HDInsight or Hadoop. That said, these Big Data systems usually need to be integrated with existing data from relational databases or data warehouses. That’s where SQL Server 2016’s PolyBase feature comes into play. Find out more[SQLMAG.COM]

FORRESTER: Start One Of These Two Big Data Businesses. Big data has gotten a lot of attention from the media and investors, but the segment is broad and complicated. If someone is interested in starting a big data business, where should they focus their efforts? Forrester Research principal analyst Mike Gualtieri offered CRNtv two tips on what’s growing in the big data market today. Read more[CRN.COM]

Project Management

Project Management

INTERVIEW SKILLS: 12 Questions Project Managers Should Be Prepared for in a Job Interview. Project management job interviews can be more stressful than the new job itself. Most candidates expect to talk about their strengths, weaknesses, skills and methodology as a PM. But to truly be prepared when walking into that next PM interview, be ready to answer these difficult questions. Read more[CIO.COM]

SURVEY: The High Cost of Low Performance. Organizations waste US$122 million for every US$1 billion invested due to poor project performance – a 12 percent increase over last year. That’s the finding of the 2016 Pulse of the Profession®, which reveals an imperative to strengthen the conversation around the benefits of project management. Download the report now. Read more[PMI.ORG]

Project ManagementORGANIZATIONAL STRUCTURE: Top-Down Solutions Like Holacracy Won’t Fix Bureaucracy. For all its enemies, bureaucracy is amazingly resilient. Since 1983, the number of managers, supervisors, and support staff employed in the U.S. economy has nearly doubled, while employment in other occupations has grown by less than 40%, according to our analysis of data from the Bureau of Labor Statistics. That makes bureaucracy the organizational equivalent of kudzu, the invasive, herbicide-resistant vine that has overrun thousands of acres of woodland in the American south. Why is bureaucracy so difficult to eradicate? Read more[HBR.ORG]

INNOVATION: To Increase Innovation: Help Your Team Take Smarter Risks. Most senior managers agree that taking risks is important for innovation, but in far too many cases, they don’t act like they believe this. How can you break out of this mode and create an environment that is more conducive to innovation? One of the starting points is to be more explicit about what risk-taking really means, and what is acceptable and what is not. Here are four tactics for doing this. Read more [FORBES.COM]

Open Source

Open SourceENTERPRISE APPS: Open Source Code is Common, Potentially Dangerous, in Enterprise Apps. The Open Source Vulnerability Database shut down this week posed yet another security challenge for developers who routinely inject massive amounts of free off-the-shelf code into new software. As the name suggests, OSVD was a resource where non-commercial developers could look – free – for patches to known vulnerabilities. Without it, other vulnerability repositories remain, but its closure points up one of the problems with how open source code is used, particularly in enterprise development: often once it’s incorporated into apps, it might never be updated to fix vulnerabilities that are discovered later. Read more[NETWORKWORLD.COM]

Open SourceDHS: Warns on Cyber Risks of Open Source. The Department of Homeland Security has suggested striking significant passages from a draft White House policy on open software out of concern that baring too much source code will increase the government’s vulnerability to hacking. Read the rest[FCW.COM]

NEW BROWSER: The Young Vivaldi Browser is Taking Its Cues from the Community. Vivaldi is a new browser, powered by libraries from more than 100 different open source projects, and growing in popularity. Here’s an interview with Ruarí Ødegaard, a QA engineer for Vivaldi, the company behind the browser, which was created by the former CEO and co-founder of Opera, Jon von Tetzchner. Read more[OPENSOURCE.COM]

Open SourceGOOGLE: Google Open Source Hybrid Cloud Gets New OpenStack Backup Driver. The Cinder driver, which allows Google Cloud Platform to be used as a backup target by OpenStack, is an important addition to the company’s hybrid cloud. Read more[INFOWORLD.COM]

Digital Government

Digital Government

INDUSTRY PERSPECTIVE: Creating a Viable Path to Becoming a Digital Government. An analog-digital hybrid approach can benefit government workforces that require mobility to do their jobs. As today’s citizens demand just-in-time and seamless access to government services, the central question of, “Why can’t government services be accessed and processed from an app?” is no longer an aspiration. It’s happening now. The challenge for public-sector leaders has now evolved and centers on how to quickly apply digital approaches to government – with the end game of enhancing the citizen experience. Read more[GOVTECH.COM]

Digital Government

FED TECH: When it Comes to Engagement With Citizens, the Government Is Finally Paying Attention. There is an old saying in retail marketing that “the customer is always right.” Unfortunately, over the past few decades it has been hard for the public sector to follow that adage. The acceleration of technological changes in how the private sector delivers goods and services has raised expectations among citizens that government agencies can do the same – or even find ways to do better. In order to meet these expectations, it has become clear that government agencies must adapt to a cultural shift. Read the rest[NEXTGOV.COM]

Digital Government

ENCRYPTION FIGHT: How Many Times Can The Government Cry Wolf? In two separate high-profile cases the government pushed hard to compel Apple to hack into iPhones – then gave up at the last minute. Some have speculated that the two cases are part of a larger plan. Find out more[FASTCOMPANY.COM]

MICROSOFT: Sues Over the Right to Inform Customers of U.S. Gov’t Spying. Microsoft is suing the U.S. government for the right to inform its customers when the authorities are searching their emails. The lawsuit pertains to the U.S. government accessing remote data in the cloud, stored on Microsoft’s servers. Read more[DIGITALTRENDS.COM]

For the CTO, CIO & CISO

For the CTO, CIO & CISOCIO: Why Change Initiatives Fail. Creating the right conditions for successful change requires putting people before things. Many companies want to change and transform (especially when facing digital disruption from competitors). Yet a majority of change efforts fail – one famous and oft-cited study pegged the rate of failure at 70%. Read more[CIO.COM]

CTO: Maker Movement at Center of HHS’ Innovative Strategy. Like the emergence of open health data movement, CTO Susannah Fox sees the maker and inventor movements as the future of innovation around health care at HHS. .Read more[FEDSCOOP.COM]

For the CTO, CIO & CISO

CISO: Survey Roundup: Feeling Better With a CISO. A survey of around 200 security analysts by ThreatTrack Security found, for those organizations that have a chief information security officer, 23% said it’s become easier to defend against malware-based cyberattacks in the past year versus 15% of respondents from companies without a CISO who said that. Ninety-four percent of those at a company with a CISO said they also have a dedicated incident response team, compared with 48% for those at a business without a CISO. And 71% at CISO companies said they would personally guarantee the safety of customer data in 2016, versus 42% of those at a non-CISO firm who would make that promise. Read more[BLOGS.WSJ.COM]

For the CTO, CIO & CISO

CIO: How to Conquer Recruiting, Retention and IT Skills Challenges. Experts in the technology industry look at the year ahead and what it holds for recruitment and retention. They also identify what tech skills will top the charts. Read the rest[CIO.COM]

CTO: ‘Corporate’ IT Teams Can Hamper Agile Projects, Warns William Hill CTO. “Corporate” IT teams who try to use agile within their organisations without notifying other departments are more likely to hamper “agile” as a concept, than those organisations that try to carry out too many agile projects, according to Finnbar Joy, chief technology officer at William Hill. Read more[COMPUTING.CO.UK]

For the CTO, CIO & CISOCISO: Obama Wants More Cybersecurity Funding and a Federal CISO. In the final budget of the Obama administration, the White House is looking to boost spending on security, hire more experts and partner with the private sector. Read more[CIO.COM]

GOVERNMENT CIO: Senate Passes Permanent Ban on Internet Access Taxes. The ban on taxes targeting Internet services now heads to Obama. The Permanent Internet Tax Freedom Act was included in a trade enforcement bill passed by senators in a 75-20 vote Thursday. The provision, passed by the House of Representatives last June, would permanently extend a 18-year moratorium on Internet-targeted taxes that expired in October. Congress had extended the moratorium several times since 1998, but supporters weren’t able to pass a permanent ban until now. Read more[CIO.COM]

Incident Response

Incident ResponseFEDERAL GOVERNMENT CONTRACTING: Feds Prep for Cybersecurity Buying Spree. The U.S. government’s objectives for improving cybersecurity are taking shape in updated contracting procedures, contracts and projected increases in spending. Several recent developments have underscored the federal commitment to bolstering the protection of IT resources. On the contracting front, the General Services Administration has asked vendors to respond by Wednesday to a research survey on what it should do to expedite federal acquisition of cybersecurity products and services. Read more[ECOMMERCETIMES.COM]

DATA PRIVACY BREACH: Organizing a Data Breach Incident-Response Team. This three-part series focuses on how to 1) prepare to handle a data breach, 2) organize an incident-response team, 3) prepare for a government investigation and 4) balance law enforcement requests with insurance policies requiring breach disclosure. Read the rest[INSIDECOUNSEL.COM]

Incident ResponseSECURITY: Incident Response Teams Dealing with 3 to 4 Ransomware Incidents Weekly. In the first quarter of 2016, incident response teams from Stroz Friedberg addressed 3 to 4 Ransomware incidents per week. The Ransomware cases they’re seeing are mostly Locky and TeslaCrypt. Read more[CSOONLINE.COM]

RISK & COMPLIANCE: How to Tailor Your Incident Response to the Value of Your Data. Organizations need to map their incident response plans against the value and associated risk of different types of data. Each organization typically has a ‘hierarchy’ of data. A fundamental part of effective security and crisis management is understanding the relative risk that is associated with the loss or theft of different types of data. Read more[INFORMATION-AGE.COM]

Programming & Scripting Development Client & Server-Side

Programming & Scripting Development Client & Server-Side

HTML5: HTML5.1 Begins to Take Shape on GitHub. The next generation of the Web standard is using a GitHub repo for feedback and suggestions. Early drafts the HTML5 spec began to surface back in 2008, but it wasn’t until 2014 that HTML5 was considered an endorsed, official standard. Consequently, the W3C wants to make incremental updates “a reality that is relatively straightforward to implement,” in order to avoid the years-long lag that hobbled the spec’s last revision. Read the rest[INFOWORLD.COM]

Programming & Scripting Development Client & Server-Side

JAVA: Broken IBM Java Patch Prompts Another Disclosure. For the second time in two weeks, researchers have discovered a three-year-old broken patch for a vulnerability in IBM’s Java SDK implementation. The flaw allows for an attacker to execute code outside the Java sandbox, and still affects current versions of IBM SDK, 7 and 8, released in January. Read more[THREATPOST.COM]

PROGRAMMING: Software Bugs? Avoid These 10 Costly Programming Mistakes. Here’s one reason programs break: Programmers get sloppy, and don’t always use the best tools or follow best practices. Don’t be that programmer. Read more[ZDNET.COM]

Programming & Scripting Development Client & Server-Side

JAVASCRIPT: Microsoft Previews New JavaScript Language Service, Salsa. Microsoft is introducing a new JavaScript language service in Visual Studio 15. The service, codenamed Salsa, is designed to improve the existing JavaScript language and provide enhancements to JSX support, module support, and ES6/ES7 syntax coverage. Read more[SDTIMES.COM]

Cloud Computing

Cloud Computing

CLOUD SECURITY SURVEY: Cloud Stampede Is On, But Who’s Watching Security? A survey by Intel and the Cloud Security Alliance finds that the use of cloud services is increasing, but more in-depth security measures are needed. The growing number of cloud services being used here and in Europe reflects a fundamental trend: Enterprise IT managers still don’t fully trust the cloud, but they trust it more than they used to. Asked if their organization trusts the cloud more now than it did a year ago, 3% said no, 20% said they didn’t know, and 77% said yes. Read more[INFORMATIONWEEK.COM]

GOOGLE: Apologizes for Cloud Service Turbulence. The search giant’s cloud computing service briefly went offline last week, which led to Google apologizing for the hiccup, promising to refund customers for the problem. Read the rest[FORTUNE.COM]

Cloud Computing

PRIVACY: Shortened URLs Present Huge Privacy Problem for Cloud Services. A new research paper has identified flaws in automatic URL shortening, such as bit.ly, which expose the private data of cloud services users. In the study, titled “Gone in Six Characters: Short URLs Considered Harmful for Cloud Services,” the team, led by Martin Georgiev and Vitaly Shmatikov, outlined that for many services it was very easy to identify the full URL through trial and error, and uncover private information from cloud storage files and mapping requests. Read more[THESTACK.COM]

CIOs: Microsoft Azure to Outpace Amazon Web Services as Cloud Market Soars. Amazon is currently the biggest cloud service vendor with revenue of nearly $8 billion, but many expect Microsoft Azure to outpace its rival as demand for cloud service soars. Read more[NEARSHOREAMERICAS.COM]

Business Intelligence

Business Intelligence3RD PLATFORM: How Will It Impact State, Local Governments in 2016? (Industry Perspective). The innovative powerhouse of cloud computing, mobile, big data and social media has been deemed by IDC as the “3rd Platform.” Here’s a look at each component and the potential it brings for public sector. Read more[GOVTECH.COM]

CALIFORNIA: New Digital Innovation Office Aims to Create Apps for Residents. The Golden State also wants to collaborate with other states using open source data and technologies. Read more[STATETECHMAGAZINE.COM]

Business IntelligenceCIO: Cybersecurity Startups Face Tougher Path to IPO. The security industry’s largest annual conference, which started Monday in San Francisco, is held just two blocks from the former sand dunes where Gold Rush-era prospectors encamped in an area known as Happy Valley. The mood at the RSA Conference this year may not be quite as happy as it was in the recent past, as security startups find it more difficult to realize ambitions for an IPO. Read more[BLOGS.WSJ.COM]

WINDOWS 10: Security Boost Targets Business PCs. Microsoft launches a new Windows 10 security feature designed to give IT leaders more insight into recognizing and addressing cyber-attacks. Read more[INFORMATIONWEEK.COM]

Federal Government

Federal GovernmentBYOD: NIST Updates BYOD Guidance for Teleworking Feds. Most agencies have some kind of bring-your-own-device policy, ranging from prohibition to qualified acceptance. However, when federal employees are teleworking, some BYOD creep can’t be helped – even if an employee is using a government laptop, they’re connecting over their personal WiFi. At the same time, instances of malware tend to spike during holidays, snowstorms and any other time people are spending more time than usual at home. To help agencies cope, the National Institute of Standards and Technology recently updated its telework BYOD guidance. Read more[FEDERALTIMES.COM]

IT SECURITY: Federal Government Focuses on Increasing IT Security Spend. Network defenses tops the list of technologies the U.S. government plans to increase its spending on in the next 12 months, following by analysis and correlation tools, according to security vendor Vormetric’s 2016 Federal Data Threat Report. Read more [EWEEK.COM]

Federal Government

CLOUD: eSignLive Added to FedRAMP-compliant Cloud Offering. The digital signature offering has long been in use at the Joint Chiefs of Staff and GSA, among other agencies. Federal agencies looking to use digital signatures in a secure cloud environment now have an option: eSignLive has partnered with a FedRAMP compliant provider in order to bring its software to the government. Read more[FEDSCOOP.COM]

Federal Government

SECURITY: The Changes That Could Be Coming to Federal Cybersecurity R&D. Officials from the Department of Homeland Security (DHS) have defended the government’s Einstein cybersecurity system as well as the Obama Administration’s request for $19 billion in cybersecurity funding for fiscal 2017, a 35 percent increase from last fiscal year’s $14 billion. But as cybersecurity research and development (R&D) for federal agencies is being plotted into the next decade, current and former government officials argue that the administration needs to rethink those R&D efforts. The federal government must try and resolve the tension between security and convenience of IT systems. Read more[FEDTECHMAGAZINE.COM]

IT - State & Local Governments

IT - State & Local Governments

CALIFORNIA: Step-by-Step Solution for Its New Child Welfare System. California is dabbling with innovative ways of procuring technology for its new Child Welfare System, transitioning from waterfall procurement to an agile and iterative acquisition that aims to revamp the mammoth system’s services one at a time. Read more[GCN.COM]

LOCAL GOVERNMENT DATA: 4 Guidelines for Governments to Ease the Cost and IT Burden of Housing Data. Connected, always on and fully transparent – consumer tech trends are hitting state and local governments hard. Many are moving straight from paper files and other analog solutions to complex technologies and the systems required to support them. Data demands are pushing IT limits in cities, so what can these local governments do to support this deluge of data? Read more[GOVTECH.COM]

IT - State & Local GovernmentsNEW YORK CITY: What to Expect From the NYC Tech Scene in 2016. Yeah, it ain’t Silicon Valley. But why does it have to be? Read more[INC.COM]

LOCAL GOVT: Security, Strategic Planning Top Local Government IT Execs’ 2016 Priorities. The Public Technology Institute released its annual poll of local government executives’ key concerns for the year ahead. Read more[STATETECHMAGAZINE.COM]

IT Security | Cybersecurity

IT Security | Cybersecurity

FIREFOX: NoScript and Other Popular Firefox Add-ons Open Millions to New Attack. Unlike many browsers, Firefox doesn’t always isolate an add-on’s functions. NoScript, Firebug, and other popular Firefox add-on extensions are opening millions of end users to a new type of attack that can surreptitiously execute malicious code and steal sensitive data, a team of researchers reported. Read more[ARSTECHNICA.COM]

WORKFORCE: Agencies Struggling to Share Talent Across Government. Federal hiring managers are happier with the quality of candidates coming through their doors, but agencies are finding it difficult to share that workforce talent with each other. In the latest progress report for the cross-agency priority goal of developing the federal workforce to its full potential, three-quarters of the milestones related to multi-agency workforce pilot programs are at risk. Read more[FEDERALNEWSRADIO.COM]

IT Security | CybersecurityFDA: Cybersecurity Researcher: Recent Device Vulnerabilities Should Be a Wake-Up Call for FDA. A prominent cybersecurity researcher says the US Food and Drug Administration (FDA) needs to “buckle down” and regulate medical device cybersecurity more firmly. The warning comes as last week, the US Department of Homeland Security (DHS) issued an advisory warning of more than 1,400 cybersecurity vulnerabilities affecting certain versions of an automated supply cabinet used in hospitals and other health facilities to dispense drugs. Read more[RAPS.ORG]

IoT: UL Takes on Cybersecurity Testing and Certification. Underwriters Laboratories (UL) has announced a new Cybersecurity Assurance Program (CAP) that uses a new set of standards to test network-connected products for software vulnerabilities. Read more[COMPUTERWORLD.COM]

IT Security | Cybersecurity

ENCRYPTION: Forget Apple vs. the FBI: WhatsApp Just Switched on Encryption for a Billion People. WhatsApp is an online messaging service now owned by tech giant Facebook, that has grown into one of the world’s most important applications. More than a billion people trade messages, make phone calls, send photos, and swap videos using the service. This means that only Facebook itself runs a larger self-contained communications network. The enigmatic founders of WhatsApp, Brian Acton and Jan Koum, together with a high-minded coder and cryptographer who goes by the pseudonym Moxie Marlinspike, revealed that the company has added end-to-end encryption to every form of communication on its service. Read the rest[WIRED.COM]

IT Security | CybersecurityNIST: 43% of IT, Security Pros using the NIST Cybersecurity Framework. 84 percent of U.S.-based IT and security professionals said they use a security framework to guide their processes for protecting critical assets and systems, and 44 percent said they use more than one framework, according to a new report. Read more[FIERCEGOVERNMENTIT.COM]

CYBER SOFT SPOTS: The Soft Spots in IT Security? People and Old Tech. The $3.1 billion IT modernization plan in President Barack Obama’s proposed fiscal 2017 budget, according to federal CIO Tony Scott, is key to closing a big federal security hole — aging technology. Read more[FCW.COM]

IT Security | CybersecurityDATA CENTER: Hyperconverged Infrastructure Requires Policy-based Security. When adopting HCI, enterprises must look at security through the lens of the application versus the network. Read more[NETWORKWORLD.COM]

REPORT: Ransomware Feeds Off Poor Endpoint Security. Poor endpoint security practices are only helping to propel the great ransomware epidemic of 2016 – and if allowed to fester, this threat will spread to new vulnerable endpoints including IoT devices, cars and ICS and SCADA systems, according to a new report from the Institute for Critical Infrastructure Technology (ICIT). Read more[SCMAGAZINE.COM]

IT Security | CybersecurityRISK ASSESSMENT: Billion Dollar Bangladesh Hack: SWIFT Software Hacked, No Firewalls, $10 Switches. The Bangladesh central bank had no firewall and was using a second-hand $10 network when it was hacked earlier this year. Investigation by British defense contractor BAE Systems has also shown that the SWIFT software used to make payments was compromised, enabling the hackers to send money around the world without leaving any trace in Bangladesh. Read more[ARSTECHNICA.COM]

SECURITY SPENDING: Why Most IT Security Suffers From Unbalanced Spending. Security costs money. Risks are proliferating. More security will be needed, which means more money will be spent. For these reasons, odds are that security, and security spending, are on your mind whether you are in the IT trenches or part of the C-suite. Gartner predicts security spending will reach $101 billion by 2018 and MarketsandMarkets forsees spending approaching $170 billion by 2020. Read the rest[FORBES.COM]

IT Security | Cybersecurity

NETWORK SECURITY: Government Agencies Not Doing Enough To Protect IT Systems. NASA and the U.S. Department of State were among the federal agencies that received low marks on IT security, according to a recent report card issued by the New York-based firm Security Scorecard. Also receiving low grades were the states of Connecticut, Pennsylvania and Washington. Find out more[CIO-TODAY.COM]

IT Security | Cybersecurity

CALL BLUE MOUNTAIN FOR IT SECURITY SUPPORT: Blue Mountain Data Systems is actively involved in implementing FISMA and NIST standards with Federal Civilian Agencies. Due to our extensive experience in this area, Blue Mountain has developed processes and organizational techniques to help ensure security deliverables are completed on time, and performed in the most efficient manner possible. We ensure that NIST-800-53 control requirements are treated consistently during definition, analysis, implementation, auditing, and reporting phases of a system. Find out more about Blue Mountain Data Systems IT Security Support Services. Call us at 703-502-3416.

From the Blue Mountain Data Systems Blog

Three-Dimensional Governance for the CIOhttps://www.bluemt.com/three-dimensional-governance-for-the-cio

7 Reasons to Take Control of IT Incidentshttps://www.bluemt.com/7-reasons-to-take-control-of-it-incidents/

Breach Mitigation Response Time Too Long, Survey Sayshttps://www.bluemt.com/breach-mitigation-response-time-too-long-survey-says/

Six Tactics for Cyberdefensehttps://www.bluemt.com/six-tactics-for-cyberdefense/

From the Blue Mountain Data Systems Blog

Feds Report Mixed Responses to Shared Serviceshttps://www.bluemt.com/feds-report-mixed-responses-to-shared-services

Federal Employees Are Not Security Expertshttps://www.bluemt.com/federal-employees-are-not-security-experts

Survival Guide for Network Administratorshttps://www.bluemt.com/survival-guide-for-network-administrators

DBaaS: OpenStack Trove Changes DB Managementhttps://www.bluemt.com/dbaas-openstack-trove-changes-db-management

From the Blue Mountain Data Systems Blog

Help Wanted: Certified Cybersecurity Professionalshttps://www.bluemt.com/help-wanted-certified-cybersecurity-professionals

Cyber Threat Intelligence Integration Center Previewhttps://www.bluemt.com/cyber-threat-intelligence-integration-center-preview/

Cloud Moves in 1-2-3https://www.bluemt.com/cloud-moves-in-1-2-3/

Change Management for Disaster Recoveryhttps://www.bluemt.com/change-management-for-disaster-recovery/

From the Blue Mountain Data Systems Blog

Jeffersonian Advice For C-Suite Career Advancementhttps://www.bluemt.com/jeffersonian-advice-for-c-suite-career-advancement/

Ways To Survive The “Mobile-Pocalypse”https://www.bluemt.com/ways-to-survive-the-mobile-pocalypse/

Microsoft Cloud Services Receive FedRAMP Authority to Operatehttps://www.bluemt.com/microsoft-cloud-services-receive-fedramp-authority-to-operate/

Hiring Pentesters? Here Are 10 Things You Need to Knowhttps://www.bluemt.com/hiring-pentesters-here-are-10-things-you-need-to-know/

From the Blue Mountain Data Systems Blog

Home Router Malware Alerthttps://www.bluemt.com/home-router-malware-alert/

Threat Model Deconstructionhttps://www.bluemt.com/threat-model-deconstruction/

Business Email Scam Nets $214 Millionhttps://www.bluemt.com/business-email-scam-nets-214-million/

How to Prevent Unauthorized Software from Taking Over Your Organizationhttps://www.bluemt.com/the-cios-guide-to-happy-end-users-2/

From the Blue Mountain Data Systems Blog

Digital Marketing Predictions for 2015https://www.bluemt.com/digital-marketing-predictions-for-2015/

SDN: Network Administrator’s Friend or Foe?https://www.bluemt.com/sdn-network-administrators-friend-or-foe/

Mobile Payments: A Must for Federal Agencieshttps://www.bluemt.com/mobile-payments-a-must-for-federal-agencies/

Soft Skills Are A Must-Have For Careers In IThttps://www.bluemt.com/soft-skills-are-a-must-have-for-careers-in-it/

From the Blue Mountain Data Systems Blog

Security Risks Most Prevalent in Younger Workershttps://www.bluemt.com/security-risks-most-prevalent-in-younger-workers/

The Security World’s Maturationhttps://www.bluemt.com/the-security-worlds-maturation/

Data Breach Concerns Keep CISOs Up At Nighthttps://www.bluemt.com/data-breach-concerns-keep-cisos-up-at-night/

Personalized Govt Equals Instant Gratification for Citizenshttps://www.bluemt.com/personalized-govt-equals-instant-gratification-for-citizens/

From the Blue Mountain Data Systems Blog

People-Centric Securityhttps://www.bluemt.com/people-centric-security/

Pentagon Tries BYOD To Strike Work/Life Balancehttps://www.bluemt.com/pentagon-tries-byod-to-strike-worklife-balance/

Open Source Model Considered for MS Windowshttps://www.bluemt.com/open-source-model-considered-for-ms-windows/

Open Internet: To Be or Not to Be?https://www.bluemt.com/open-internet-to-be-or-not-to-be/

From the Blue Mountain Data Systems BlogMalware Stays A Step Ahead Infecting One Third of Websiteshttps://www.bluemt.com/malware-stays-a-step-ahead-infecting-one-third-of-websites/

Machine-Generated Data: Potential Goldmine for the CIOhttps://www.bluemt.com/machine-generated-data-potential-goldmine-for-the-cio/

Government Legacy Programs: Reuse vs. Replacementhttps://www.bluemt.com/government-legacy-programs-reuse-vs-replacement/

It Takes a Whole Village to Protect Networks and Systemshttps://www.bluemt.com/it-takes-a-whole-village-to-protect-networks-and-systems/

From the Blue Mountain Data Systems Blog

Governance For the CIOhttps://www.bluemt.com/governance-for-the-cio/

Help Desk Consolidation – Lessons Learnedhttps://www.bluemt.com/help-desk-consolidation-lessons-learned/

One Year Later, Companies Still Vulnerable to Heartbleedhttps://www.bluemt.com/one-year-later-companies-still-vulnerable-to-heartbleed/

Federal Projects Cultivate Worker Passionhttps://www.bluemt.com/federal-projects-cultivate-worker-passion-2/

ABOUT US

Blue Mountain Data Systems Inc.

Blue Mountain Data Systems Inc. is dedicated to application and systems development, electronic document management, IT security support, and the automation of workflow processes.

Read more about our experience here:>> http://bluemt.com/experience

Recent Experience

U.S. Dept. of Labor Employee Benefits Security Administration

1994 to Present

Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support.

MANAGEMENT

Paul T. Vesely Founder, President, CEO and Principal Architect

Mr. Vesely is a recognized thought leader in systems architecture and delivery, having designed and delivered many enterprise wide information and document management solutions. Mr. Vesely’s history includes 33 years experience in the information systems industry, with Unisys, Grumman, PRC and a host of clients in both government and private sectors.

CONTACT US

Contact Us Today to Discuss Your Next IT Project

HEADQUARTERS366 Victory DriveHerndon, VA 20170

PHONE 703-502-3416

FAX 703-745-9110

EMAILpaul@bluemt.com

WEBhttps://www.bluemt.com