Blue Mountain Data Systems Tech Update SummaryFebruary 2017

For CTOs, CIOs & CISOs

Visit Blue Mountain Data Systems https://www.bluemt.com

For CTOs, CIOs & CISOs

Every business day, we publish a Daily Tech Update for Federal & State CTOs ,CIOs & CISOs on the

Blue Mountain Data Systems Blog. We hope you will visit our blog for the latest information.

You can also receive these updates via email. Click here to subscribe.

Here’s the summary of the Daily Tech Updates for February 2017. Hope the information and ideas prove

useful.

Best,Paul VeselyPresident and Principal ArchitectBlue Mountain Data Systems Inc.

Encryption

Encyption

GOOGLE: Ventures Into Public Key Encryption. Google's Key Transparency project offers a model of a public lookup service for encryption keys. Google announced an early prototype of Key Transparency, its latest open source effort to ensure simpler, safer, and secure communications for everyone. The project’s goal is to make it easier for applications services to share and discover public keys for users, but it will be a while before it's ready for prime time. Read more[INFOWORLD.COM]

SECURITY: The Year Encryption Won. Between the revelations of mega-hacks of Yahoo and others, Russia’s meddling in the US electoral system, and the recent spike in ransomware, it’s easy to look at 2016 as a bleak year for security. It wasn’t all so, though. In fact, the last 12 months have seen significant strides in one of the most important aspects of personal security of all: encryption. Read more[WIRED.COM]

Encyption

FED GOVT DOMAINS: Domain Encryption Deadline? Nah, Say 345 Government Sites. More than a third of government websites failed to meet the end-of-year deadline to set up secure domains, according to a report on Government Technology (GT). All existing federal websites were mandated – under a June 2015 memo from Tony Scott, the U.S. chief information officer – to switch over to HTTPS by Dec. 31, 2016. Read more[SCMAGAZINES.COM]

Encyption

WHATSAPP SECURITY FLAW: Researcher Claims Bug Allows Snooping on Encrypted Messages, but Tech Firm Denies It's a 'Backdoor'. Facebook-owned WhatsApp encrypts messages that its 1 billion users send to one another, but a UC Berkeley cryptography and security researcher claims the app has a bug that can be exploited to read these messages. Read the rest[SILICONBEAT.COM]

Federal, State & Local IT

Federal, State & Local ITREPORT: Cloud Enters Mainstream in Federal IT Investment Plans. United States government agencies will continue to invest hefty sums in cloud computing technology over the next five years. After that period, spending on cloud is likely to moderate, but the amount of investing will remain at impressive levels. Find out more[ECOMMERCETIMES.COM]

READ: Debt Myths, Debunked. Sometime in early December, the federal government’s official debt will likely cross the $20 trillion mark – an amount no country has ever owed. As we approach this milestone, there are a few myths regarding the debt that should be debunked. Find out more[USNEWS.COM]

Federal, State & Local IT

CHIEF INNOVATION OFFICERS: An Unclear Role in the Federal Government. Federal obsession with innovation is rampant. The government appears intent upon emulating a Silicon Valley-style startup culture that can keep up with the evolution of commercial technology – or at least shake up how agencies approach problems. Its efforts include the Presidential Innovation Fellows program, a one-year tour of duty lawmakers are attempting to make permanent; the digital consultancy 18F, which aims to help other agencies buy agile software development; and a rash of incubator-style hubs where employees can build out their own ideas. Find out more[NEXTGOV.COM]

Federal, State & Local ITCOLLEGES: Federal Government Shuts Down Controversial College Watchdog. An organization that was supposed to oversee the embattled for-profit college industry and protect students from fraud lost its recognition Monday, potentially putting hundreds of thousands of students in limbo. The Secretary of Education ruled Monday to terminate his agency’s recognition of the Accrediting Council for Independent Colleges and Schools (ACICS), which critics say allowed billions of dollars in federal financial aid funds to flow to bad actors. Find out more[MARKETWATCH.COM]

Databases

Databases

CLOUD: How Google Spanner’s Easing Our Distributed SQL Database Woes. Google has had to put some significant engineering into Spanner, including a huge amount of resiliency improvements to their own network. Spanner uses atomic clocks and GPS to deliver something called TrueTime, Google’s single “point of truth” on time, which acts as the equivalent of the Sysplex Timer. Find out more[THEREGISTER.CO.UK]

BUSINESS ANALYTICS: Big Data and the Risks of Using NoSQL Databases. Using big data to extract value from your data is one thing. However, using NoSQL can increase your technical debt and put your enterprise at risk of data integrity and the lack of resilience. Find out more[CIO.COM]

DatabasesGRAPH DATABASES: Five Mistakes to Avoid for Scalable Performance. The limitations of the relational database management system (RDBMS) model create an opportunity for disruptive approaches like graph data management tools, which are naturally adapted to support business processes related to connectivity. These tools provide an elegant framework for creating, storing, and analyzing data that represents different types of networks. As interest in exploiting graph analytics increases, organizations with business challenges consuming massive amounts of data may find that general-purpose graph analytics tools will not properly scale to meet the performance needs in analyzing gargantuan graphs. Here are five mistakes to avoid when choosing a graph data analytics solution. Find out more[DATA-INFORMED.COM]

DatabasesOPEN DATABASES: A Juicy Extortion Target. Recent attacks against insecure MongoDB, Hadoop and CouchDB installations represent a new phase in online extortion, born from ransomware’s roots with the promise of becoming a nemesis for years to come. Find out more[THREATPOST.COM]

More About Blue Mountain

BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S. Dept. of Labor, Employee Benefits Security Administration. Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support. Read more.

Electronic Document Management

Electronic Document ManagementSECURE DOCUMENTS: 18 Ways to Secure Your Electronic Documents. Electronic Document Management Systems (EDMS) are electronic repositories designed to provide organized, readily retrievable, collections of information for the life cycle of the documents. How can you keep these electronic files secure during the entire chain of custody? Here are 18 security suggestions. Read more[BLUEMT.COM]

LEGAL DEPT DOCUMENT MANAGEMENT: Investing in New Technologies: How Corporate Legal Departments Are Leading the Way. Many departments are looking to technology to assist with automation of processes, resource and budgetary management, and tracking. Connie Brenton, co-founder of Corporate Legal Operations Consortium (CLOC), a non-profit association of legal operations executives, explains, “Corporate executives expect the GC’s office to be a business counselor to the firm, and to discuss numbers, data and analytics. Efficiency is now essential for legal departments, and this has advanced software’s role and accelerated technology adoption.” Find out more[INSIDECOUNSEL.COM]

Electronic Document Management

CFPB: Looks to Embrace Cloud for Email, Office Application Needs. The Consumer Financial Protection Bureau wants to move to a public cloud setup for some of its core enterprise apps. The financial watchdog agency recently sent out a Request for Information (RFI) on the process, technical requirements and costs of moving to cloud services in fiscal year 2017. CFPB wants to establish a more complete understanding on the costs associated with moving fully to a cloud solution for email and office applications (e.g., documents, spreadsheets, presentations, SharePoint and more).Read the rest[FEDTECHMAGAZINE.COM]

Electronic Document Management

ROI: 4 Ways Business Document Management Software Can Save You Money. Lisa Croft, Group Product Marketing Manager at Adobe Document Cloud, talks about the many ways business document management can save your company time, space, and more importantly, loads of money. Here are the four most obvious ways these tools provide excellent return-on-investment. Read more[PCMAG.COM]

Security Patches

Security Patches

MICROSOFT: Issues Critical Security Patches, but Leaves Zero-Day Flaws at Risk. Windows users will have to wait another three weeks to patch two serious vulnerabilities with exploit code when Microsoft’s regular patching schedule resumes. Find out more[ZDNET.COM]

LINUX: Impact of New Linux Kernel DCCP Vulnerability Limited. Linux providers are busy developing and pushing out patches for a vulnerability in an obscure networking protocol that could allow a local attacker to crash the kernel and elevate privileges. Find out more[THREATPOST.COM]

Security PatchesADOBE: 13 Adobe Security Bugs You Need to Patch Now! Adobe patched 13 high severity vulnerabilities yesterday as part of its monthly Patch/Update Tuesday cycle. All of the flaws can lead to remote code execution due to buffer overflows and memory corruption vulnerabilities in Flash. Find out more[KOMANDO.COM]

BROWSERS: Firefox 51 Improves Security Notifications for Insecure Forms. Mozilla released its first new browser milestone of 2017 on Jan. 24, with the debut of Firefox 51. The new open-source browser release includes enhanced capabilities that will further enable online gaming, as well as security enhancements and patches for 24 different security vulnerabilities. Find out more[EWEEK.COM]

CIO, CTO & CISO

For the CIO, CTO & CISO

CTO: Retaining and Sustaining Tech Talent Post-Trump. Organizations dedicated to civic technology that formed under President Barack Obama, such as 18F or the U.S. Digital Service, have been magnets for tech talent. With the uncertainty surrounding the policies of the incoming Trump administration, however, it is far from clear whether the federal government’s digital professionals will leave, stay or shift to working in state or local government. Read more[GCN.COM]

CIO: More Than 300 Federal Gov Websites Fail to Meet Domain Encryption Deadline. The U.S. Chief Information Officer's push to encrypt all federal government domains will take a little longer. Find out more[GOVTECH.COM]

CIO, CTO & CISOCISO: Why the Federal CISO Can't Sleep. The new federal chief information security officer says he's off to a good start, but much work remains. "We're not anywhere close to where I feel comfortable," said Greg Touhill, the retired Air Force general tapped by President Barack Obama to lead federal civilian agency cybersecurity. "I don't sleep well at night because I know there's a lot of opportunities out there.“ Find out more[FCW.COM]

STATE: Ohio Lays Out Plans for Data Analytics. On the cusp of an RFP release intended to shake up traditional procurement methods, the state of Ohio is outlining specific problems it intends to tackle across all of its agencies and departments. Read the rest[GOVTECH.COM]

Penetration Testing

Penetration Testing

THREATS: Hacking The Penetration Test. It’s not a good sign when an organization undergoing a penetration test can’t detect the operation probing and infiltrating its systems and network. In a new report by Rapid7 that pulls back the covers on penetration test engagements the company has executed, two thirds of these engagements weren’t discovered at all by the organization being tested. That’s especially concerning because pen tests tend to be short-term, rapid-fire – and sometimes loud – operations, unlike the low-and-slow attacks by seasoned cyberattackers. Find out more[DARKREADING.COM]

Penetration Testing

HOW TO: Use Zarp for Penetration Testing. Network or systems administrators must conduct pen testing to discover any possible security weaknesses. Find out why Zarp is a very powerful pen-testing tool to have at your disposal. Find out more[TECHREPUBLIC.COM]

WHY: Penetration Testing is a Vital Part of Any Effective Security Strategy. Cyber security strategies that focus solely on prevention will no longer cut it in the era of daily, continually changing attacks on infrastructure. Find out more[INFORMATION-AGE.COM]

Penetration Testing

CIA: New CIA Director Inherits an Agency that is Quickly Developing Cyber Capabilities. Pompeo, formerly a House member from Kansas, steps into Langley with the benefit of a DDI that has been working for more than a year to broadly modernize the premier U.S. intelligence agency – an effort that includes the adoption of cloud data-storage technologies and secure dev-ops coding projects, as well as “digital collaboration environments and mobility through wireless.” Find out more[FEDSCOOP.COM]

Open Source

Open SourceFEDERAL GOVERNMENT: Code.gov is the US Government’s Open-Source Software Hub. Back in August, the Obama Administration announced a new policy that requires 20 percent of the federal government’s software projects be open source. To make all of that material easily accessible, there’s now a place for you to view all of the code. Code.gov is the web-based hub for the initiative and it features around 50 projects from 10 different agencies. Those projects include the White House Facebook chat bot, Data.gov and the “We the People” petitions API. Read more[ENGADGET.COM]

Open Source

VIDEO: Technical Writing as Public Service: Working on Open Source in Government. What if U.S. federal agencies decided to reuse and contribute to open source software projects built by other agencies, since agencies often have similar technology problems to solve? And what if they hired technical writers with open source community experience to write documentation for these projects? Britta Gustafson explains surprising and rewarding aspects of working on documentation in government, through the lens of the cross-agency eRegulations project. Find out more[YOUTUBE.COM]

Open Source

TOOLS: 10 Open Source Tools for Your Sysadmin Toolbox. Here’s a handy list of open source tools for admins, highlighting well-known – and not-so-well-known – tools that have released new versions in 2016. Find out more[OPENSOURCE.COM]

OPINION: Open Source Has Won, and Microsoft Has Surrendered. Many Linux users are ticked off and anxious about Microsoft joining the Linux Foundation. They are missing the real significance of that move. Read the rest[COMPUTERWORLD.COM]

Business Intelligence

Business Intelligence

AMAZON: AWS Launches Enterprise Tier of its QuickSight Business Intelligence Tool. Public cloud infrastructure provider Amazon Web Services (AWS) today announced the availability of an enterprise tier of its Amazon QuickSight cloud software for business intelligence (BI). AWS launched QuickSight out of preview last month after introducing it a year ago. The new Enterprise Edition stands out from the Standard Edition in a few important ways. First, organizations can connect it with Microsoft’s Active Directory identity management software, whether it’s running on AWS or in an on-premises data center.. Find out more[VENTUREBEAT.COM]

Business IntelligenceLEADERSHIP: In Business Intelligence, Sound Governance Drives Adoption And Success Via Enablement. How are best-of-breed BI programs able to balance self-service against the need for data governance? In Forbes' October 2016 report "Breakthrough Business Intelligence," those companies achieving the greatest value from their BI programs were doing so through a nuanced and sophisticated blend of governance and distributed BI. Find out more[FORBES.COM]

CHANGE MANAGEMENT: Health Care Leaders About Their Industry, and They’re Worried. However the Trump administration and the Republican U.S. Congress replace or revamp the Affordable Care Act, it is unlikely to halt America’s ongoing move from the rightfully maligned fee-for-service payment system to one that pays for "value" - the quality of outcomes relative to the price. Despite the progress that’s been made, there is still a long way to go. What new investments will be required? What legacy costs will be incurred as providers strive to optimize their business processes to deliver comprehensive value-based health care? How will leadership teams and boards of directors orchestrate the strategic transformations of their currently successful businesses? Find out more [HBR.ORG]

Business Intelligence

READ: 12 Ways to Empower Government Users With the Microsoft Business Intelligence (MBI) Stack. Are your organization’s Federal IT resources under constant pressure, with no end in sight? Your agency is not alone. With limited access to dedicated information technology resources, non-technical end users often play the waiting game, relying on IT staff to do simple tasks like generating custom queries and embedding them within applications. Here are ways to empower your end users with the Microsoft Business Intelligence (MBI) Stack. Find out more[BLUEMT.COM]

Operating Systems

Operating Systems

MICROSOFT: Delays February’s Batch of Security Updates. Microsoft’s Patch Tuesday came and went this week without any patches. The Redmond company’s monthly batch of security updates for its range of software, scheduled for release Tuesday, has been delayed until March, the company said, citing an unspecified “last minute issue that could impact some customers.” Find out more[CIO-TODAY.COM]

FEDERAL GOVERNMENT: Skeletal Government Needs Meat on Its Bones. The government, despite decades of information technology spending, still operates like a 19th century machine. Anyone coming into authority over and hoping for results from such a complex and delicately calibrated system needs to know what happens between idea and execution. Find out more[FEDERALNEWSRADIO.COM]

Operating Systems

GAO: Federal Government Must Strengthen US Cybersecurity Capabilities, According to GAO. The U.S. Government Accountability Office (GAO) recently released a report stating that the federal government needs to strengthen its capabilities regarding cybersecurity and protecting the privacy of personally-identifiable information. Find out more[HOMELANDPREPNEWS.COM]

HOW TO: Protect Your Online Privacy in the Trump Era. Despite being a heavy user of Twitter, president Trump is not supporter of the open internet or net neutrality. In 2014, he criticized the FCC for ruling in favor of net neutrality and tweeted, “Obama’s attack on the Internet is another top down power grab. Net neutrality is the Fairness Doctrine. Will target conservative media.” Find out more[CIO.COM]

Incident Response

Incident ResponseOPINION: Thoughts on Incident Response Automation and Orchestration. Projects are well underway and evolving, while commercial IR tools continue to gain momentum. Find out more[NETWORKWORLD.COM]

DATA SECURITY: U.S. Promotes Risk-Based Data Breach Response Model. The exiting Obama administration has embraced a risk-based approach to data breach preparation and mitigation for federal agencies in an Office of Management and Budget memorandum, cybersecurity professionals told Bloomberg BNA. Find out more[BNA.COM]

Incident ResponseNIST: Updates Cybersecurity Framework, Seeks Comment. The National Institute of Standards and Technology (NIST) issued a draft update on Tuesday to its Framework for Improving Critical Infrastructure Cybersecurity, aka the Cybersecurity Framework, aimed at forging stronger cybersecurity measures. To assist organizations in reducing cybersecurity risk, NIST, a branch of the U.S. Department of Commerce which provides measurement standards, offered up a new draft to evolve its voluntary guidance on "managing cyber supply chain risks, clarifying key terms, and introducing measurement methods for cybersecurity.“ Find out more[SCMAGAZINE.COM]

Incident Response

NEW YORK: Cuomo Makes Cybersecurity Proposals. Gov. Andrew Cuomo on Friday unveiled a package of proposals meant to protect citizens as well as government entities from the growing threat of cybercrime and the related peril of identity theft - including the creation of a new "Cyber Incident Response Team" to support state and local government bodies, critical infrastructure and schools. Find out more[TIMESUNION.COM]

Incident Response

NEWS: Positioning Security Intelligence in Front of Incident Response. With recent announcement of IBM’s $200 million commitment to expanding its security leadership position in the incident response (IR) market, IBM is working to help clients address the challenges in adopting a more proactive approach to IR. As part of the initiative, IBM established a new global incident response team. The mandate for IBM X-Force Incident Response and Intelligence Services (IRIS) is to deliver the next evolution in incident response management. Read more[SECURITYINTELLIGENCE.COM]

US-CERT: Updates Cybersecurity Incident Notification Guidelines. New cybersecurity incident reporting guidelines will go into effect on April 1, 2017, designed to help federal, state, and local organizations. Find out more[HEALTHITSECURITY.COM]

Incident Response

DHS: Georgia Incident Was Legitimate Work, Not a Hack. The Department of Homeland Security told Georgia’s Office of Secretary of State that the IP address associated with an attempted breach of the state agency’s firewall was tracked to an office in U.S. Customs and Border Protection, a revelation that has DHS “deeply concerned.” According to DHS, someone on the federal department’s security network was conducting legitimate business on the state office’s website, verifying a professional license administered by the state. The state office manages information about corporate licenses and certificates on its website. Find out more[FEDSCOOP.COM]

Incident Response

LEARN: 10 Tips for Planning, Leading and Learning From a Cybersecurity Tabletop Exercise. The National Institute of Standards and Technology (NIST) recommends that organizations not only develop incident response plans, but also maintain them in a “state of readiness” and engage in exercises to “validate their content.” The potential vehicles for such tests can take many forms, but one of the most common and easy to implement is a “tabletop exercise.” Read the rest[CORPCOUNSEL.COM]

Cybersecurity

Cybersecurity

SECURITY: Trump’s Cybersecurity Chief Could Be a ‘Voice of Reason’. According to cybersecurity policy watchers, Tom Bossert, a former homeland security official under George W. Bush, has a reputation for a measured approach that deeply contrasts with the Trump administration’s so-far volatile style. Donald Trump has tapped Bossert to be his homeland security adviser, effectively putting him in charge of the administration’s cybersecurity efforts. Find out more[WIRED.COM]

FED GOVT HIRING: What Does Trump’s Hiring Freeze Mean for Federal Cyber Shortage? Some experts fear a temporary hiring freeze could exacerbate a chronic problem in the federal government: a widespread shortage of cybersecurity talent. According to Alan Chvotkin, executive vice president of the Professional Services Council, “A hiring freeze could signal to essential cybersecurity talent – especially those who might consider joining the public sector from higher-paying industry jobs – that there’s no need or desire for them in the federal government.” Find out more[NEXTGOV.COM]

CybersecurityFED GOVT HIRING: What Does Trump’s Hiring Freeze Mean for Federal Cyber Shortage? Some experts fear a temporary hiring freeze could exacerbate a chronic problem in the federal government: a widespread shortage of cybersecurity talent. According to Alan Chvotkin, executive vice president of the Professional Services Council, “A hiring freeze could signal to essential cybersecurity talent – especially those who might consider joining the public sector from higher-paying industry jobs – that there’s no need or desire for them in the federal government.” Find out more[NEXTGOV.COM]

HIRING: One in Three Cybersecurity Job Openings Go Begging, Survey Finds. The main problem of obtaining key talent in the realm of cyber security stems from a lack of qualified applicants.” That’s one of the findings of a recent survey of 633 IT security professionals, conducted and released by ISACA, which finds that demand for qualified cyber security professionals continues to outstrip supply. Find out more [ZDNET.COM]

Cybersecurity

STATE GOVT: States Call for Collaboration with Federal Government on Cybersecurity. With a new presidential administration in town, the chairman and vice chairman of the National Governors Association called for more collaboration between the federal government and states on cybersecurity. Virginia Gov. Terry McAuliffe, NGA’s chair, said governors across the nation are ready to work with the Trump administration and the 115th Congress on issues like cybersecurity and more over the course of 2017. Find out more[FEDSCOOP.COM]

Tech Research News

Tech Research NewsMIT: Cache Management Improved Once Again. New version of breakthrough memory management scheme better accommodates commercial chips. A year ago, researchers from MIT’s Computer Science and Artificial Intelligence Laboratory unveiled a fundamentally new way of managing memory on computer chips, one that would use circuit space much more efficiently as chips continue to comprise more and more cores, or processing units. In chips with hundreds of cores, the researchers’ scheme could free up somewhere between 15 and 25 percent of on-chip memory, enabling much more efficient computation. Their scheme, however, assumed a certain type of computational behavior that most modern chips do not, in fact, enforce. Last week, at the International Conference on Parallel Architectures and Compilation Techniques – the same conference where they first reported their scheme – the researchers presented an updated version that’s more consistent with existing chip designs and has a few additional improvements. Read more [NEWS.MIT.EDU]

Tech Research News

REPORT: Digital Readiness Gaps. According to Pew Research Center, Americans fall along a spectrum of preparedness when it comes to using tech tools to pursue learning online, and many are not eager or ready to take the plunge. Find out more[PEWINTERNET.ORG]

DOD: Ashton Carter – Cyber Tech, Automation, Biological Research Essential for DoD Missions. Defense Secretary Ashton Carter has said automated systems, cyber technology and biological research efforts are necessary to keep the Defense Department moving forward. Find out more[EXECUTIVEGOV.COM]

Tech Research News

FITNESS TRACKING: Weight Loss On Your Wrist? Fitness Trackers May Not Help. Fitness trackers remain wildly popular, but do they make us fit? Maybe not, according to a study that asked overweight or obese young adults to use the tiny tracking tools to lose weight. Read the rest[NPR.ORG]

Search Technology

Search Technology

SOLR: Not Just For Text Anymore. When Solr came out, it was supposed to be an OpenSource text search engine. Now it has a big place in Big Data. Read what Ness's CTO, Moshe Kranc has to say about how it has evolved. Read more[DZONE.COM]

INGALLS: Spring Data 'Ingalls' Release Train Leaves Station. The Spring Data team has announced the first milestone release of the Ingalls Release Train. This coordinated release of subprojects under the Spring Data umbrella ships with 230 fixes and a number of new features. Find out more[ADTMAG.COM]

Search TechnologyGOOGLE: Announces New Cloud Natural Language API While Cloud Search API Goes Beta. Google says that the Cloud Natural Language API gives developers access to three Google-powered engines– sentiment analysis, entity recognition, and syntax analysis. The service is currently available in open beta and is based on the company’s natural language understanding research. It will initially support three languages– English, Spanish and Japanese and will help developers reveal the structure and meaning of your text in the given language. Read more[THETECHPORTAL.COM]

AMAZON: Amazon EC2 Container Service Now Supports Networking Modes and Memory Reservation. Docker networks provide isolation for your containers. It is important to have control over the networks your applications run on. With Amazon ECS, you can now specify an optional networking mode for your containers that cater towards different use cases. Find out more[DABCC.COM]

Application Development

Application DevelopmentIoT: Why App Development Is The Key To Unlocking The IoT Vault. Solution providers are positioning themselves for success in the lucrative Internet of Things market by bolstering their application development teams. Companies bringing IoT solutions to market face several hurdles, including interoperability, security and data management challenges – and staffing up with IoT application developers is critical for tackling these issues. Read more[CRN.COM]

SDKS: How Imaging SDKs Can Solve Today’s Application Development Challenges. In a mobile-first world, developers understand the importance of creating a next-generation app that fits in with client or user expectations. Developers should consider the myriad of SDK options if they want to improve functionality for the user, especially imaging SDKs. Although they are a niche market, these SDKs can add better imaging capabilities and target industry-related problems that companies are trying to tackle. Find out more [SDTIMES.COM]

Application Development

SECURITY: Application Security Requires More Talk Than Tech. If you think application security only involves installing a tool, or scanning a few apps and moving on, you’re wrong. Application security is a unique security initiative, and its success hinges on people as much as technology. Read more[INFOWORLD.COM]

SPEED: How to Speed Enterprise App Development and Meet Digital Transformation Demands. Low-code platforms are key in accelerating digital transformation with rapid application development. Find out more[INFORMATION-AGE.COM]

BYOD

BYODSLIDESHOW: 6 Best Practices for Managing BYOD Technology. The mobile workforce population is expected to surpass 105 million by 2020, according to IDC. Keeping all those workers and devices from causing security risks is becoming increasingly hard. Here are 6 tips on how to best manage it all. Find out more[INFORMATION-MANAGEMENT.COM]

POLICY: 10 Best Practices For BYOD Policy. Bring-your-own device doesn't have to mean bring your own security problems. Many enterprises now allow users to access corporate resources via their personal mobile devices. According to a global survey of CIOs by Gartner, nearly 40 percent of companies by 2016 will require employees to provide their own mobile products. Find out more[DARKREADING.COM]

BYOD

CIO: Shadow BYOD Runs Rampant in Federal Government. A new survey highlights the extent to which government employees insist on bringing their own devices to work, despite rules to the contrary. Find out more[CIO.COM]

NIST: Gives Agencies Guidance on Boosting Cybersecurity for BYOD, Telework. Security concerns increase as more federal offices offer workers greater flexibility through telework options and the ability to use their own devices. Read the rest[FEDTECHMAGAZINE.COM]

Big Data

Big DataDATA: State and Local Govs Need to Improve Data Sharing, Big Data Use. Like their federal counterparts, state and local agencies have made great strides in acquiring and using big data – but they still have a long way to go, according to a source in the industry. Find out more[GOVTECH.COM]

NAVY: How Navy’s Warship Shop Uses Data to Do More with Less. The U.S. Navy’s shipbuilding office has a new weapon in its effort to efficiently allocate personnel, resources and budgetary dollars: software. Find out more[NEXTGOV.COM]

Big Data

NONPROFITS: How Nonprofits Use Big Data to Change the World. Foundation Center has the world’s largest database of grant and fundraising information. Learn how the organization uses big data to create apps that encourage transparency and innovation. Find out more[TECHREPUBLIC.COM]

CARS: Autodata Turns to Big Data to Predict Vehicle Failures. Vehicle data company sees 30% jump in revenue after moving to open source software and opening its data to garages, insurers and parts companies. Find out more[COMPUTERWEEKLY.COM]

Mobile Applications

Mobile ApplicationsMOBILE: How to Block the Ultrasonic Signals You Didn’t Know Were Tracking You. Dystopian corporate surveillance threats today come at us from all directions. Companies offer “always-on” devices that listen for our voice commands, and marketers follow us around the web to create personalized user profiles so they can (maybe) show us ads we’ll actually click. Now marketers have been experimenting with combining those web-based and audio approaches to track consumers in another disturbingly science fictional way: with audio signals your phone can hear, but you can't. And though you probably have no idea that dog whistle marketing is going on, researchers are already offering ways to protect yourself. Read more[WIRED.COM]

FEDERAL GOVERNMENT: White House Launches Mobile App for Reginfo.gov. The Obama administration has introduced a new way to access information on the federal regulatory system with the recent launch of RegInfo Mobile. The application, available for both iOS and Android devices, promotes the transparency of federal regulations and information collection requests by providing a convenient mobile interface for Reginfo.gov. Find out more[FEDERALTIMES.COM]

Mobile ApplicationsTRENDS: 10 Trends Shaping Mobile Development in 2017. The mobile app development landscape in 2017 promises to see the continuing emergence of new, cutting-edge techniques and tools, along with growth in traditional technologies and approaches. New developments will take shape in both the "mobile first" enterprise space and the consumer arena, with the continuing hype around enterprise mobility and increasingly cumbersome app stores promising significant changes. Here's a look at 10 trends that will affect mobile app developers in the coming year. Find out more[ADTMAG.COM]

Mobile ApplicationsPOLITICAL MOBILE: An App That Makes It Easy to Pester Your Congress Member. Joe Trippi pioneered the use of social media as a fundraising tool. As campaign manager for Democratic presidential candidate Howard Dean in 2004, he started a trend that has reinvented that way politicians run for office. But he believes that many politicians are still missing out on the power of the internet once they’re elected. Trippi is now working with an internet startup called Countable, which seeks to give citizens a greater voice in national politics. The company’s online service gives you a simple and concise overview of the bills your national representatives are debating, and it lets you instantly send emails to these representatives, telling them how you would like them to vote. Find out more[WIRED.COM]

IT Management

IT ManagementTECH MANAGEMENT: Decentralized IT Management Raises Concerns. IT isn't happy about the shift to decentralized IT management, so VMware tries to provide the best of both worlds: developer flexibility and centralized IT. Find out more[NETWORKWORLD.COM]

DOD: Congress Creates New DoD Chief Management Officer, Punts on Role of CIO. The annual Defense authorization bill Congress sent to the President last week includes several provisions to redraw the Defense Department's organizational chart, including one that creates a powerful new Chief Management Officer whose primary job will be overseeing and reforming DoD headquarters functions. While the department already has a full-time position - the deputy chief management officer - to handle functions like business process reengineering and other management concerns, the new position will carry more stature in the Defense bureaucracy. Find out more[FEDERALNEWSRADIO.COM]

IT ManagementVETERANS AFFAIRS: VA CIO Creating IT Demand Management Office. The Department of Veterans Affairs will launch a new tech office in 2017 to help meet the needs of the department's health care, benefits and cemetery lines of business. Ron Thompson, who was the principal deputy assistant secretary and deputy CIO for VA's Office of Information and Technology, will lead the creation of a new Demand Management Office. Find out more[FEDSCOOP.COM]

LEARN: What Great Managers Do Daily. So much depends upon managers. For example, a Gallup study found that at least 70% of the variance in employee engagement scores is driven by who the boss is. This is disconcerting because the same research found that about 70% of people in management roles are not well equipped for the job. This state of affairs is hurting not just employee engagement and quality of life, but also corporate performance. What makes managers of highly engaged employees different than the rest on a day-to-day basis? Read the results of a recent survey. Find out more [HBR.ORG]

Programming & Scripting Development Client & Server-Side

Programming & Scripting Development Client & Server-Side

PROGRAMMING: Java, C, C++ Face Growing Competition in Popularity. When it comes to programming, Java, C, and C++ still rule the roost, according to this month’s Tiobe index of language popularity. But all three have suffered downturns from where they stood in the index a year ago, with lesser-ranked languages grabbing away share. Java maintained the top spot it has held since April 2015, with a rating of 16.676 percent, while C stays in second with a rating of 8.445 percent, followed by C++ in third place at 5.429. But Java has lost 4.47 percentage points year over year from last February, when it was rated at roughly 21.145 percent, while C is down a whopping 7.15 percentage points during that same time period. It was rated 15.594 a year ago. C++’s drop was less sharp compared to one year past, decreasing 1.48 percentage points from about 6.91 percent. Find out more[INFOWORLD.COM]

Programming & Scripting Development Client & Server-Side

SECURITY: JavaScript-based Attack Simplifies Browser Exploits. Researchers have devised a new attack that can bypass one of the main exploit mitigations in browsers: Address space layout randomization (ASLR). The attack takes advantage of how modern processors cache memory and, because it doesn’t rely on a software bug, fixing the problem is not easy. Find out more[COMPUTERWORLD.COM]

SCRAMBLECODE: Another New Programming Language, This One for Security. Adding to the existing portfolio of some 700 programming languages is a new release candidate for Scramblecode, a security-oriented offering from Danish software vendor ProgramPartner ApS. Scramblecode (presented as SCRAMBLECODE by the company) is all about encryption and safety. Find out more[ADTMAG.COM]

Programming & Scripting Development Client & Server-Side

JAVA: An Agile Java Standard - Wishful Thinking or Not? Simon Ritter, Deputy CTO at Azul Systems and alternate representative on the JCP EC wrote in a blog post after JCP executive committee’s first face-to-face meeting that "the JCP will require some substantial changes to the processes it uses" to ensure that an agile Java standard is possible. Find out more[JAXENTER.COM]

MICROSOFT: Releases HoloJS, Allowing JavaScript Developers to Make HoloLens Apps. Most people are probably familiar with Microsoft’s HoloLens as strictly a piece of futuristic augmented reality hardware. They may not be aware that a key component of Microsoft’s augmented reality is an underlying application development platform called Windows Holographic. Read the rest[DIGITALTRENDS.COM]

Programming & Scripting Development Client & Server-Side

VHLLs: Using Scripting Languages in IoT: Challenges and Approaches. Scripting languages (aka Very High-Level Languages or VHLLs), such as Python, PHP, and JavaScript are commonly used in desktop, server, and web development. And, their powerful built-in functionality lets you develop small useful applications with little time and effort, says Paul Sokolovsky, IoT engineer at Linaro. However, using VHLLs for deeply embedded development is a relatively recent twist in IoT. Find out more[LINUX.COM]

Cloud Computing

Cloud Computing

GOOGLE: With Spanner Database Service, Google Raises the Stakes in Cloud Computing. Google Inc. has issued a big challenge to its rivals in cloud computing by opening up access to what has been described as the world’s largest database. The company is launching Cloud Spanner Beta, providing software developers with a database service available through Google Cloud that the search giant already uses to run its massive AdWords advertising system and Google Play app and media store. Find out more[SILICONANGLE.COM]

Cloud Computing

CYBERSECURITY: Trust and Risks Both Growing in Government Clouds. A new Intel Security cloud report reveals that cloud computing adoption is growing rapidly in government and elsewhere all over the world. At the same time, CIOs are struggling to keep enterprise data safe in the cloud. Here is what you need to know. Find out more[GOVTECH.COM]

CIO: Security in the Cloud. As a former CIO, Richard Spires has implemented and seen the significant benefits of cloud computing — both the leverage of compute on demand and the use of software-as-a-service applications. In particular, SaaS-based applications increasingly are becoming the way organizations can quickly and easily leverage new capabilities. This is driving tremendous growth and innovation – AngelList has more than 11,000 SaaS start-ups listed in the U.S., and IDC predicts the SaaS-based market will surpass $112 billion by 2019. Find out more[FCW.COM]

Cloud Computing

READ: Relieving Cloud Migration Headaches. One look at the exponential increase in Amazon Web Services revenue, which has grown by an order of magnitude over the past five years, makes clear that we are on the cusp of a generational transformation in how IT organizations provide application infrastructure. Indeed, Gartner, which estimates that infrastructure-as-a-service revenue grew by nearly 43 percent in 2016, said organizations saved “14 percent of their budgets as an outcome of public cloud adoption,” a ratio that is sure to rise in the coming years. And many government IT organizations are at the forefront of the cloud conversion due to executive-level mandates, tight IT budgets and demand for increased access to information and online services. Find out more[GCN.COM]

Announcement

AnnouncementBlue Mountain Data Systems DOL Contract Extended Another Six MonthsThe Department of Labor has extended Blue Mountain Data Systems Inc. contract DOLOPS16C0017 for 6 months for network administration and application support.

U.S. Dept. of Labor, Employee Benefits Security Administration1994 to Present Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support.

IT Security | Cybersecurity

IT Security | Cybersecurity

INTERVIEW: Cybersecurity in the Federal Government. Alex Grohmann, founder and resident of Sicher Consulting, John Dyson from Deloitte, and Brian Gay, president, Think Forward Consulting talk about the concept of a cybersecurity framework for the federal government. Read more[FEDERALNEWSRADIO.COM]

TECH INSIDER: Priorities for Enhancing National Cybersecurity. Presidential transitions are a time of considerable change in government, including new agency leaders and evolving policy priorities. But many issues persist, and this is certainly the case with cybersecurity. Advancing the nation's cybersecurity posture must be a key priority for the Trump administration, especially if we are to maximize the benefits of digital transformation. Read more[NEXTGOV.COM]

IT Security | CybersecurityNEWS: National Guard Expects Expanded Role in Cybersecurity. The National Guard’s role in cybersecurity began in 1999 thanks to the uncertainty created by Y2K. With concerns of potential computer chaos looming when dates on systems turned over to 2000, the National Guard was given a new force structure called a computer network defense team. Renamed Defensive Cyber Operations Elements, the eight-to 10-person teams are organized on the state level, while support for the 10 Federal Emergency Management Agency regions is handled by Cyber Protection Teams, Lt. Col. Brad Rhodes, the commander of the Colorado National Guard's Cyber Protection Team 178, said in a recent interview. Find out more[GCN.COM]

PEOPLE: U.S. Rep. Bob Latta Named Chairman of Panel that Oversees Data, Cybersecurity. The House Subcommittee on Digital Commerce and Consumer Protection has a great range of jurisdiction -- everything from IoT policies to overseeing the Federal Trade Commission. Find out more [GOVTECH.COM]

From the Blue Mountain Data Systems Blog

Personal Techhttps://www.bluemt.com/personal-tech-daily-tech-update-october-28-2016

IT Managementhttps://www.bluemt.com/it-management-daily-tech-update-october-27-2016

Business Intelligencehttps://www.bluemt.com/business-intelligence-daily-tech-update-october-26-2016

Incident Responsehttps://www.bluemt.com/incident-response-daily-tech-update-october-25-2016

From the Blue Mountain Data Systems Blog

Security Patcheshttps://www.bluemt.com/security-patches-daily-tech-update-october-24-2016/

BYODhttps://www.bluemt.com/byod-daily-tech-update-october-21-2016/

Databaseshttps://www.bluemt.com/databases-daily-tech-update-october-20-2016/

Operating Systemshttps://www.bluemt.com/operating-systems-daily-tech-update-october-19-2016/

From the Blue Mountain Data Systems Blog

Encryptionhttps://www.bluemt.com/encryption-daily-tech-update-october-18-2016/

Cloud Computinghttps://www.bluemt.com/cloud-computing-daily-tech-update-october-17-2016/

Programming & Scriptinghttps://www.bluemt.com/programming-scripting-daily-tech-update-october-14-2016/

Incident Responsehttps://www.bluemt.com/incident-response-daily-tech-update-october-13-2016/

From the Blue Mountain Data Systems Blog

Cybersecurityhttps://www.bluemt.com/cybersecurity-daily-tech-update-october-12-2016/

Big Datahttps://www.bluemt.com/big-data-daily-tech-update-october-11-2016/

Mobile Applicationshttps://www.bluemt.com/mobile-applications-daily-tech-update-october-7-2016/

Cloud Computinghttps://www.bluemt.com/cloud-computing-daily-tech-update-october-6-2016/

From the Blue Mountain Data Systems Blog

Open Sourcehttps://www.bluemt.com/open-source-daily-tech-update-october-5-2016/

CTO, CIO and CISOhttps://www.bluemt.com/cto-cio-ciso-daily-tech-update-october-4-2016/

Programming & Scriptinghttps://www.bluemt.com/programming-scripting-daily-tech-update-october-3-2016/

From the Blue Mountain Data Systems Blog

Feds Report Mixed Responses to Shared Serviceshttps://www.bluemt.com/feds-report-mixed-responses-to-shared-services

Federal Employees Are Not Security Expertshttps://www.bluemt.com/federal-employees-are-not-security-experts

Survival Guide for Network Administratorshttps://www.bluemt.com/survival-guide-for-network-administrators

DBaaS: OpenStack Trove Changes DB Managementhttps://www.bluemt.com/dbaas-openstack-trove-changes-db-management

From the Blue Mountain Data Systems Blog

Help Wanted: Certified Cybersecurity Professionalshttps://www.bluemt.com/help-wanted-certified-cybersecurity-professionals

Cyber Threat Intelligence Integration Center Previewhttps://www.bluemt.com/cyber-threat-intelligence-integration-center-preview/

Cloud Moves in 1-2-3https://www.bluemt.com/cloud-moves-in-1-2-3/

Change Management for Disaster Recoveryhttps://www.bluemt.com/change-management-for-disaster-recovery/

From the Blue Mountain Data Systems Blog

Jeffersonian Advice For C-Suite Career Advancementhttps://www.bluemt.com/jeffersonian-advice-for-c-suite-career-advancement/

Ways To Survive The “Mobile-Pocalypse”https://www.bluemt.com/ways-to-survive-the-mobile-pocalypse/

Microsoft Cloud Services Receive FedRAMP Authority to Operatehttps://www.bluemt.com/microsoft-cloud-services-receive-fedramp-authority-to-operate/

Hiring Pentesters? Here Are 10 Things You Need to Knowhttps://www.bluemt.com/hiring-pentesters-here-are-10-things-you-need-to-know/

From the Blue Mountain Data Systems Blog

Home Router Malware Alerthttps://www.bluemt.com/home-router-malware-alert/

Threat Model Deconstructionhttps://www.bluemt.com/threat-model-deconstruction/

Business Email Scam Nets $214 Millionhttps://www.bluemt.com/business-email-scam-nets-214-million/

How to Prevent Unauthorized Software from Taking Over Your Organizationhttps://www.bluemt.com/the-cios-guide-to-happy-end-users-2/

From the Blue Mountain Data Systems Blog

Digital Marketing Predictions for 2015https://www.bluemt.com/digital-marketing-predictions-for-2015/

SDN: Network Administrator’s Friend or Foe?https://www.bluemt.com/sdn-network-administrators-friend-or-foe/

Mobile Payments: A Must for Federal Agencieshttps://www.bluemt.com/mobile-payments-a-must-for-federal-agencies/

Soft Skills Are A Must-Have For Careers In IThttps://www.bluemt.com/soft-skills-are-a-must-have-for-careers-in-it/

From the Blue Mountain Data Systems Blog

Security Risks Most Prevalent in Younger Workershttps://www.bluemt.com/security-risks-most-prevalent-in-younger-workers/

The Security World’s Maturationhttps://www.bluemt.com/the-security-worlds-maturation/

Data Breach Concerns Keep CISOs Up At Nighthttps://www.bluemt.com/data-breach-concerns-keep-cisos-up-at-night/

Personalized Govt Equals Instant Gratification for Citizenshttps://www.bluemt.com/personalized-govt-equals-instant-gratification-for-citizens/

From the Blue Mountain Data Systems Blog

People-Centric Securityhttps://www.bluemt.com/people-centric-security/

Pentagon Tries BYOD To Strike Work/Life Balancehttps://www.bluemt.com/pentagon-tries-byod-to-strike-worklife-balance/

Open Source Model Considered for MS Windowshttps://www.bluemt.com/open-source-model-considered-for-ms-windows/

Open Internet: To Be or Not to Be?https://www.bluemt.com/open-internet-to-be-or-not-to-be/

From the Blue Mountain Data Systems BlogMalware Stays A Step Ahead Infecting One Third of Websiteshttps://www.bluemt.com/malware-stays-a-step-ahead-infecting-one-third-of-websites/

Machine-Generated Data: Potential Goldmine for the CIOhttps://www.bluemt.com/machine-generated-data-potential-goldmine-for-the-cio/

Government Legacy Programs: Reuse vs. Replacementhttps://www.bluemt.com/government-legacy-programs-reuse-vs-replacement/

It Takes a Whole Village to Protect Networks and Systemshttps://www.bluemt.com/it-takes-a-whole-village-to-protect-networks-and-systems/

From the Blue Mountain Data Systems Blog

Governance For the CIOhttps://www.bluemt.com/governance-for-the-cio/

Help Desk Consolidation – Lessons Learnedhttps://www.bluemt.com/help-desk-consolidation-lessons-learned/

One Year Later, Companies Still Vulnerable to Heartbleedhttps://www.bluemt.com/one-year-later-companies-still-vulnerable-to-heartbleed/

Federal Projects Cultivate Worker Passionhttps://www.bluemt.com/federal-projects-cultivate-worker-passion-2/

ABOUT US

Blue Mountain Data Systems Inc.

Blue Mountain Data Systems Inc. is dedicated to application and systems development, electronic document management, IT security support, and the automation of workflow processes.

Read more about our experience here:>> http://bluemt.com/experience

Recent Experience

U.S. Dept. of Labor Employee Benefits Security Administration

1994 to Present

Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support.

MANAGEMENT

Paul T. Vesely Founder, President, CEO and Principal Architect

Mr. Vesely is a recognized thought leader in systems architecture and delivery, having designed and delivered many enterprise wide information and document management solutions. Mr. Vesely’s history includes 33 years experience in the information systems industry, with Unisys, Grumman, PRC and a host of clients in both government and private sectors.

CONTACT US

Contact Us Today to Discuss Your Next IT Project

HEADQUARTERS366 Victory DriveHerndon, VA 20170

PHONE 703-502-3416

FAX 703-745-9110

EMAILpaul@bluemt.com

WEBhttps://www.bluemt.com