Tech Update Summary from Blue Mountain Data Systems February 2017

Blue Mountain Data Systems Tech Update Summary
February 2017

For CTOs, CIOs & CISOs
Visit Blue Mountain Data Systems
https://www.bluemt.com

For CTOs, CIOs & CISOs
Every business day, we publish a Daily Tech Update for Federal & State CTOs ,CIOs & CISOs on the Blue
Mountain Data Systems Blog. We hope you will visit our blog for the latest information.
You can also receive these updates via email. Click here to subscribe.
Here’s the summary of the Daily Tech Updates for February 2017. Hope the information and ideas
prove useful.
Best,
Paul Vesely
President and Principal Architect
Blue Mountain Data Systems Inc.

Encyption
GOOGLE: Ventures Into Public Key Encryption. Google's Key Transparency project
offers a model of a public lookup service for encryption keys. Google announced an
early prototype of Key Transparency, its latest open source effort to ensure simpler,
safer, and secure communications for everyone. The project’s goal is to make it
easier for applications services to share and discover public keys for users, but it
will be a while before it's ready for prime time. Read more
[INFOWORLD.COM]
SECURITY: The Year Encryption Won. Between the revelations of mega-hacks of
Yahoo and others, Russia’s meddling in the US electoral system, and the recent
spike in ransomware, it’s easy to look at 2016 as a bleak year for security. It wasn’t
all so, though. In fact, the last 12 months have seen significant strides in one of the
most important aspects of personal security of all: encryption. Read more
[WIRED.COM]

Encyption
FED GOVT DOMAINS: Domain Encryption Deadline? Nah, Say 345 Government
Sites. More than a third of government websites failed to meet the end-of-year
deadline to set up secure domains, according to a report on Government
Technology (GT). All existing federal websites were mandated – under a June 2015
memo from Tony Scott, the U.S. chief information officer – to switch over to HTTPS
by Dec. 31, 2016. Read more
[SCMAGAZINES.COM]

Encyption
WHATSAPP SECURITY FLAW: Researcher Claims Bug Allows Snooping on
Encrypted Messages, but Tech Firm Denies It's a 'Backdoor'. Facebook-owned
WhatsApp encrypts messages that its 1 billion users send to one another, but a UC
Berkeley cryptography and security researcher claims the app has a bug that can
be exploited to read these messages. Read the rest
[SILICONBEAT.COM]

Federal, State & Local IT
REPORT: Cloud Enters Mainstream in Federal IT Investment Plans. United States
government agencies will continue to invest hefty sums in cloud computing
technology over the next five years. After that period, spending on cloud is likely to
moderate, but the amount of investing will remain at impressive levels. Find out
more
[ECOMMERCETIMES.COM]
READ: Debt Myths, Debunked. Sometime in early December, the federal
government’s official debt will likely cross the $20 trillion mark – an amount no
country has ever owed. As we approach this milestone, there are a few myths
regarding the debt that should be debunked. Find out more
[USNEWS.COM]

CHIEF INNOVATION OFFICERS: An Unclear Role in the Federal Government.
Federal obsession with innovation is rampant. The government appears intent
upon emulating a Silicon Valley-style startup culture that can keep up with the
evolution of commercial technology – or at least shake up how agencies approach
problems. Its efforts include the Presidential Innovation Fellows program, a one-
year tour of duty lawmakers are attempting to make permanent; the digital
consultancy 18F, which aims to help other agencies buy agile software
development; and a rash of incubator-style hubs where employees can build out
their own ideas. Find out more
[NEXTGOV.COM]

COLLEGES: Federal Government Shuts Down Controversial College Watchdog. An
organization that was supposed to oversee the embattled for-profit college
industry and protect students from fraud lost its recognition Monday, potentially
putting hundreds of thousands of students in limbo. The Secretary of Education
ruled Monday to terminate his agency’s recognition of the Accrediting Council for
Independent Colleges and Schools (ACICS), which critics say allowed billions of
dollars in federal financial aid funds to flow to bad actors. Find out more
[MARKETWATCH.COM]

Databases
CLOUD: How Google Spanner’s Easing Our Distributed SQL Database Woes.
Google has had to put some significant engineering into Spanner, including a huge
amount of resiliency improvements to their own network. Spanner uses atomic
clocks and GPS to deliver something called TrueTime, Google’s single “point of
truth” on time, which acts as the equivalent of the Sysplex Timer. Find out more
[THEREGISTER.CO.UK]
BUSINESS ANALYTICS: Big Data and the Risks of Using NoSQL Databases. Using big
data to extract value from your data is one thing. However, using NoSQL can
increase your technical debt and put your enterprise at risk of data integrity and
the lack of resilience. Find out more
[CIO.COM]

Databases
GRAPH DATABASES: Five Mistakes to Avoid for Scalable Performance. The
limitations of the relational database management system (RDBMS) model create
an opportunity for disruptive approaches like graph data management tools, which
are naturally adapted to support business processes related to connectivity. These
tools provide an elegant framework for creating, storing, and analyzing data that
represents different types of networks. As interest in exploiting graph analytics
increases, organizations with business challenges consuming massive amounts of
data may find that general-purpose graph analytics tools will not properly scale to
meet the performance needs in analyzing gargantuan graphs. Here are five
mistakes to avoid when choosing a graph data analytics solution. Find out more
[DATA-INFORMED.COM]

Databases
OPEN DATABASES: A Juicy Extortion Target. Recent attacks against insecure
MongoDB, Hadoop and CouchDB installations represent a new phase in online
extortion, born from ransomware’s roots with the promise of becoming a nemesis
for years to come. Find out more
[THREATPOST.COM]

More About Blue Mountain
BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S.
Dept. of Labor, Employee Benefits Security Administration. Responsible to the
Office of Technology and Information Systems for information systems
architecture, planning, applications development, networking, administration and
IT security, supporting the enforcement of Title I of the Employee Retirement
Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for
design, development and support for its various enforcement database
management systems, as well as all case tracking and customer service inquiry
systems. Blue Mountain also provides IT security services to the EBSA, in the form
of FISMA Assessment and Authorization, System Security Plans, Risk and
vulnerability assessments, monitoring and investigation support. Read more.

Electronic Document Management

SECURE DOCUMENTS: 18 Ways to Secure Your Electronic Documents. Electronic
Document Management Systems (EDMS) are electronic repositories designed to
provide organized, readily retrievable, collections of information for the life cycle of
the documents. How can you keep these electronic files secure during the entire
chain of custody? Here are 18 security suggestions. Read more
[BLUEMT.COM]
LEGAL DEPT DOCUMENT MANAGEMENT: Investing in New Technologies: How
Corporate Legal Departments Are Leading the Way. Many departments are looking
to technology to assist with automation of processes, resource and budgetary
management, and tracking. Connie Brenton, co-founder of Corporate Legal
Operations Consortium (CLOC), a non-profit association of legal operations
executives, explains, “Corporate executives expect the GC’s office to be a business
counselor to the firm, and to discuss numbers, data and analytics. Efficiency is now
essential for legal departments, and this has advanced software’s role and
accelerated technology adoption.” Find out more
[INSIDECOUNSEL.COM]

CFPB: Looks to Embrace Cloud for Email, Office Application Needs. The Consumer
Financial Protection Bureau wants to move to a public cloud setup for some of its
core enterprise apps. The financial watchdog agency recently sent out a Request
for Information (RFI) on the process, technical requirements and costs of moving to
cloud services in fiscal year 2017. CFPB wants to establish a more complete
understanding on the costs associated with moving fully to a cloud solution for
email and office applications (e.g., documents, spreadsheets, presentations,
SharePoint and more).Read the rest
[FEDTECHMAGAZINE.COM]

ROI: 4 Ways Business Document Management Software Can Save You Money. Lisa
Croft, Group Product Marketing Manager at Adobe Document Cloud, talks about
the many ways business document management can save your company time,
space, and more importantly, loads of money. Here are the four most obvious ways
these tools provide excellent return-on-investment. Read more
[PCMAG.COM]

Security Patches
MICROSOFT: Issues Critical Security Patches, but Leaves Zero-Day Flaws at Risk.
Windows users will have to wait another three weeks to patch two serious
vulnerabilities with exploit code when Microsoft’s regular patching schedule
resumes. Find out more
[ZDNET.COM]
LINUX: Impact of New Linux Kernel DCCP Vulnerability Limited. Linux providers
are busy developing and pushing out patches for a vulnerability in an obscure
networking protocol that could allow a local attacker to crash the kernel and
elevate privileges. Find out more
[THREATPOST.COM]

Security Patches
ADOBE: 13 Adobe Security Bugs You Need to Patch Now! Adobe patched 13 high
severity vulnerabilities yesterday as part of its monthly Patch/Update Tuesday
cycle. All of the flaws can lead to remote code execution due to buffer overflows
and memory corruption vulnerabilities in Flash. Find out more
[KOMANDO.COM]
BROWSERS: Firefox 51 Improves Security Notifications for Insecure Forms.
Mozilla released its first new browser milestone of 2017 on Jan. 24, with the
debut of Firefox 51. The new open-source browser release includes enhanced
capabilities that will further enable online gaming, as well as security
enhancements and patches for 24 different security vulnerabilities. Find out more
[EWEEK.COM]

For the CIO, CTO & CISO
CTO: Retaining and Sustaining Tech Talent Post-Trump. Organizations dedicated to
civic technology that formed under President Barack Obama, such as 18F or the
U.S. Digital Service, have been magnets for tech talent. With the uncertainty
surrounding the policies of the incoming Trump administration, however, it is far
from clear whether the federal government’s digital professionals will leave, stay or
shift to working in state or local government. Read more
[GCN.COM]
CIO: More Than 300 Federal Gov Websites Fail to Meet Domain Encryption
Deadline. The U.S. Chief Information Officer's push to encrypt all federal
government domains will take a little longer. Find out more
[GOVTECH.COM]

CIO, CTO & CISO
CISO: Why the Federal CISO Can't Sleep. The new federal chief information
security officer says he's off to a good start, but much work remains. "We're not
anywhere close to where I feel comfortable," said Greg Touhill, the retired Air
Force general tapped by President Barack Obama to lead federal civilian agency
cybersecurity. "I don't sleep well at night because I know there's a lot of
opportunities out there.“ Find out more
[FCW.COM]
STATE: Ohio Lays Out Plans for Data Analytics. On the cusp of an RFP release
intended to shake up traditional procurement methods, the state of Ohio is
outlining specific problems it intends to tackle across all of its agencies and
departments. Read the rest
[GOVTECH.COM]

Penetration Testing
THREATS: Hacking The Penetration Test. It’s not a good sign when an
organization undergoing a penetration test can’t detect the operation probing
and infiltrating its systems and network. In a new report by Rapid7 that pulls
back the covers on penetration test engagements the company has executed,
two thirds of these engagements weren’t discovered at all by the organization
being tested. That’s especially concerning because pen tests tend to be short-
term, rapid-fire – and sometimes loud – operations, unlike the low-and-slow
attacks by seasoned cyberattackers. Find out more
[DARKREADING.COM]

Penetration Testing
HOW TO: Use Zarp for Penetration Testing. Network or systems administrators
must conduct pen testing to discover any possible security weaknesses. Find out
why Zarp is a very powerful pen-testing tool to have at your disposal. Find out
more
[TECHREPUBLIC.COM]
WHY: Penetration Testing is a Vital Part of Any Effective Security Strategy.
Cyber security strategies that focus solely on prevention will no longer cut it in
the era of daily, continually changing attacks on infrastructure. Find out more
[INFORMATION-AGE.COM]

Penetration Testing
CIA: New CIA Director Inherits an Agency that is Quickly Developing Cyber
Capabilities. Pompeo, formerly a House member from Kansas, steps into Langley
with the benefit of a DDI that has been working for more than a year to broadly
modernize the premier U.S. intelligence agency – an effort that includes the
adoption of cloud data-storage technologies and secure dev-ops coding projects,
as well as “digital collaboration environments and mobility through wireless.”
Find out more
[FEDSCOOP.COM]

Open Source
FEDERAL GOVERNMENT: Code.gov is the US Government’s Open-Source
Software Hub. Back in August, the Obama Administration announced a new
policy that requires 20 percent of the federal government’s software projects be
open source. To make all of that material easily accessible, there’s now a place
for you to view all of the code. Code.gov is the web-based hub for the initiative
and it features around 50 projects from 10 different agencies. Those projects
include the White House Facebook chat bot, Data.gov and the “We the People”
petitions API. Read more
[ENGADGET.COM]

Open Source
VIDEO: Technical Writing as Public Service: Working on Open Source in
Government. What if U.S. federal agencies decided to reuse and contribute to
open source software projects built by other agencies, since agencies often have
similar technology problems to solve? And what if they hired technical writers
with open source community experience to write documentation for these
projects? Britta Gustafson explains surprising and rewarding aspects of working
on documentation in government, through the lens of the cross-agency
eRegulations project. Find out more
[YOUTUBE.COM]

Open Source
TOOLS: 10 Open Source Tools for Your Sysadmin Toolbox. Here’s a handy list of
open source tools for admins, highlighting well-known – and not-so-well-known
– tools that have released new versions in 2016. Find out more
[OPENSOURCE.COM]
OPINION: Open Source Has Won, and Microsoft Has Surrendered. Many Linux
users are ticked off and anxious about Microsoft joining the Linux Foundation.
They are missing the real significance of that move. Read the rest
[COMPUTERWORLD.COM]

Business Intelligence
AMAZON: AWS Launches Enterprise Tier of its QuickSight Business Intelligence
Tool. Public cloud infrastructure provider Amazon Web Services (AWS) today
announced the availability of an enterprise tier of its Amazon QuickSight cloud
software for business intelligence (BI). AWS launched QuickSight out of preview last
month after introducing it a year ago. The new Enterprise Edition stands out from
the Standard Edition in a few important ways. First, organizations can connect it
with Microsoft’s Active Directory identity management software, whether it’s
running on AWS or in an on-premises data center.. Find out more
[VENTUREBEAT.COM]

LEADERSHIP: In Business Intelligence, Sound Governance Drives Adoption And
Success Via Enablement. How are best-of-breed BI programs able to balance self-
service against the need for data governance? In Forbes' October 2016 report
"Breakthrough Business Intelligence," those companies achieving the greatest value
from their BI programs were doing so through a nuanced and sophisticated blend of
governance and distributed BI. Find out more
[FORBES.COM]
CHANGE MANAGEMENT: Health Care Leaders About Their Industry, and They’re
Worried. However the Trump administration and the Republican U.S. Congress
replace or revamp the Affordable Care Act, it is unlikely to halt America’s ongoing
move from the rightfully maligned fee-for-service payment system to one that pays
for "value" - the quality of outcomes relative to the price. Despite the progress
that’s been made, there is still a long way to go. What new investments will be
required? What legacy costs will be incurred as providers strive to optimize their
business processes to deliver comprehensive value-based health care? How will
leadership teams and boards of directors orchestrate the strategic transformations
of their currently successful businesses? Find out more
[HBR.ORG]

READ: 12 Ways to Empower Government Users With the Microsoft Business
Intelligence (MBI) Stack. Are your organization’s Federal IT resources under
constant pressure, with no end in sight? Your agency is not alone. With limited
access to dedicated information technology resources, non-technical end users
often play the waiting game, relying on IT staff to do simple tasks like generating
custom queries and embedding them within applications. Here are ways to
empower your end users with the Microsoft Business Intelligence (MBI) Stack. Find
out more
[BLUEMT.COM]

Operating Systems
MICROSOFT: Delays February’s Batch of Security Updates. Microsoft’s Patch
Tuesday came and went this week without any patches. The Redmond company’s
monthly batch of security updates for its range of software, scheduled for release
Tuesday, has been delayed until March, the company said, citing an unspecified
“last minute issue that could impact some customers.” Find out more
[CIO-TODAY.COM]
FEDERAL GOVERNMENT: Skeletal Government Needs Meat on Its Bones. The
government, despite decades of information technology spending, still operates like
a 19th century machine. Anyone coming into authority over and hoping for results
from such a complex and delicately calibrated system needs to know what happens
between idea and execution. Find out more
[FEDERALNEWSRADIO.COM]

Operating Systems
GAO: Federal Government Must Strengthen US Cybersecurity Capabilities,
According to GAO. The U.S. Government Accountability Office (GAO) recently
released a report stating that the federal government needs to strengthen its
capabilities regarding cybersecurity and protecting the privacy of personally-
identifiable information. Find out more
[HOMELANDPREPNEWS.COM]
HOW TO: Protect Your Online Privacy in the Trump Era. Despite being a heavy user
of Twitter, president Trump is not supporter of the open internet or net neutrality.
In 2014, he criticized the FCC for ruling in favor of net neutrality and tweeted,
“Obama’s attack on the Internet is another top down power grab. Net neutrality is
the Fairness Doctrine. Will target conservative media.” Find out more
[CIO.COM]

Incident Response
OPINION: Thoughts on Incident Response Automation and Orchestration. Projects
are well underway and evolving, while commercial IR tools continue to gain
momentum. Find out more
[NETWORKWORLD.COM]
DATA SECURITY: U.S. Promotes Risk-Based Data Breach Response Model. The
exiting Obama administration has embraced a risk-based approach to data breach
preparation and mitigation for federal agencies in an Office of Management and
Budget memorandum, cybersecurity professionals told Bloomberg BNA.
Find out more
[BNA.COM]

Incident Response
NIST: Updates Cybersecurity Framework, Seeks Comment. The National Institute of
Standards and Technology (NIST) issued a draft update on Tuesday to its Framework
for Improving Critical Infrastructure Cybersecurity, aka the Cybersecurity
Framework, aimed at forging stronger cybersecurity measures. To assist
organizations in reducing cybersecurity risk, NIST, a branch of the U.S. Department
of Commerce which provides measurement standards, offered up a new draft to
evolve its voluntary guidance on "managing cyber supply chain risks, clarifying key
terms, and introducing measurement methods for cybersecurity.“ Find out more
[SCMAGAZINE.COM]

Incident Response
NEW YORK: Cuomo Makes Cybersecurity Proposals. Gov. Andrew Cuomo on Friday
unveiled a package of proposals meant to protect citizens as well as government
entities from the growing threat of cybercrime and the related peril of identity theft
- including the creation of a new "Cyber Incident Response Team" to support state
and local government bodies, critical infrastructure and schools. Find out more
[TIMESUNION.COM]

Incident Response
NEWS: Positioning Security Intelligence in Front of Incident Response. With recent
announcement of IBM’s $200 million commitment to expanding its security
leadership position in the incident response (IR) market, IBM is working to help
clients address the challenges in adopting a more proactive approach to IR. As part
of the initiative, IBM established a new global incident response team. The mandate
for IBM X-Force Incident Response and Intelligence Services (IRIS) is to deliver the
next evolution in incident response management. Read more
[SECURITYINTELLIGENCE.COM]
US-CERT: Updates Cybersecurity Incident Notification Guidelines. New
cybersecurity incident reporting guidelines will go into effect on April 1, 2017,
designed to help federal, state, and local organizations. Find out more
[HEALTHITSECURITY.COM]

Incident Response
DHS: Georgia Incident Was Legitimate Work, Not a Hack. The Department of
Homeland Security told Georgia’s Office of Secretary of State that the IP address
associated with an attempted breach of the state agency’s firewall was tracked to
an office in U.S. Customs and Border Protection, a revelation that has DHS “deeply
concerned.” According to DHS, someone on the federal department’s security
network was conducting legitimate business on the state office’s website, verifying
a professional license administered by the state. The state office manages
information about corporate licenses and certificates on its website. Find out more
[FEDSCOOP.COM]

Incident Response
LEARN: 10 Tips for Planning, Leading and Learning From a Cybersecurity Tabletop
Exercise. The National Institute of Standards and Technology (NIST) recommends
that organizations not only develop incident response plans, but also maintain them
in a “state of readiness” and engage in exercises to “validate their content.” The
potential vehicles for such tests can take many forms, but one of the most common
and easy to implement is a “tabletop exercise.” Read the rest
[CORPCOUNSEL.COM]

Cybersecurity
SECURITY: Trump’s Cybersecurity Chief Could Be a ‘Voice of Reason’. According to
cybersecurity policy watchers, Tom Bossert, a former homeland security official
under George W. Bush, has a reputation for a measured approach that deeply
contrasts with the Trump administration’s so-far volatile style. Donald Trump has
tapped Bossert to be his homeland security adviser, effectively putting him in
charge of the administration’s cybersecurity efforts. Find out more
[WIRED.COM]
FED GOVT HIRING: What Does Trump’s Hiring Freeze Mean for Federal Cyber
Shortage? Some experts fear a temporary hiring freeze could exacerbate a chronic
problem in the federal government: a widespread shortage of cybersecurity talent.
According to Alan Chvotkin, executive vice president of the Professional Services
Council, “A hiring freeze could signal to essential cybersecurity talent – especially
those who might consider joining the public sector from higher-paying industry jobs
– that there’s no need or desire for them in the federal government.” Find out more
[NEXTGOV.COM]

Cybersecurity
FED GOVT HIRING: What Does Trump’s Hiring Freeze Mean for Federal Cyber
Shortage? Some experts fear a temporary hiring freeze could exacerbate a chronic
problem in the federal government: a widespread shortage of cybersecurity talent.
According to Alan Chvotkin, executive vice president of the Professional Services
Council, “A hiring freeze could signal to essential cybersecurity talent – especially
those who might consider joining the public sector from higher-paying industry jobs
– that there’s no need or desire for them in the federal government.” Find out more
[NEXTGOV.COM]
HIRING: One in Three Cybersecurity Job Openings Go Begging, Survey Finds. The
main problem of obtaining key talent in the realm of cyber security stems from a
lack of qualified applicants.” That’s one of the findings of a recent survey of 633 IT
security professionals, conducted and released by ISACA, which finds that demand
for qualified cyber security professionals continues to outstrip supply.
Find out more
[ZDNET.COM]

Cybersecurity
STATE GOVT: States Call for Collaboration with Federal Government on
Cybersecurity. With a new presidential administration in town, the chairman and
vice chairman of the National Governors Association called for more collaboration
between the federal government and states on cybersecurity. Virginia Gov. Terry
McAuliffe, NGA’s chair, said governors across the nation are ready to work with the
Trump administration and the 115th Congress on issues like cybersecurity and more
over the course of 2017. Find out more
[FEDSCOOP.COM]

Tech Research News
MIT: Cache Management Improved Once Again. New version of breakthrough
memory management scheme better accommodates commercial chips. A year
ago, researchers from MIT’s Computer Science and Artificial Intelligence
Laboratory unveiled a fundamentally new way of managing memory on
computer chips, one that would use circuit space much more efficiently as chips
continue to comprise more and more cores, or processing units. In chips with
hundreds of cores, the researchers’ scheme could free up somewhere between
15 and 25 percent of on-chip memory, enabling much more efficient
computation. Their scheme, however, assumed a certain type of computational
behavior that most modern chips do not, in fact, enforce. Last week, at the
International Conference on Parallel Architectures and Compilation Techniques –
the same conference where they first reported their scheme – the researchers
presented an updated version that’s more consistent with existing chip designs
and has a few additional improvements. Read more
[NEWS.MIT.EDU]

Tech Research News
REPORT: Digital Readiness Gaps. According to Pew Research Center, Americans
fall along a spectrum of preparedness when it comes to using tech tools to
pursue learning online, and many are not eager or ready to take the plunge. Find
out more
[PEWINTERNET.ORG]
DOD: Ashton Carter – Cyber Tech, Automation, Biological Research Essential for
DoD Missions. Defense Secretary Ashton Carter has said automated systems,
cyber technology and biological research efforts are necessary to keep the
Defense Department moving forward. Find out more
[EXECUTIVEGOV.COM]

Tech Research News
FITNESS TRACKING: Weight Loss On Your Wrist? Fitness Trackers May Not Help.
Fitness trackers remain wildly popular, but do they make us fit? Maybe not,
according to a study that asked overweight or obese young adults to use the tiny
tracking tools to lose weight. Read the rest
[NPR.ORG]

Search Technology
SOLR: Not Just For Text Anymore. When Solr came out, it was supposed to be an
OpenSource text search engine. Now it has a big place in Big Data. Read what
Ness's CTO, Moshe Kranc has to say about how it has evolved. Read more
[DZONE.COM]
INGALLS: Spring Data 'Ingalls' Release Train Leaves Station. The Spring Data team
has announced the first milestone release of the Ingalls Release Train. This
coordinated release of subprojects under the Spring Data umbrella ships with 230
fixes and a number of new features. Find out more
[ADTMAG.COM]

Search Technology
GOOGLE: Announces New Cloud Natural Language API While Cloud Search API Goes
Beta. Google says that the Cloud Natural Language API gives developers access to
three Google-powered engines– sentiment analysis, entity recognition, and syntax
analysis. The service is currently available in open beta and is based on the
company’s natural language understanding research. It will initially support three
languages– English, Spanish and Japanese and will help developers reveal the
structure and meaning of your text in the given language. Read more
[THETECHPORTAL.COM]
AMAZON: Amazon EC2 Container Service Now Supports Networking Modes and
Memory Reservation. Docker networks provide isolation for your containers. It is
important to have control over the networks your applications run on. With
Amazon ECS, you can now specify an optional networking mode for your containers
that cater towards different use cases. Find out more
[DABCC.COM]

Application Development
IoT: Why App Development Is The Key To Unlocking The IoT Vault. Solution
providers are positioning themselves for success in the lucrative Internet of Things
market by bolstering their application development teams. Companies bringing IoT
solutions to market face several hurdles, including interoperability, security and
data management challenges – and staffing up with IoT application developers is
critical for tackling these issues. Read more
[CRN.COM]
SDKS: How Imaging SDKs Can Solve Today’s Application Development Challenges. In
a mobile-first world, developers understand the importance of creating a next-
generation app that fits in with client or user expectations. Developers should
consider the myriad of SDK options if they want to improve functionality for the
user, especially imaging SDKs. Although they are a niche market, these SDKs can
add better imaging capabilities and target industry-related problems that
companies are trying to tackle. Find out more
[SDTIMES.COM]

Application Development
SECURITY: Application Security Requires More Talk Than Tech. If you think
application security only involves installing a tool, or scanning a few apps and
moving on, you’re wrong. Application security is a unique security initiative, and its
success hinges on people as much as technology. Read more
[INFOWORLD.COM]
SPEED: How to Speed Enterprise App Development and Meet Digital
Transformation Demands. Low-code platforms are key in accelerating digital
transformation with rapid application development. Find out more
[INFORMATION-AGE.COM]

BYOD
SLIDESHOW: 6 Best Practices for Managing BYOD Technology. The mobile workforce
population is expected to surpass 105 million by 2020, according to IDC. Keeping all
those workers and devices from causing security risks is becoming increasingly hard.
Here are 6 tips on how to best manage it all. Find out more
[INFORMATION-MANAGEMENT.COM]
POLICY: 10 Best Practices For BYOD Policy. Bring-your-own device doesn't have to
mean bring your own security problems. Many enterprises now allow users to access
corporate resources via their personal mobile devices. According to a global survey of
CIOs by Gartner, nearly 40 percent of companies by 2016 will require employees to
provide their own mobile products. Find out more
[DARKREADING.COM]

BYOD
CIO: Shadow BYOD Runs Rampant in Federal Government. A new survey highlights
the extent to which government employees insist on bringing their own devices to
work, despite rules to the contrary. Find out more
[CIO.COM]
NIST: Gives Agencies Guidance on Boosting Cybersecurity for BYOD, Telework.
Security concerns increase as more federal offices offer workers greater flexibility
through telework options and the ability to use their own devices. Read the rest
[FEDTECHMAGAZINE.COM]

Big Data
DATA: State and Local Govs Need to Improve Data Sharing, Big Data Use. Like their
federal counterparts, state and local agencies have made great strides in acquiring
and using big data – but they still have a long way to go, according to a source in the
industry. Find out more
[GOVTECH.COM]
NAVY: How Navy’s Warship Shop Uses Data to Do More with Less. The U.S. Navy’s
shipbuilding office has a new weapon in its effort to efficiently allocate personnel,
resources and budgetary dollars: software. Find out more
[NEXTGOV.COM]

Big Data
NONPROFITS: How Nonprofits Use Big Data to Change the World. Foundation
Center has the world’s largest database of grant and fundraising information. Learn
how the organization uses big data to create apps that encourage transparency and
innovation. Find out more
[TECHREPUBLIC.COM]
CARS: Autodata Turns to Big Data to Predict Vehicle Failures. Vehicle data company
sees 30% jump in revenue after moving to open source software and opening its
data to garages, insurers and parts companies. Find out more
[COMPUTERWEEKLY.COM]

Mobile Applications
MOBILE: How to Block the Ultrasonic Signals You Didn’t Know Were Tracking You.
Dystopian corporate surveillance threats today come at us from all directions.
Companies offer “always-on” devices that listen for our voice commands, and
marketers follow us around the web to create personalized user profiles so they can
(maybe) show us ads we’ll actually click. Now marketers have been experimenting
with combining those web-based and audio approaches to track consumers in
another disturbingly science fictional way: with audio signals your phone can hear,
but you can't. And though you probably have no idea that dog whistle marketing is
going on, researchers are already offering ways to protect yourself. Read more
[WIRED.COM]
FEDERAL GOVERNMENT: White House Launches Mobile App for Reginfo.gov. The
Obama administration has introduced a new way to access information on the
federal regulatory system with the recent launch of RegInfo Mobile. The
application, available for both iOS and Android devices, promotes the transparency
of federal regulations and information collection requests by providing a convenient
mobile interface for Reginfo.gov. Find out more
[FEDERALTIMES.COM]

Mobile Applications
TRENDS: 10 Trends Shaping Mobile Development in 2017. The mobile app
development landscape in 2017 promises to see the continuing emergence of new,
cutting-edge techniques and tools, along with growth in traditional technologies
and approaches. New developments will take shape in both the "mobile first"
enterprise space and the consumer arena, with the continuing hype around
enterprise mobility and increasingly cumbersome app stores promising significant
changes. Here's a look at 10 trends that will affect mobile app developers in the
coming year. Find out more
[ADTMAG.COM]

Mobile Applications
POLITICAL MOBILE: An App That Makes It Easy to Pester Your Congress Member.
Joe Trippi pioneered the use of social media as a fundraising tool. As campaign
manager for Democratic presidential candidate Howard Dean in 2004, he started a
trend that has reinvented that way politicians run for office. But he believes that
many politicians are still missing out on the power of the internet once they’re
elected. Trippi is now working with an internet startup called Countable, which
seeks to give citizens a greater voice in national politics. The company’s online
service gives you a simple and concise overview of the bills your national
representatives are debating, and it lets you instantly send emails to these
representatives, telling them how you would like them to vote. Find out more
[WIRED.COM]

IT Management
TECH MANAGEMENT: Decentralized IT Management Raises Concerns. IT isn't happy
about the shift to decentralized IT management, so VMware tries to provide the best
of both worlds: developer flexibility and centralized IT. Find out more
[NETWORKWORLD.COM]
DOD: Congress Creates New DoD Chief Management Officer, Punts on Role of CIO.
The annual Defense authorization bill Congress sent to the President last week
includes several provisions to redraw the Defense Department's organizational chart,
including one that creates a powerful new Chief Management Officer whose primary
job will be overseeing and reforming DoD headquarters functions. While the
department already has a full-time position - the deputy chief management officer -
to handle functions like business process reengineering and other management
concerns, the new position will carry more stature in the Defense bureaucracy. Find
out more

IT Management
VETERANS AFFAIRS: VA CIO Creating IT Demand Management Office. The
Department of Veterans Affairs will launch a new tech office in 2017 to help meet the
needs of the department's health care, benefits and cemetery lines of business. Ron
Thompson, who was the principal deputy assistant secretary and deputy CIO for VA's
Office of Information and Technology, will lead the creation of a new Demand
Management Office. Find out more
[FEDSCOOP.COM]
LEARN: What Great Managers Do Daily. So much depends upon managers. For
example, a Gallup study found that at least 70% of the variance in employee
engagement scores is driven by who the boss is. This is disconcerting because the
same research found that about 70% of people in management roles are not well
equipped for the job. This state of affairs is hurting not just employee engagement
and quality of life, but also corporate performance. What makes managers of highly
engaged employees different than the rest on a day-to-day basis? Read the results of
a recent survey. Find out more
[HBR.ORG]

Programming & Scripting Development
Client & Server-Side

PROGRAMMING: Java, C, C++ Face Growing Competition in Popularity. When it
comes to programming, Java, C, and C++ still rule the roost, according to this
month’s Tiobe index of language popularity. But all three have suffered downturns
from where they stood in the index a year ago, with lesser-ranked languages
grabbing away share. Java maintained the top spot it has held since April 2015,
with a rating of 16.676 percent, while C stays in second with a rating of 8.445
percent, followed by C++ in third place at 5.429. But Java has lost 4.47 percentage
points year over year from last February, when it was rated at roughly 21.145
percent, while C is down a whopping 7.15 percentage points during that same time
period. It was rated 15.594 a year ago. C++’s drop was less sharp compared to one
year past, decreasing 1.48 percentage points from about 6.91 percent. Find out
more
[INFOWORLD.COM]

SECURITY: JavaScript-based Attack Simplifies Browser Exploits. Researchers have
devised a new attack that can bypass one of the main exploit mitigations in
browsers: Address space layout randomization (ASLR). The attack takes advantage
of how modern processors cache memory and, because it doesn’t rely on a
software bug, fixing the problem is not easy. Find out more
[COMPUTERWORLD.COM]
SCRAMBLECODE: Another New Programming Language, This One for Security.
Adding to the existing portfolio of some 700 programming languages is a new
release candidate for Scramblecode, a security-oriented offering from Danish
software vendor ProgramPartner ApS. Scramblecode (presented as
SCRAMBLECODE by the company) is all about encryption and safety. Find out more
[ADTMAG.COM]

JAVA: An Agile Java Standard - Wishful Thinking or Not? Simon Ritter, Deputy CTO
at Azul Systems and alternate representative on the JCP EC wrote in a blog post
after JCP executive committee’s first face-to-face meeting that "the JCP will require
some substantial changes to the processes it uses" to ensure that an agile Java
standard is possible. Find out more
[JAXENTER.COM]
MICROSOFT: Releases HoloJS, Allowing JavaScript Developers to Make HoloLens
Apps. Most people are probably familiar with Microsoft’s HoloLens as strictly a
piece of futuristic augmented reality hardware. They may not be aware that a key
component of Microsoft’s augmented reality is an underlying application
development platform called Windows Holographic. Read the rest
[DIGITALTRENDS.COM]

VHLLs: Using Scripting Languages in IoT: Challenges and Approaches. Scripting
languages (aka Very High-Level Languages or VHLLs), such as Python, PHP, and
JavaScript are commonly used in desktop, server, and web development. And, their
powerful built-in functionality lets you develop small useful applications with little
time and effort, says Paul Sokolovsky, IoT engineer at Linaro. However, using VHLLs
for deeply embedded development is a relatively recent twist in IoT. Find out more
[LINUX.COM]

Cloud Computing
GOOGLE: With Spanner Database Service, Google Raises the Stakes in Cloud
Computing. Google Inc. has issued a big challenge to its rivals in cloud computing by
opening up access to what has been described as the world’s largest database. The
company is launching Cloud Spanner Beta, providing software developers with a
database service available through Google Cloud that the search giant already uses
to run its massive AdWords advertising system and Google Play app and media store.
Find out more
[SILICONANGLE.COM]

Cloud Computing
CYBERSECURITY: Trust and Risks Both Growing in Government Clouds. A new Intel
Security cloud report reveals that cloud computing adoption is growing rapidly in
government and elsewhere all over the world. At the same time, CIOs are struggling
to keep enterprise data safe in the cloud. Here is what you need to know. Find out
more
[GOVTECH.COM]
CIO: Security in the Cloud. As a former CIO, Richard Spires has implemented and
seen the significant benefits of cloud computing — both the leverage of compute on
demand and the use of software-as-a-service applications. In particular, SaaS-based
applications increasingly are becoming the way organizations can quickly and easily
leverage new capabilities. This is driving tremendous growth and innovation –
AngelList has more than 11,000 SaaS start-ups listed in the U.S., and IDC predicts the
SaaS-based market will surpass $112 billion by 2019. Find out more
[FCW.COM]

Cloud Computing
READ: Relieving Cloud Migration Headaches. One look at the exponential increase
in Amazon Web Services revenue, which has grown by an order of magnitude over
the past five years, makes clear that we are on the cusp of a generational
transformation in how IT organizations provide application infrastructure. Indeed,
Gartner, which estimates that infrastructure-as-a-service revenue grew by nearly 43
percent in 2016, said organizations saved “14 percent of their budgets as an
outcome of public cloud adoption,” a ratio that is sure to rise in the coming years.
And many government IT organizations are at the forefront of the cloud conversion
due to executive-level mandates, tight IT budgets and demand for increased access
to information and online services. Find out more
[GCN.COM]

Announcement
Blue Mountain Data Systems DOL Contract Extended Another Six Months
The Department of Labor has extended Blue Mountain Data Systems Inc. contract
DOLOPS16C0017 for 6 months for network administration and application
support.
U.S. Dept. of Labor, Employee Benefits Security Administration
1994 to Present Responsible to the Office of Technology and Information Systems
for information systems architecture, planning, applications development,
networking, administration and IT security, supporting the enforcement of Title I
of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue
Mountain is responsible for design, development and support for its various
enforcement database management systems, as well as all case tracking and
customer service inquiry systems. Blue Mountain also provides IT security services
to the EBSA, in the form of FISMA Assessment and Authorization, System Security
Plans, Risk and vulnerability assessments, monitoring and investigation support.

IT Security | Cybersecurity
INTERVIEW: Cybersecurity in the Federal Government. Alex Grohmann, founder
and resident of Sicher Consulting, John Dyson from Deloitte, and Brian Gay,
president, Think Forward Consulting talk about the concept of a cybersecurity
framework for the federal government. Read more
TECH INSIDER: Priorities for Enhancing National Cybersecurity. Presidential
transitions are a time of considerable change in government, including new agency
leaders and evolving policy priorities. But many issues persist, and this is certainly
the case with cybersecurity. Advancing the nation's cybersecurity posture must be a
key priority for the Trump administration, especially if we are to maximize the
benefits of digital transformation. Read more
[NEXTGOV.COM]

IT Security | Cybersecurity
NEWS: National Guard Expects Expanded Role in Cybersecurity. The National
Guard’s role in cybersecurity began in 1999 thanks to the uncertainty created by
Y2K. With concerns of potential computer chaos looming when dates on systems
turned over to 2000, the National Guard was given a new force structure called a
computer network defense team. Renamed Defensive Cyber Operations Elements,
the eight-to 10-person teams are organized on the state level, while support for the
10 Federal Emergency Management Agency regions is handled by Cyber Protection
Teams, Lt. Col. Brad Rhodes, the commander of the Colorado National Guard's Cyber
Protection Team 178, said in a recent interview. Find out more
[GCN.COM]
PEOPLE: U.S. Rep. Bob Latta Named Chairman of Panel that Oversees Data,
Cybersecurity. The House Subcommittee on Digital Commerce and Consumer
Protection has a great range of jurisdiction -- everything from IoT policies to
overseeing the Federal Trade Commission. Find out more
[GOVTECH.COM]

From the Blue Mountain Data Systems Blog
Personal Tech
https://www.bluemt.com/personal-tech-daily-tech-update-october-28-2016
IT Management
https://www.bluemt.com/it-management-daily-tech-update-october-27-2016
https://www.bluemt.com/business-intelligence-daily-tech-update-october-26-
2016
Incident Response
https://www.bluemt.com/incident-response-daily-tech-update-october-25-2016

Security Patches
https://www.bluemt.com/security-patches-daily-tech-update-october-24-2016/
BYOD
https://www.bluemt.com/byod-daily-tech-update-october-21-2016/
Databases
https://www.bluemt.com/databases-daily-tech-update-october-20-2016/
Operating Systems
https://www.bluemt.com/operating-systems-daily-tech-update-october-19-
2016/

Encryption
https://www.bluemt.com/encryption-daily-tech-update-october-18-2016/
Cloud Computing
https://www.bluemt.com/cloud-computing-daily-tech-update-october-17-2016/
Programming & Scripting
https://www.bluemt.com/programming-scripting-daily-tech-update-october-14-
2016/
Incident Response
https://www.bluemt.com/incident-response-daily-tech-update-october-13-
2016/

Cybersecurity
https://www.bluemt.com/cybersecurity-daily-tech-update-october-12-2016/
Big Data
https://www.bluemt.com/big-data-daily-tech-update-october-11-2016/
Mobile Applications
https://www.bluemt.com/mobile-applications-daily-tech-update-october-7-
2016/
Cloud Computing
https://www.bluemt.com/cloud-computing-daily-tech-update-october-6-2016/

Open Source
https://www.bluemt.com/open-source-daily-tech-update-october-5-2016/
CTO, CIO and CISO
https://www.bluemt.com/cto-cio-ciso-daily-tech-update-october-4-2016/
Programming & Scripting
https://www.bluemt.com/programming-scripting-daily-tech-update-october-3-
2016/

Feds Report Mixed Responses to Shared Services
https://www.bluemt.com/feds-report-mixed-responses-to-shared-services
Federal Employees Are Not Security Experts
https://www.bluemt.com/federal-employees-are-not-security-experts
Survival Guide for Network Administrators
https://www.bluemt.com/survival-guide-for-network-administrators
DBaaS: OpenStack Trove Changes DB Management
https://www.bluemt.com/dbaas-openstack-trove-changes-db-management

Help Wanted: Certified Cybersecurity Professionals
https://www.bluemt.com/help-wanted-certified-cybersecurity-professionals
Cyber Threat Intelligence Integration Center Preview
https://www.bluemt.com/cyber-threat-intelligence-integration-center-preview/
Cloud Moves in 1-2-3
https://www.bluemt.com/cloud-moves-in-1-2-3/
Change Management for Disaster Recovery
https://www.bluemt.com/change-management-for-disaster-recovery/

Jeffersonian Advice For C-Suite Career Advancement
https://www.bluemt.com/jeffersonian-advice-for-c-suite-career-advancement/
Ways To Survive The “Mobile-Pocalypse”
https://www.bluemt.com/ways-to-survive-the-mobile-pocalypse/
Microsoft Cloud Services Receive FedRAMP Authority to Operate
https://www.bluemt.com/microsoft-cloud-services-receive-fedramp-authority-
to-operate/
Hiring Pentesters? Here Are 10 Things You Need to Know
https://www.bluemt.com/hiring-pentesters-here-are-10-things-you-need-to-
know/

Home Router Malware Alert
https://www.bluemt.com/home-router-malware-alert/
Threat Model Deconstruction
https://www.bluemt.com/threat-model-deconstruction/
Business Email Scam Nets $214 Million
https://www.bluemt.com/business-email-scam-nets-214-million/
How to Prevent Unauthorized Software from Taking Over Your Organization
https://www.bluemt.com/the-cios-guide-to-happy-end-users-2/

Digital Marketing Predictions for 2015
https://www.bluemt.com/digital-marketing-predictions-for-2015/
SDN: Network Administrator’s Friend or Foe?
https://www.bluemt.com/sdn-network-administrators-friend-or-foe/
Mobile Payments: A Must for Federal Agencies
https://www.bluemt.com/mobile-payments-a-must-for-federal-agencies/
Soft Skills Are A Must-Have For Careers In IT
https://www.bluemt.com/soft-skills-are-a-must-have-for-careers-in-it/

Security Risks Most Prevalent in Younger Workers
https://www.bluemt.com/security-risks-most-prevalent-in-younger-workers/
The Security World’s Maturation
https://www.bluemt.com/the-security-worlds-maturation/
Data Breach Concerns Keep CISOs Up At Night
https://www.bluemt.com/data-breach-concerns-keep-cisos-up-at-night/
Personalized Govt Equals Instant Gratification for Citizens
https://www.bluemt.com/personalized-govt-equals-instant-gratification-for-
citizens/

People-Centric Security
https://www.bluemt.com/people-centric-security/
Pentagon Tries BYOD To Strike Work/Life Balance
https://www.bluemt.com/pentagon-tries-byod-to-strike-worklife-balance/
Open Source Model Considered for MS Windows
https://www.bluemt.com/open-source-model-considered-for-ms-windows/
Open Internet: To Be or Not to Be?
https://www.bluemt.com/open-internet-to-be-or-not-to-be/

Malware Stays A Step Ahead Infecting One Third of Websites
https://www.bluemt.com/malware-stays-a-step-ahead-infecting-one-third-of-
websites/
Machine-Generated Data: Potential Goldmine for the CIO
https://www.bluemt.com/machine-generated-data-potential-goldmine-for-the-
cio/
Government Legacy Programs: Reuse vs. Replacement
https://www.bluemt.com/government-legacy-programs-reuse-vs-replacement/
It Takes a Whole Village to Protect Networks and Systems
https://www.bluemt.com/it-takes-a-whole-village-to-protect-networks-and-
systems/

Governance For the CIO
https://www.bluemt.com/governance-for-the-cio/
Help Desk Consolidation – Lessons Learned
https://www.bluemt.com/help-desk-consolidation-lessons-learned/
One Year Later, Companies Still Vulnerable to Heartbleed
https://www.bluemt.com/one-year-later-companies-still-vulnerable-to-
heartbleed/
Federal Projects Cultivate Worker Passion
https://www.bluemt.com/federal-projects-cultivate-worker-passion-2/

ABOUT US
Blue Mountain Data Systems Inc.
Blue Mountain Data Systems Inc. is dedicated to application
and systems development, electronic document management,
IT security support, and the automation of workflow processes.
Read more about our experience here:
>> http://bluemt.com/experience

Recent Experience
U.S. Dept. of Labor
Employee Benefits Security Administration
1994 to Present
Responsible to the Office of Technology and Information Systems for information
systems architecture, planning, applications development, networking,
administration and IT security, supporting the enforcement of Title I of the
Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue
Mountain is responsible for design, development and support for its various
enforcement database management systems, as well as all case tracking and
customer service inquiry systems. Blue Mountain also provides IT security services
to the EBSA, in the form of FISMA Assessment and Authorization, System Security
Plans, Risk and vulnerability assessments, monitoring and investigation support.

MANAGEMENT
Paul T. Vesely
Founder, President, CEO and Principal Architect
Mr. Vesely is a recognized thought leader in systems
architecture and delivery, having designed and
delivered many enterprise wide information and
document management solutions. Mr. Vesely’s history
includes 33 years experience in the information
systems industry, with Unisys, Grumman, PRC and a
host of clients in both government and private sectors.

CONTACT US
Contact Us Today to Discuss Your Next IT Project
HEADQUARTERS
366 Victory Drive
Herndon, VA 20170
PHONE 703-502-3416
FAX 703-745-9110
EMAIL
paul@bluemt.com
WEB
https://www.bluemt.com

Tech Update Summary from Blue Mountain Data Systems February 2017

Recommandé

Recommandé

Contenu connexe

En vedette

En vedette (7)

Plus de BMDS3416

Plus de BMDS3416 (7)

Dernier

Dernier (20)

Tech Update Summary from Blue Mountain Data Systems February 2017