Technically Speaking

What does privilege have to do with your agency’s security controls? The fact is that most data breaches start with privilege abuse. Think Edward Snowden. In the wake of his leaks, the NSA pledged to reduce system administrator privileges by 90%. Then there are outsiders. Most recent federal data breaches originate from attackers who exploited the login accounts of employees or contractors to gain access to sensitive data.

In our recent webinar, three industry experts dissected the recently revised primary standard for security controls for federal information systems, NIST 800-53 revision 4. As more agencies in the public sector and their partners move to the cloud, security remains a top concern. Thought leaders from DLT, AWS and Evident.io exchanged perspectives on what NIST 800-53 compliance means for government agencies and private organizations alike.

Open source application development and delivery tools provide compelling value for developers and often fill holes that commercial tools, with their relatively fixed function set, can’t fill. But a new report from Forrester, suggests that open source tools can’t do it all. After surveying 150 U.S. application development and IT professionals, Forrester found that open source tools play an important role in the software delivery pipeline, they aren’t a silver bullet.

The revitalization of U.S. infrastructure is once again a hot topic as the new White House administration pledges to invest in the nation’s roads, bridges and airports. Politics aside, it’s a timely imperative. Once again, the American Society of Civil Engineers (ASCE) has ranked U.S. infrastructure at a D+ grading.

Two years on from the massive Office of Personnel Management (OPM) data breach, current and former officials have concluded that the greatest fallout from the hack was not the loss of documents and personal identifiable information, but to the government’s reputation, reports NextGov.

When looking to build a microservice, you may have come across two pieces of advice; start with a monolith, and don’t start with a monolith.  For a good number of us developers in the trenches, the point looks irrelevant because we already have a monolith, so one to-do completed and moving on.  Not so fast!  The discussion goes beyond the greenfield experience of where to start.  Instead, within the “don’t start with a monolith” advice