SlideShare a Scribd company logo

Myths and Realities of Cloud Data Security

Download as PPTX, PDF
Michael Krouze
Michael Krouze

Debunking some of the "sound bite" myths around Cloud Data Security. Presentation done for the MinneAnalytics "Life Science Lean-In: Analytics & Big Data in Healthcare & Life Science"

TechnologyBusiness
1 of 24
Myths & Realities of Cloud Data Security Michael J. Krouze Chief Technology Officer Charter Solutions, Inc. © 2012
“All our knowledge has its origins in our perceptions.” - Leonardo da Vinci “The first step toward change is awareness. The second step is acceptance.” - Nathaniel Branden “The thing about quotes on the internet is you can not confirm their validity.” - Abraham Lincoln Copyright © 2013, Charter Solutions, Inc. 2.
We don’t use the cloud. Copyright © 2013, Charter Solutions, Inc. 3.
Copyright © 2013, Charter Solutions, Inc. 4.
• Files are encrypted at rest • Files are encrypted during transit • Provide “business” version that allows multiple user access control • Strict policy and technical access controls that prohibit employee access • Users can have weak passwords • Files are ‘synced’ to multiple devices • API allows programs to access your files (with permission) • Always use strong passwords • Encrypt files before you put them there and only share key with the other people who should see that file • Never give permission for API access Copyright © 2013, Charter Solutions, Inc. 5.
Yes, your organization uses the cloud… you just may not know it. Copyright © 2013, Charter Solutions, Inc. 6.
The cloud simply cannot be secure. The cloud isn't safe. If it's on the Internet, it's more vulnerable to hackers. Data stored in the cloud is more vulnerable. My provider has my security covered. Copyright © 2013, Charter Solutions, Inc. Private cloud computing is secure by default. 7.
Security is a Shared Responsibility On-Premise On-Premise (hosted) IaaS PaaS SaaS Application Application Application Application Application Services Services Services Services Services OS OS OS OS OS VM VM VM VM VM Server Server Server Server Server Storage Storage Storage Storage Storage Network Network Network Network Network Organization has Control Copyright © 2013, Charter Solutions, Inc. Organization Shares Control with Vendor Vendor has Control 8.
Industry Groups Targeted Accommodation and Food Services Retail Trade Finance and Insurance Health Care and Social Assistance Information Other 0 10 20 30 40 % of Breaches 50 60 Source: 2012 Data Breach Investigations Report (Verizon/USSS) Copyright © 2013, Charter Solutions, Inc. 9.
Who’s Behind Data Breaches? External Agents Internal Employees Business Partners 0 20 40 60 % of Breaches 80 100 Source: 2012 Data Breach Investigations Report (Verizon/USSS) Copyright © 2013, Charter Solutions, Inc. 10.
Threat Agent Change Over Time 100 90 % of Breaches 80 70 60 50 40 30 20 10 0 '04-'07 2008 External 2009 Internal 2010 2011 Partner Source: 2012 Data Breach Investigations Report (Verizon/USSS) Copyright © 2013, Charter Solutions, Inc. 11.
How Do Breaches Occur? Hacking Malware Physical Attacks Social Tactics Priviledge Misuse 0 20 40 60 % of Breaches 80 100 Source: 2012 Data Breach Investigations Report (Verizon/USSS) Copyright © 2013, Charter Solutions, Inc. 12.
Attack Commonalities 97% 96% 94% 92% 85% 79% Avoidable through simple or intermediate controls Were not highly difficult Of all data compromised involved servers Were discovered by a third party Took weeks or more to discover Were targets of opportunity Source: 2012 Data Breach Investigations Report (Verizon/USSS) Copyright © 2013, Charter Solutions, Inc. 13.
Hacking Methods Default/guessable credentials Stolen login credentials Brute force/dictionary attacks Exploit backdoor Exploit insufficient authentication SQL Injection Remote file inclusion Abuse of functionality Unknown 0 10 20 30 40 % of Breaches 50 60 Source: 2012 Data Breach Investigations Report (Verizon/USSS) Copyright © 2013, Charter Solutions, Inc. 14.
Not Just About Data Encryption Public Network SSL Encrypted Application Private Network Clear Text Data Database Storage System OS File System Encrypted at Rest Copyright © 2013, Charter Solutions, Inc. 15.
It’s not that the cloud isn’t secure… It’s that you need to think differently about how to secure it Copyright © 2013, Charter Solutions, Inc. 16.
My datacenter is more secure than the cloud. Copyright © 2013, Charter Solutions, Inc. 17.
A little obvious after the last myth Security is often taken for granted behind the firewall Copyright © 2013, Charter Solutions, Inc. 18.
Data Breaches by Hosting Location Internal External Co-located Mobile 0 10 20 30 40 50 % of Breaches 60 70 80 90 Source: 2012 Data Breach Investigations Report (Verizon/USSS) Copyright © 2013, Charter Solutions, Inc. 19.
Your datacenter (on-premise or cloud) is only as secure as you make it! Both can be equally secure or insecure. Copyright © 2013, Charter Solutions, Inc. 20.
Concluding thoughts… Copyright © 2013, Charter Solutions, Inc. 21.
Understand your data risks & security needs Establish a set of cloud-specific security processes / policies Copyright © 2013, Charter Solutions, Inc. 22.
Review cloud vendors closely to ensure their sphere of control aligns with your cloud-specific processes / policies Implement, monitor, react, review, improve Copyright © 2013, Charter Solutions, Inc. 23.
Thank You! michael.krouze@chartersolutions.com http://www.linkedin.com/in/mjkrouze @mjkrouze Copyright © 2013, Charter Solutions, Inc. 24.

Recommended

Cyber Security: User Access Pitfalls, A Case Study Approach
Cyber Security: User Access Pitfalls, A Case Study Approach Cyber Security: User Access Pitfalls, A Case Study Approach
Cyber Security: User Access Pitfalls, A Case Study Approach Aviva Spectrum™
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity TrainingWindstoneHealth
 
Enabling Dropbox for Business
Enabling Dropbox for BusinessEnabling Dropbox for Business
Enabling Dropbox for BusinessElastica Inc.
 
Shadow Data Exposed
Shadow Data ExposedShadow Data Exposed
Shadow Data ExposedElastica Inc.
 
Security in network computing
Security in network computingSecurity in network computing
Security in network computingManoj VNV
 
Health information security 2 : Basic concepts
Health information security 2 : Basic conceptsHealth information security 2 : Basic concepts
Health information security 2 : Basic conceptsDr. Lasantha Ranwala
 
Corporate Data: A Protected Asset or a Ticking Time Bomb?
Corporate Data: A Protected Asset or a Ticking Time Bomb? Corporate Data: A Protected Asset or a Ticking Time Bomb?
Corporate Data: A Protected Asset or a Ticking Time Bomb? Varonis
 
How to Extend Security and Compliance Within Box
How to Extend Security and Compliance Within BoxHow to Extend Security and Compliance Within Box
How to Extend Security and Compliance Within BoxElastica Inc.
 

Recommended

Cyber Security: User Access Pitfalls, A Case Study Approach
Cyber Security: User Access Pitfalls, A Case Study Approach Cyber Security: User Access Pitfalls, A Case Study Approach
Cyber Security: User Access Pitfalls, A Case Study Approach Aviva Spectrum™
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity TrainingWindstoneHealth
 
Enabling Dropbox for Business
Enabling Dropbox for BusinessEnabling Dropbox for Business
Enabling Dropbox for BusinessElastica Inc.
 
Shadow Data Exposed
Shadow Data ExposedShadow Data Exposed
Shadow Data ExposedElastica Inc.
 
Security in network computing
Security in network computingSecurity in network computing
Security in network computingManoj VNV
 
Health information security 2 : Basic concepts
Health information security 2 : Basic conceptsHealth information security 2 : Basic concepts
Health information security 2 : Basic conceptsDr. Lasantha Ranwala
 
Corporate Data: A Protected Asset or a Ticking Time Bomb?
Corporate Data: A Protected Asset or a Ticking Time Bomb? Corporate Data: A Protected Asset or a Ticking Time Bomb?
Corporate Data: A Protected Asset or a Ticking Time Bomb? Varonis
 
How to Extend Security and Compliance Within Box
How to Extend Security and Compliance Within BoxHow to Extend Security and Compliance Within Box
How to Extend Security and Compliance Within BoxElastica Inc.
 
Gaining A Foothold
Gaining A FootholdGaining A Foothold
Gaining A FootholdClaranet UK
 
How Does a Data Breach Happen?
How Does a Data Breach Happen? How Does a Data Breach Happen?
How Does a Data Breach Happen? Claranet UK
 
Cisa ransomware guide
Cisa ransomware guideCisa ransomware guide
Cisa ransomware guideanpapathanasiou
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Managementipspat
 
Health information security 3 vulnerability threat and risk
Health information security 3 vulnerability threat and riskHealth information security 3 vulnerability threat and risk
Health information security 3 vulnerability threat and riskDr. Lasantha Ranwala
 
No More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan RowcliffeNo More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan RowcliffeCore Security
 
beyond_the_firewall_0103
beyond_the_firewall_0103beyond_the_firewall_0103
beyond_the_firewall_0103Jack McCullough
 
The 15 best cloud security practices
The 15 best cloud security practices The 15 best cloud security practices
The 15 best cloud security practices Cloudride LTD
 
Enterprise Information Systems Security: A Case Study in the Banking Sector
Enterprise Information Systems Security: A Case Study in the Banking SectorEnterprise Information Systems Security: A Case Study in the Banking Sector
Enterprise Information Systems Security: A Case Study in the Banking SectorCONFENIS 2012
 
Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefingtechnext1
 
Cybersecurity: How to Protect Your Firm from a Cyber Attack
Cybersecurity: How to Protect Your Firm from a Cyber AttackCybersecurity: How to Protect Your Firm from a Cyber Attack
Cybersecurity: How to Protect Your Firm from a Cyber AttackShawn Tuma
 
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10thCYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10thUnited Technology Group (UTG)
 
Mobile App Security: Enterprise Checklist
Mobile App Security: Enterprise ChecklistMobile App Security: Enterprise Checklist
Mobile App Security: Enterprise ChecklistJignesh Solanki
 
IT system security principles practices
IT system security principles practicesIT system security principles practices
IT system security principles practicesgufranresearcher
 
Lukas - Ancaman E-Health Security
Lukas - Ancaman E-Health SecurityLukas - Ancaman E-Health Security
Lukas - Ancaman E-Health SecurityIndonesia Honeynet Chapter
 
Anatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EUAnatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EUUniversity of Essex
 
IT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest ThreatIT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest ThreatETech 7
 
PACE-IT, Security+3.1: Types of Malware
PACE-IT, Security+3.1: Types of MalwarePACE-IT, Security+3.1: Types of Malware
PACE-IT, Security+3.1: Types of MalwarePace IT at Edmonds Community College
 
Cyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSCyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSKenny Huang Ph.D.
 
Mitigating Web 2.0 Threats
Mitigating Web 2.0 ThreatsMitigating Web 2.0 Threats
Mitigating Web 2.0 ThreatsKim Jensen
 
'Advanced' Link Building
'Advanced' Link Building'Advanced' Link Building
'Advanced' Link BuildingIan Lurie
 
Sesion 2
Sesion 2Sesion 2
Sesion 2Luis Molina
 

More Related Content

What's hot

Gaining A Foothold
Gaining A FootholdGaining A Foothold
Gaining A FootholdClaranet UK
 
How Does a Data Breach Happen?
How Does a Data Breach Happen? How Does a Data Breach Happen?
How Does a Data Breach Happen? Claranet UK
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Managementipspat
 
Health information security 3 vulnerability threat and risk
Health information security 3 vulnerability threat and riskHealth information security 3 vulnerability threat and risk
Health information security 3 vulnerability threat and riskDr. Lasantha Ranwala
 
No More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan RowcliffeNo More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan RowcliffeCore Security
 
beyond_the_firewall_0103
beyond_the_firewall_0103beyond_the_firewall_0103
beyond_the_firewall_0103Jack McCullough
 
The 15 best cloud security practices
The 15 best cloud security practices The 15 best cloud security practices
The 15 best cloud security practices Cloudride LTD
 
Enterprise Information Systems Security: A Case Study in the Banking Sector
Enterprise Information Systems Security: A Case Study in the Banking SectorEnterprise Information Systems Security: A Case Study in the Banking Sector
Enterprise Information Systems Security: A Case Study in the Banking SectorCONFENIS 2012
 
Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefingtechnext1
 
Cybersecurity: How to Protect Your Firm from a Cyber Attack
Cybersecurity: How to Protect Your Firm from a Cyber AttackCybersecurity: How to Protect Your Firm from a Cyber Attack
Cybersecurity: How to Protect Your Firm from a Cyber AttackShawn Tuma
 
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10thCYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10thUnited Technology Group (UTG)
 
Mobile App Security: Enterprise Checklist
Mobile App Security: Enterprise ChecklistMobile App Security: Enterprise Checklist
Mobile App Security: Enterprise ChecklistJignesh Solanki
 
IT system security principles practices
IT system security principles practicesIT system security principles practices
IT system security principles practicesgufranresearcher
 
Anatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EUAnatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EUUniversity of Essex
 
IT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest ThreatIT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest ThreatETech 7
 
Cyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSCyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSKenny Huang Ph.D.
 
Mitigating Web 2.0 Threats
Mitigating Web 2.0 ThreatsMitigating Web 2.0 Threats
Mitigating Web 2.0 ThreatsKim Jensen
 

What's hot (20)

Gaining A Foothold
Gaining A FootholdGaining A Foothold
Gaining A Foothold
 
How Does a Data Breach Happen?
How Does a Data Breach Happen? How Does a Data Breach Happen?
How Does a Data Breach Happen?
 
Cisa ransomware guide
Cisa ransomware guideCisa ransomware guide
Cisa ransomware guide
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Management
 
Health information security 3 vulnerability threat and risk
Health information security 3 vulnerability threat and riskHealth information security 3 vulnerability threat and risk
Health information security 3 vulnerability threat and risk
 
No More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan RowcliffeNo More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
 
beyond_the_firewall_0103
beyond_the_firewall_0103beyond_the_firewall_0103
beyond_the_firewall_0103
 
The 15 best cloud security practices
The 15 best cloud security practices The 15 best cloud security practices
The 15 best cloud security practices
 
Enterprise Information Systems Security: A Case Study in the Banking Sector
Enterprise Information Systems Security: A Case Study in the Banking SectorEnterprise Information Systems Security: A Case Study in the Banking Sector
Enterprise Information Systems Security: A Case Study in the Banking Sector
 
Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefing
 
Cybersecurity: How to Protect Your Firm from a Cyber Attack
Cybersecurity: How to Protect Your Firm from a Cyber AttackCybersecurity: How to Protect Your Firm from a Cyber Attack
Cybersecurity: How to Protect Your Firm from a Cyber Attack
 
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10thCYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
 
Mobile App Security: Enterprise Checklist
Mobile App Security: Enterprise ChecklistMobile App Security: Enterprise Checklist
Mobile App Security: Enterprise Checklist
 
IT system security principles practices
IT system security principles practicesIT system security principles practices
IT system security principles practices
 
Lukas - Ancaman E-Health Security
Lukas - Ancaman E-Health SecurityLukas - Ancaman E-Health Security
Lukas - Ancaman E-Health Security
 
Anatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EUAnatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EU
 
IT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest ThreatIT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest Threat
 
PACE-IT, Security+3.1: Types of Malware
PACE-IT, Security+3.1: Types of MalwarePACE-IT, Security+3.1: Types of Malware
PACE-IT, Security+3.1: Types of Malware
 
Cyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSCyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoS
 
Mitigating Web 2.0 Threats
Mitigating Web 2.0 ThreatsMitigating Web 2.0 Threats
Mitigating Web 2.0 Threats
 

Viewers also liked

'Advanced' Link Building
'Advanced' Link Building'Advanced' Link Building
'Advanced' Link BuildingIan Lurie
 
Migrating to open unified communication
Migrating to open unified communicationMigrating to open unified communication
Migrating to open unified communicationOlle E Johansson
 
Linda Rising Born To Cycle
Linda Rising Born To CycleLinda Rising Born To Cycle
Linda Rising Born To Cycledeimos
 
04 march 08 :: SkewTube @ Swarthmore
04 march 08 :: SkewTube @ Swarthmore04 march 08 :: SkewTube @ Swarthmore
04 march 08 :: SkewTube @ SwarthmoreJulie Levin Russo
 
Infostudio Chocolate Bars 2
Infostudio Chocolate Bars 2Infostudio Chocolate Bars 2
Infostudio Chocolate Bars 2becz_y
 
concierto oli
concierto oliconcierto oli
concierto olilaulolis
 
Innovation Equations
Innovation EquationsInnovation Equations
Innovation EquationsBen Ullman
 
No Bragging and Nothing Boring: 11 Ways to Share Your Impact
No Bragging and Nothing Boring: 11 Ways to Share Your ImpactNo Bragging and Nothing Boring: 11 Ways to Share Your Impact
No Bragging and Nothing Boring: 11 Ways to Share Your ImpactKivi Leroux Miller
 
I can haz HTTP - Consuming and producing HTTP APIs in the Ruby ecosystem
I can haz HTTP - Consuming and producing HTTP APIs in the Ruby ecosystemI can haz HTTP - Consuming and producing HTTP APIs in the Ruby ecosystem
I can haz HTTP - Consuming and producing HTTP APIs in the Ruby ecosystemSidu Ponnappa
 
Socioeconomic Impact Assessment
Socioeconomic Impact AssessmentSocioeconomic Impact Assessment
Socioeconomic Impact AssessmentBedanga Bordoloi
 
Java Script
Java ScriptJava Script
Java ScriptLiu Xing
 
Baby bottle tooth decay
Baby bottle tooth decayBaby bottle tooth decay
Baby bottle tooth decaykteach
 
This is all such bullshit
This is all such bullshitThis is all such bullshit
This is all such bullshitJason Falls
 
Lo Sport Visto In Modo Non Convenzionale
Lo Sport Visto In Modo Non ConvenzionaleLo Sport Visto In Modo Non Convenzionale
Lo Sport Visto In Modo Non ConvenzionaleMolinaro Andrea
 
Listen to your customers and they will listen to you optsum phoenix septemb...
Listen to your customers and they will listen to you optsum phoenix septemb...Listen to your customers and they will listen to you optsum phoenix septemb...
Listen to your customers and they will listen to you optsum phoenix septemb...Shashi Bellamkonda
 

Viewers also liked (20)

'Advanced' Link Building
'Advanced' Link Building'Advanced' Link Building
'Advanced' Link Building
 
Sesion 2
Sesion 2Sesion 2
Sesion 2
 
Migrating to open unified communication
Migrating to open unified communicationMigrating to open unified communication
Migrating to open unified communication
 
Linda Rising Born To Cycle
Linda Rising Born To CycleLinda Rising Born To Cycle
Linda Rising Born To Cycle
 
04 march 08 :: SkewTube @ Swarthmore
04 march 08 :: SkewTube @ Swarthmore04 march 08 :: SkewTube @ Swarthmore
04 march 08 :: SkewTube @ Swarthmore
 
connector
connectorconnector
connector
 
Infostudio Chocolate Bars 2
Infostudio Chocolate Bars 2Infostudio Chocolate Bars 2
Infostudio Chocolate Bars 2
 
concierto oli
concierto oliconcierto oli
concierto oli
 
Innovation Equations
Innovation EquationsInnovation Equations
Innovation Equations
 
No Bragging and Nothing Boring: 11 Ways to Share Your Impact
No Bragging and Nothing Boring: 11 Ways to Share Your ImpactNo Bragging and Nothing Boring: 11 Ways to Share Your Impact
No Bragging and Nothing Boring: 11 Ways to Share Your Impact
 
Comercio electrónico en imágenes
Comercio electrónico en imágenesComercio electrónico en imágenes
Comercio electrónico en imágenes
 
I can haz HTTP - Consuming and producing HTTP APIs in the Ruby ecosystem
I can haz HTTP - Consuming and producing HTTP APIs in the Ruby ecosystemI can haz HTTP - Consuming and producing HTTP APIs in the Ruby ecosystem
I can haz HTTP - Consuming and producing HTTP APIs in the Ruby ecosystem
 
Socioeconomic Impact Assessment
Socioeconomic Impact AssessmentSocioeconomic Impact Assessment
Socioeconomic Impact Assessment
 
Cicluri
CicluriCicluri
Cicluri
 
Java Script
Java ScriptJava Script
Java Script
 
Baby bottle tooth decay
Baby bottle tooth decayBaby bottle tooth decay
Baby bottle tooth decay
 
This is all such bullshit
This is all such bullshitThis is all such bullshit
This is all such bullshit
 
Lo Sport Visto In Modo Non Convenzionale
Lo Sport Visto In Modo Non ConvenzionaleLo Sport Visto In Modo Non Convenzionale
Lo Sport Visto In Modo Non Convenzionale
 
Listen to your customers and they will listen to you optsum phoenix septemb...
Listen to your customers and they will listen to you optsum phoenix septemb...Listen to your customers and they will listen to you optsum phoenix septemb...
Listen to your customers and they will listen to you optsum phoenix septemb...
 
Concierto
ConciertoConcierto
Concierto
 

Similar to Myths and Realities of Cloud Data Security

Cybersecurity…real world solutions
Cybersecurity…real world solutions Cybersecurity…real world solutions
Cybersecurity…real world solutions ErnestStaats
 
Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...Osama Salah
 
Cyber security awareness for end users
Cyber security awareness for end usersCyber security awareness for end users
Cyber security awareness for end usersNetWatcher
 
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdfCYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdfJenna Murray
 
Secure Android Apps- nVisium Security
Secure Android Apps- nVisium SecuritySecure Android Apps- nVisium Security
Secure Android Apps- nVisium SecurityJack Mannino
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4Rodrigo Piovesana
 
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...Michael Noel
 
10.1.1.436.3364.pdf
10.1.1.436.3364.pdf10.1.1.436.3364.pdf
10.1.1.436.3364.pdfmistryritesh
 
TM112 Meeting10-Dangerous Data.pptx
TM112 Meeting10-Dangerous Data.pptxTM112 Meeting10-Dangerous Data.pptx
TM112 Meeting10-Dangerous Data.pptxMohammedYusuf609377
 
CIA = Confidentiality of information, Integrity of information, Avai.pdf
CIA = Confidentiality of information, Integrity of information, Avai.pdfCIA = Confidentiality of information, Integrity of information, Avai.pdf
CIA = Confidentiality of information, Integrity of information, Avai.pdfannaielectronicsvill
 
Introduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeIntroduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeMelbourne IT
 
Running head NETWORK INFRASTRUTCTURE AND SECURITYNETWORK INFR.docx
Running head NETWORK INFRASTRUTCTURE AND SECURITYNETWORK INFR.docxRunning head NETWORK INFRASTRUTCTURE AND SECURITYNETWORK INFR.docx
Running head NETWORK INFRASTRUTCTURE AND SECURITYNETWORK INFR.docxtoltonkendal
 
Network security chapter 1,2
Network security chapter 1,2Network security chapter 1,2
Network security chapter 1,2Education
 
Fog Computing:The Justifying Insider Data Stealing Attacks in the Cloud
Fog Computing:The Justifying Insider Data Stealing Attacks in the CloudFog Computing:The Justifying Insider Data Stealing Attacks in the Cloud
Fog Computing:The Justifying Insider Data Stealing Attacks in the CloudIJSRD
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfCareerera
 
Multitenency - Solving Security Issue
Multitenency - Solving Security Issue Multitenency - Solving Security Issue
Multitenency - Solving Security Issue MANVENDRA PRIYADARSHI
 

Similar to Myths and Realities of Cloud Data Security (20)

Cybersecurity…real world solutions
Cybersecurity…real world solutions Cybersecurity…real world solutions
Cybersecurity…real world solutions
 
Challenges2013
Challenges2013Challenges2013
Challenges2013
 
Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...
 
Cyber security awareness for end users
Cyber security awareness for end usersCyber security awareness for end users
Cyber security awareness for end users
 
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdfCYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
 
Secure Android Apps- nVisium Security
Secure Android Apps- nVisium SecuritySecure Android Apps- nVisium Security
Secure Android Apps- nVisium Security
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4
 
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
 
10.1.1.436.3364.pdf
10.1.1.436.3364.pdf10.1.1.436.3364.pdf
10.1.1.436.3364.pdf
 
TM112 Meeting10-Dangerous Data.pptx
TM112 Meeting10-Dangerous Data.pptxTM112 Meeting10-Dangerous Data.pptx
TM112 Meeting10-Dangerous Data.pptx
 
CIA = Confidentiality of information, Integrity of information, Avai.pdf
CIA = Confidentiality of information, Integrity of information, Avai.pdfCIA = Confidentiality of information, Integrity of information, Avai.pdf
CIA = Confidentiality of information, Integrity of information, Avai.pdf
 
Introduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeIntroduction to the Current Threat Landscape
Introduction to the Current Threat Landscape
 
Measures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacksMeasures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacks
 
Measure To Avoid Cyber Attacks
Measure To Avoid Cyber AttacksMeasure To Avoid Cyber Attacks
Measure To Avoid Cyber Attacks
 
Running head NETWORK INFRASTRUTCTURE AND SECURITYNETWORK INFR.docx
Running head NETWORK INFRASTRUTCTURE AND SECURITYNETWORK INFR.docxRunning head NETWORK INFRASTRUTCTURE AND SECURITYNETWORK INFR.docx
Running head NETWORK INFRASTRUTCTURE AND SECURITYNETWORK INFR.docx
 
Network security chapter 1,2
Network security chapter 1,2Network security chapter 1,2
Network security chapter 1,2
 
Fog Computing:The Justifying Insider Data Stealing Attacks in the Cloud
Fog Computing:The Justifying Insider Data Stealing Attacks in the CloudFog Computing:The Justifying Insider Data Stealing Attacks in the Cloud
Fog Computing:The Justifying Insider Data Stealing Attacks in the Cloud
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdf
 
cyber security
cyber securitycyber security
cyber security
 
Multitenency - Solving Security Issue
Multitenency - Solving Security Issue Multitenency - Solving Security Issue
Multitenency - Solving Security Issue
 

Recently uploaded

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKJago de Vreede
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfOverkill Security
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 

Recently uploaded (20)

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 

Myths and Realities of Cloud Data Security

  • 1. Myths & Realities of Cloud Data Security Michael J. Krouze Chief Technology Officer Charter Solutions, Inc. © 2012
  • 2. “All our knowledge has its origins in our perceptions.” - Leonardo da Vinci “The first step toward change is awareness. The second step is acceptance.” - Nathaniel Branden “The thing about quotes on the internet is you can not confirm their validity.” - Abraham Lincoln Copyright © 2013, Charter Solutions, Inc. 2.
  • 3. We don’t use the cloud. Copyright © 2013, Charter Solutions, Inc. 3.
  • 4. Copyright © 2013, Charter Solutions, Inc. 4.
  • 5. • Files are encrypted at rest • Files are encrypted during transit • Provide “business” version that allows multiple user access control • Strict policy and technical access controls that prohibit employee access • Users can have weak passwords • Files are ‘synced’ to multiple devices • API allows programs to access your files (with permission) • Always use strong passwords • Encrypt files before you put them there and only share key with the other people who should see that file • Never give permission for API access Copyright © 2013, Charter Solutions, Inc. 5.
  • 6. Yes, your organization uses the cloud… you just may not know it. Copyright © 2013, Charter Solutions, Inc. 6.
  • 7. The cloud simply cannot be secure. The cloud isn't safe. If it's on the Internet, it's more vulnerable to hackers. Data stored in the cloud is more vulnerable. My provider has my security covered. Copyright © 2013, Charter Solutions, Inc. Private cloud computing is secure by default. 7.
  • 8. Security is a Shared Responsibility On-Premise On-Premise (hosted) IaaS PaaS SaaS Application Application Application Application Application Services Services Services Services Services OS OS OS OS OS VM VM VM VM VM Server Server Server Server Server Storage Storage Storage Storage Storage Network Network Network Network Network Organization has Control Copyright © 2013, Charter Solutions, Inc. Organization Shares Control with Vendor Vendor has Control 8.
  • 9. Industry Groups Targeted Accommodation and Food Services Retail Trade Finance and Insurance Health Care and Social Assistance Information Other 0 10 20 30 40 % of Breaches 50 60 Source: 2012 Data Breach Investigations Report (Verizon/USSS) Copyright © 2013, Charter Solutions, Inc. 9.
  • 10. Who’s Behind Data Breaches? External Agents Internal Employees Business Partners 0 20 40 60 % of Breaches 80 100 Source: 2012 Data Breach Investigations Report (Verizon/USSS) Copyright © 2013, Charter Solutions, Inc. 10.
  • 11. Threat Agent Change Over Time 100 90 % of Breaches 80 70 60 50 40 30 20 10 0 '04-'07 2008 External 2009 Internal 2010 2011 Partner Source: 2012 Data Breach Investigations Report (Verizon/USSS) Copyright © 2013, Charter Solutions, Inc. 11.
  • 12. How Do Breaches Occur? Hacking Malware Physical Attacks Social Tactics Priviledge Misuse 0 20 40 60 % of Breaches 80 100 Source: 2012 Data Breach Investigations Report (Verizon/USSS) Copyright © 2013, Charter Solutions, Inc. 12.
  • 13. Attack Commonalities 97% 96% 94% 92% 85% 79% Avoidable through simple or intermediate controls Were not highly difficult Of all data compromised involved servers Were discovered by a third party Took weeks or more to discover Were targets of opportunity Source: 2012 Data Breach Investigations Report (Verizon/USSS) Copyright © 2013, Charter Solutions, Inc. 13.
  • 14. Hacking Methods Default/guessable credentials Stolen login credentials Brute force/dictionary attacks Exploit backdoor Exploit insufficient authentication SQL Injection Remote file inclusion Abuse of functionality Unknown 0 10 20 30 40 % of Breaches 50 60 Source: 2012 Data Breach Investigations Report (Verizon/USSS) Copyright © 2013, Charter Solutions, Inc. 14.
  • 15. Not Just About Data Encryption Public Network SSL Encrypted Application Private Network Clear Text Data Database Storage System OS File System Encrypted at Rest Copyright © 2013, Charter Solutions, Inc. 15.
  • 16. It’s not that the cloud isn’t secure… It’s that you need to think differently about how to secure it Copyright © 2013, Charter Solutions, Inc. 16.
  • 17. My datacenter is more secure than the cloud. Copyright © 2013, Charter Solutions, Inc. 17.
  • 18. A little obvious after the last myth Security is often taken for granted behind the firewall Copyright © 2013, Charter Solutions, Inc. 18.
  • 19. Data Breaches by Hosting Location Internal External Co-located Mobile 0 10 20 30 40 50 % of Breaches 60 70 80 90 Source: 2012 Data Breach Investigations Report (Verizon/USSS) Copyright © 2013, Charter Solutions, Inc. 19.
  • 20. Your datacenter (on-premise or cloud) is only as secure as you make it! Both can be equally secure or insecure. Copyright © 2013, Charter Solutions, Inc. 20.
  • 21. Concluding thoughts… Copyright © 2013, Charter Solutions, Inc. 21.
  • 22. Understand your data risks & security needs Establish a set of cloud-specific security processes / policies Copyright © 2013, Charter Solutions, Inc. 22.
  • 23. Review cloud vendors closely to ensure their sphere of control aligns with your cloud-specific processes / policies Implement, monitor, react, review, improve Copyright © 2013, Charter Solutions, Inc. 23.