SlideShare a Scribd company logo

Myths & Realities of Cloud Data Security

Download as PPTX, PDF
Michael Krouze
Michael Krouze

Debunking some of the "sound bite" myths around Cloud Data Security. Presentation done for the MinneAnalytics "Life Science Lean-In: Analytics & Big Data in Healthcare & Life Science"

TechnologyBusiness
1 of 24
Myths & Realities of Cloud Data Security Michael J. Krouze Chief Technology Officer Charter Solutions, Inc. © 2012
“All our knowledge has its origins in our perceptions.” - Leonardo da Vinci “The first step toward change is awareness. The second step is acceptance.” - Nathaniel Branden “The thing about quotes on the internet is you can not confirm their validity.” - Abraham Lincoln Copyright © 2013, Charter Solutions, Inc. 2.
We don’t use the cloud. Copyright © 2013, Charter Solutions, Inc. 3.
Copyright © 2013, Charter Solutions, Inc. 4.
• Files are encrypted at rest • Files are encrypted during transit • Provide “business” version that allows multiple user access control • Strict policy and technical access controls that prohibit employee access • Users can have weak passwords • Files are ‘synced’ to multiple devices • API allows programs to access your files (with permission) • Always use strong passwords • Encrypt files before you put them there and only share key with the other people who should see that file • Never give permission for API access Copyright © 2013, Charter Solutions, Inc. 5.
Yes, your organization uses the cloud… you just may not know it. Copyright © 2013, Charter Solutions, Inc. 6.
The cloud simply cannot be secure. The cloud isn't safe. If it's on the Internet, it's more vulnerable to hackers. Data stored in the cloud is more vulnerable. My provider has my security covered. Copyright © 2013, Charter Solutions, Inc. Private cloud computing is secure by default. 7.
Security is a Shared Responsibility On-Premise On-Premise (hosted) IaaS PaaS SaaS Application Application Application Application Application Services Services Services Services Services OS OS OS OS OS VM VM VM VM VM Server Server Server Server Server Storage Storage Storage Storage Storage Network Network Network Network Network Organization has Control Copyright © 2013, Charter Solutions, Inc. Organization Shares Control with Vendor Vendor has Control 8.
Industry Groups Targeted Accommodation and Food Services Retail Trade Finance and Insurance Health Care and Social Assistance Information Other 0 10 20 30 40 % of Breaches 50 60 Source: 2012 Data Breach Investigations Report (Verizon/USSS) Copyright © 2013, Charter Solutions, Inc. 9.
Who’s Behind Data Breaches? External Agents Internal Employees Business Partners 0 20 40 60 % of Breaches 80 100 Source: 2012 Data Breach Investigations Report (Verizon/USSS) Copyright © 2013, Charter Solutions, Inc. 10.
Threat Agent Change Over Time 100 90 % of Breaches 80 70 60 50 40 30 20 10 0 '04-'07 2008 External 2009 Internal 2010 2011 Partner Source: 2012 Data Breach Investigations Report (Verizon/USSS) Copyright © 2013, Charter Solutions, Inc. 11.
How Do Breaches Occur? Hacking Malware Physical Attacks Social Tactics Priviledge Misuse 0 20 40 60 % of Breaches 80 100 Source: 2012 Data Breach Investigations Report (Verizon/USSS) Copyright © 2013, Charter Solutions, Inc. 12.
Attack Commonalities 97% 96% 94% 92% 85% 79% Avoidable through simple or intermediate controls Were not highly difficult Of all data compromised involved servers Were discovered by a third party Took weeks or more to discover Were targets of opportunity Source: 2012 Data Breach Investigations Report (Verizon/USSS) Copyright © 2013, Charter Solutions, Inc. 13.
Hacking Methods Default/guessable credentials Stolen login credentials Brute force/dictionary attacks Exploit backdoor Exploit insufficient authentication SQL Injection Remote file inclusion Abuse of functionality Unknown 0 10 20 30 40 % of Breaches 50 60 Source: 2012 Data Breach Investigations Report (Verizon/USSS) Copyright © 2013, Charter Solutions, Inc. 14.
Not Just About Data Encryption Public Network SSL Encrypted Application Private Network Clear Text Data Database Storage System OS File System Encrypted at Rest Copyright © 2013, Charter Solutions, Inc. 15.
It’s not that the cloud isn’t secure… It’s that you need to think differently about how to secure it Copyright © 2013, Charter Solutions, Inc. 16.
My datacenter is more secure than the cloud. Copyright © 2013, Charter Solutions, Inc. 17.
A little obvious after the last myth Security is often taken for granted behind the firewall Copyright © 2013, Charter Solutions, Inc. 18.
Data Breaches by Hosting Location Internal External Co-located Mobile 0 10 20 30 40 50 % of Breaches 60 70 80 90 Source: 2012 Data Breach Investigations Report (Verizon/USSS) Copyright © 2013, Charter Solutions, Inc. 19.
Your datacenter (on-premise or cloud) is only as secure as you make it! Both can be equally secure or insecure. Copyright © 2013, Charter Solutions, Inc. 20.
Concluding thoughts… Copyright © 2013, Charter Solutions, Inc. 21.
Understand your data risks & security needs Establish a set of cloud-specific security processes / policies Copyright © 2013, Charter Solutions, Inc. 22.
Review cloud vendors closely to ensure their sphere of control aligns with your cloud-specific processes / policies Implement, monitor, react, review, improve Copyright © 2013, Charter Solutions, Inc. 23.
Thank You! michael.krouze@chartersolutions.com http://www.linkedin.com/in/mjkrouze @mjkrouze Copyright © 2013, Charter Solutions, Inc. 24.

Recommended

Cyber Security: User Access Pitfalls, A Case Study Approach
Cyber Security: User Access Pitfalls, A Case Study Approach Cyber Security: User Access Pitfalls, A Case Study Approach
Cyber Security: User Access Pitfalls, A Case Study Approach Aviva Spectrum™
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity TrainingWindstoneHealth
 
Enabling Dropbox for Business
Enabling Dropbox for BusinessEnabling Dropbox for Business
Enabling Dropbox for BusinessElastica Inc.
 
Shadow Data Exposed
Shadow Data ExposedShadow Data Exposed
Shadow Data ExposedElastica Inc.
 
Security in network computing
Security in network computingSecurity in network computing
Security in network computingManoj VNV
 
Health information security 2 : Basic concepts
Health information security 2 : Basic conceptsHealth information security 2 : Basic concepts
Health information security 2 : Basic conceptsDr. Lasantha Ranwala
 
Corporate Data: A Protected Asset or a Ticking Time Bomb?
Corporate Data: A Protected Asset or a Ticking Time Bomb? Corporate Data: A Protected Asset or a Ticking Time Bomb?
Corporate Data: A Protected Asset or a Ticking Time Bomb? Varonis
 
How to Extend Security and Compliance Within Box
How to Extend Security and Compliance Within BoxHow to Extend Security and Compliance Within Box
How to Extend Security and Compliance Within BoxElastica Inc.
 

Recommended

Cyber Security: User Access Pitfalls, A Case Study Approach
Cyber Security: User Access Pitfalls, A Case Study Approach Cyber Security: User Access Pitfalls, A Case Study Approach
Cyber Security: User Access Pitfalls, A Case Study Approach Aviva Spectrum™
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity TrainingWindstoneHealth
 
Enabling Dropbox for Business
Enabling Dropbox for BusinessEnabling Dropbox for Business
Enabling Dropbox for BusinessElastica Inc.
 
Shadow Data Exposed
Shadow Data ExposedShadow Data Exposed
Shadow Data ExposedElastica Inc.
 
Security in network computing
Security in network computingSecurity in network computing
Security in network computingManoj VNV
 
Health information security 2 : Basic concepts
Health information security 2 : Basic conceptsHealth information security 2 : Basic concepts
Health information security 2 : Basic conceptsDr. Lasantha Ranwala
 
Corporate Data: A Protected Asset or a Ticking Time Bomb?
Corporate Data: A Protected Asset or a Ticking Time Bomb? Corporate Data: A Protected Asset or a Ticking Time Bomb?
Corporate Data: A Protected Asset or a Ticking Time Bomb? Varonis
 
How to Extend Security and Compliance Within Box
How to Extend Security and Compliance Within BoxHow to Extend Security and Compliance Within Box
How to Extend Security and Compliance Within BoxElastica Inc.
 
Gaining A Foothold
Gaining A FootholdGaining A Foothold
Gaining A FootholdClaranet UK
 
How Does a Data Breach Happen?
How Does a Data Breach Happen? How Does a Data Breach Happen?
How Does a Data Breach Happen? Claranet UK
 
Cisa ransomware guide
Cisa ransomware guideCisa ransomware guide
Cisa ransomware guideanpapathanasiou
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Managementipspat
 
Health information security 3 vulnerability threat and risk
Health information security 3 vulnerability threat and riskHealth information security 3 vulnerability threat and risk
Health information security 3 vulnerability threat and riskDr. Lasantha Ranwala
 
No More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan RowcliffeNo More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan RowcliffeCore Security
 
beyond_the_firewall_0103
beyond_the_firewall_0103beyond_the_firewall_0103
beyond_the_firewall_0103Jack McCullough
 
The 15 best cloud security practices
The 15 best cloud security practices The 15 best cloud security practices
The 15 best cloud security practices Cloudride LTD
 
Enterprise Information Systems Security: A Case Study in the Banking Sector
Enterprise Information Systems Security: A Case Study in the Banking SectorEnterprise Information Systems Security: A Case Study in the Banking Sector
Enterprise Information Systems Security: A Case Study in the Banking SectorCONFENIS 2012
 
Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefingtechnext1
 
Cybersecurity: How to Protect Your Firm from a Cyber Attack
Cybersecurity: How to Protect Your Firm from a Cyber AttackCybersecurity: How to Protect Your Firm from a Cyber Attack
Cybersecurity: How to Protect Your Firm from a Cyber AttackShawn Tuma
 
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10thCYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10thUnited Technology Group (UTG)
 
Mobile App Security: Enterprise Checklist
Mobile App Security: Enterprise ChecklistMobile App Security: Enterprise Checklist
Mobile App Security: Enterprise ChecklistJignesh Solanki
 
IT system security principles practices
IT system security principles practicesIT system security principles practices
IT system security principles practicesgufranresearcher
 
Lukas - Ancaman E-Health Security
Lukas - Ancaman E-Health SecurityLukas - Ancaman E-Health Security
Lukas - Ancaman E-Health SecurityIndonesia Honeynet Chapter
 
Anatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EUAnatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EUUniversity of Essex
 
IT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest ThreatIT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest ThreatETech 7
 
PACE-IT, Security+3.1: Types of Malware
PACE-IT, Security+3.1: Types of MalwarePACE-IT, Security+3.1: Types of Malware
PACE-IT, Security+3.1: Types of MalwarePace IT at Edmonds Community College
 
Cyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSCyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSKenny Huang Ph.D.
 
Mitigating Web 2.0 Threats
Mitigating Web 2.0 ThreatsMitigating Web 2.0 Threats
Mitigating Web 2.0 ThreatsKim Jensen
 
'Advanced' Link Building
'Advanced' Link Building'Advanced' Link Building
'Advanced' Link BuildingIan Lurie
 
Sesion 2
Sesion 2Sesion 2
Sesion 2Luis Molina
 

More Related Content

What's hot

Gaining A Foothold
Gaining A FootholdGaining A Foothold
Gaining A FootholdClaranet UK
 
How Does a Data Breach Happen?
How Does a Data Breach Happen? How Does a Data Breach Happen?
How Does a Data Breach Happen? Claranet UK
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Managementipspat
 
Health information security 3 vulnerability threat and risk
Health information security 3 vulnerability threat and riskHealth information security 3 vulnerability threat and risk
Health information security 3 vulnerability threat and riskDr. Lasantha Ranwala
 
No More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan RowcliffeNo More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan RowcliffeCore Security
 
beyond_the_firewall_0103
beyond_the_firewall_0103beyond_the_firewall_0103
beyond_the_firewall_0103Jack McCullough
 
The 15 best cloud security practices
The 15 best cloud security practices The 15 best cloud security practices
The 15 best cloud security practices Cloudride LTD
 
Enterprise Information Systems Security: A Case Study in the Banking Sector
Enterprise Information Systems Security: A Case Study in the Banking SectorEnterprise Information Systems Security: A Case Study in the Banking Sector
Enterprise Information Systems Security: A Case Study in the Banking SectorCONFENIS 2012
 
Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefingtechnext1
 
Cybersecurity: How to Protect Your Firm from a Cyber Attack
Cybersecurity: How to Protect Your Firm from a Cyber AttackCybersecurity: How to Protect Your Firm from a Cyber Attack
Cybersecurity: How to Protect Your Firm from a Cyber AttackShawn Tuma
 
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10thCYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10thUnited Technology Group (UTG)
 
Mobile App Security: Enterprise Checklist
Mobile App Security: Enterprise ChecklistMobile App Security: Enterprise Checklist
Mobile App Security: Enterprise ChecklistJignesh Solanki
 
IT system security principles practices
IT system security principles practicesIT system security principles practices
IT system security principles practicesgufranresearcher
 
Anatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EUAnatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EUUniversity of Essex
 
IT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest ThreatIT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest ThreatETech 7
 
Cyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSCyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSKenny Huang Ph.D.
 
Mitigating Web 2.0 Threats
Mitigating Web 2.0 ThreatsMitigating Web 2.0 Threats
Mitigating Web 2.0 ThreatsKim Jensen
 

What's hot (20)

Gaining A Foothold
Gaining A FootholdGaining A Foothold
Gaining A Foothold
 
How Does a Data Breach Happen?
How Does a Data Breach Happen? How Does a Data Breach Happen?
How Does a Data Breach Happen?
 
Cisa ransomware guide
Cisa ransomware guideCisa ransomware guide
Cisa ransomware guide
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Management
 
Health information security 3 vulnerability threat and risk
Health information security 3 vulnerability threat and riskHealth information security 3 vulnerability threat and risk
Health information security 3 vulnerability threat and risk
 
No More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan RowcliffeNo More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
 
beyond_the_firewall_0103
beyond_the_firewall_0103beyond_the_firewall_0103
beyond_the_firewall_0103
 
The 15 best cloud security practices
The 15 best cloud security practices The 15 best cloud security practices
The 15 best cloud security practices
 
Enterprise Information Systems Security: A Case Study in the Banking Sector
Enterprise Information Systems Security: A Case Study in the Banking SectorEnterprise Information Systems Security: A Case Study in the Banking Sector
Enterprise Information Systems Security: A Case Study in the Banking Sector
 
Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefing
 
Cybersecurity: How to Protect Your Firm from a Cyber Attack
Cybersecurity: How to Protect Your Firm from a Cyber AttackCybersecurity: How to Protect Your Firm from a Cyber Attack
Cybersecurity: How to Protect Your Firm from a Cyber Attack
 
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10thCYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
 
Mobile App Security: Enterprise Checklist
Mobile App Security: Enterprise ChecklistMobile App Security: Enterprise Checklist
Mobile App Security: Enterprise Checklist
 
IT system security principles practices
IT system security principles practicesIT system security principles practices
IT system security principles practices
 
Lukas - Ancaman E-Health Security
Lukas - Ancaman E-Health SecurityLukas - Ancaman E-Health Security
Lukas - Ancaman E-Health Security
 
Anatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EUAnatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EU
 
IT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest ThreatIT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest Threat
 
PACE-IT, Security+3.1: Types of Malware
PACE-IT, Security+3.1: Types of MalwarePACE-IT, Security+3.1: Types of Malware
PACE-IT, Security+3.1: Types of Malware
 
Cyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSCyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoS
 
Mitigating Web 2.0 Threats
Mitigating Web 2.0 ThreatsMitigating Web 2.0 Threats
Mitigating Web 2.0 Threats
 

Viewers also liked

'Advanced' Link Building
'Advanced' Link Building'Advanced' Link Building
'Advanced' Link BuildingIan Lurie
 
Migrating to open unified communication
Migrating to open unified communicationMigrating to open unified communication
Migrating to open unified communicationOlle E Johansson
 
Linda Rising Born To Cycle
Linda Rising Born To CycleLinda Rising Born To Cycle
Linda Rising Born To Cycledeimos
 
04 march 08 :: SkewTube @ Swarthmore
04 march 08 :: SkewTube @ Swarthmore04 march 08 :: SkewTube @ Swarthmore
04 march 08 :: SkewTube @ SwarthmoreJulie Levin Russo
 
Infostudio Chocolate Bars 2
Infostudio Chocolate Bars 2Infostudio Chocolate Bars 2
Infostudio Chocolate Bars 2becz_y
 
concierto oli
concierto oliconcierto oli
concierto olilaulolis
 
Innovation Equations
Innovation EquationsInnovation Equations
Innovation EquationsBen Ullman
 
No Bragging and Nothing Boring: 11 Ways to Share Your Impact
No Bragging and Nothing Boring: 11 Ways to Share Your ImpactNo Bragging and Nothing Boring: 11 Ways to Share Your Impact
No Bragging and Nothing Boring: 11 Ways to Share Your ImpactKivi Leroux Miller
 
I can haz HTTP - Consuming and producing HTTP APIs in the Ruby ecosystem
I can haz HTTP - Consuming and producing HTTP APIs in the Ruby ecosystemI can haz HTTP - Consuming and producing HTTP APIs in the Ruby ecosystem
I can haz HTTP - Consuming and producing HTTP APIs in the Ruby ecosystemSidu Ponnappa
 
Socioeconomic Impact Assessment
Socioeconomic Impact AssessmentSocioeconomic Impact Assessment
Socioeconomic Impact AssessmentBedanga Bordoloi
 
Java Script
Java ScriptJava Script
Java ScriptLiu Xing
 
Baby bottle tooth decay
Baby bottle tooth decayBaby bottle tooth decay
Baby bottle tooth decaykteach
 
This is all such bullshit
This is all such bullshitThis is all such bullshit
This is all such bullshitJason Falls
 
Lo Sport Visto In Modo Non Convenzionale
Lo Sport Visto In Modo Non ConvenzionaleLo Sport Visto In Modo Non Convenzionale
Lo Sport Visto In Modo Non ConvenzionaleMolinaro Andrea
 
Listen to your customers and they will listen to you optsum phoenix septemb...
Listen to your customers and they will listen to you optsum phoenix septemb...Listen to your customers and they will listen to you optsum phoenix septemb...
Listen to your customers and they will listen to you optsum phoenix septemb...Shashi Bellamkonda
 

Viewers also liked (20)

'Advanced' Link Building
'Advanced' Link Building'Advanced' Link Building
'Advanced' Link Building
 
Sesion 2
Sesion 2Sesion 2
Sesion 2
 
Migrating to open unified communication
Migrating to open unified communicationMigrating to open unified communication
Migrating to open unified communication
 
Linda Rising Born To Cycle
Linda Rising Born To CycleLinda Rising Born To Cycle
Linda Rising Born To Cycle
 
04 march 08 :: SkewTube @ Swarthmore
04 march 08 :: SkewTube @ Swarthmore04 march 08 :: SkewTube @ Swarthmore
04 march 08 :: SkewTube @ Swarthmore
 
connector
connectorconnector
connector
 
Infostudio Chocolate Bars 2
Infostudio Chocolate Bars 2Infostudio Chocolate Bars 2
Infostudio Chocolate Bars 2
 
concierto oli
concierto oliconcierto oli
concierto oli
 
Innovation Equations
Innovation EquationsInnovation Equations
Innovation Equations
 
No Bragging and Nothing Boring: 11 Ways to Share Your Impact
No Bragging and Nothing Boring: 11 Ways to Share Your ImpactNo Bragging and Nothing Boring: 11 Ways to Share Your Impact
No Bragging and Nothing Boring: 11 Ways to Share Your Impact
 
Comercio electrónico en imágenes
Comercio electrónico en imágenesComercio electrónico en imágenes
Comercio electrónico en imágenes
 
I can haz HTTP - Consuming and producing HTTP APIs in the Ruby ecosystem
I can haz HTTP - Consuming and producing HTTP APIs in the Ruby ecosystemI can haz HTTP - Consuming and producing HTTP APIs in the Ruby ecosystem
I can haz HTTP - Consuming and producing HTTP APIs in the Ruby ecosystem
 
Socioeconomic Impact Assessment
Socioeconomic Impact AssessmentSocioeconomic Impact Assessment
Socioeconomic Impact Assessment
 
Cicluri
CicluriCicluri
Cicluri
 
Java Script
Java ScriptJava Script
Java Script
 
Baby bottle tooth decay
Baby bottle tooth decayBaby bottle tooth decay
Baby bottle tooth decay
 
This is all such bullshit
This is all such bullshitThis is all such bullshit
This is all such bullshit
 
Lo Sport Visto In Modo Non Convenzionale
Lo Sport Visto In Modo Non ConvenzionaleLo Sport Visto In Modo Non Convenzionale
Lo Sport Visto In Modo Non Convenzionale
 
Listen to your customers and they will listen to you optsum phoenix septemb...
Listen to your customers and they will listen to you optsum phoenix septemb...Listen to your customers and they will listen to you optsum phoenix septemb...
Listen to your customers and they will listen to you optsum phoenix septemb...
 
Concierto
ConciertoConcierto
Concierto
 

Similar to Myths & Realities of Cloud Data Security

Cybersecurity…real world solutions
Cybersecurity…real world solutions Cybersecurity…real world solutions
Cybersecurity…real world solutions ErnestStaats
 
Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...Osama Salah
 
Cyber security awareness for end users
Cyber security awareness for end usersCyber security awareness for end users
Cyber security awareness for end usersNetWatcher
 
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdfCYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdfJenna Murray
 
Secure Android Apps- nVisium Security
Secure Android Apps- nVisium SecuritySecure Android Apps- nVisium Security
Secure Android Apps- nVisium SecurityJack Mannino
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4Rodrigo Piovesana
 
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...Michael Noel
 
10.1.1.436.3364.pdf
10.1.1.436.3364.pdf10.1.1.436.3364.pdf
10.1.1.436.3364.pdfmistryritesh
 
TM112 Meeting10-Dangerous Data.pptx
TM112 Meeting10-Dangerous Data.pptxTM112 Meeting10-Dangerous Data.pptx
TM112 Meeting10-Dangerous Data.pptxMohammedYusuf609377
 
CIA = Confidentiality of information, Integrity of information, Avai.pdf
CIA = Confidentiality of information, Integrity of information, Avai.pdfCIA = Confidentiality of information, Integrity of information, Avai.pdf
CIA = Confidentiality of information, Integrity of information, Avai.pdfannaielectronicsvill
 
Introduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeIntroduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeMelbourne IT
 
Running head NETWORK INFRASTRUTCTURE AND SECURITYNETWORK INFR.docx
Running head NETWORK INFRASTRUTCTURE AND SECURITYNETWORK INFR.docxRunning head NETWORK INFRASTRUTCTURE AND SECURITYNETWORK INFR.docx
Running head NETWORK INFRASTRUTCTURE AND SECURITYNETWORK INFR.docxtoltonkendal
 
Network security chapter 1,2
Network security chapter 1,2Network security chapter 1,2
Network security chapter 1,2Education
 
Fog Computing:The Justifying Insider Data Stealing Attacks in the Cloud
Fog Computing:The Justifying Insider Data Stealing Attacks in the CloudFog Computing:The Justifying Insider Data Stealing Attacks in the Cloud
Fog Computing:The Justifying Insider Data Stealing Attacks in the CloudIJSRD
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfCareerera
 
Multitenency - Solving Security Issue
Multitenency - Solving Security Issue Multitenency - Solving Security Issue
Multitenency - Solving Security Issue MANVENDRA PRIYADARSHI
 

Similar to Myths & Realities of Cloud Data Security (20)

Cybersecurity…real world solutions
Cybersecurity…real world solutions Cybersecurity…real world solutions
Cybersecurity…real world solutions
 
Challenges2013
Challenges2013Challenges2013
Challenges2013
 
Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...
 
Cyber security awareness for end users
Cyber security awareness for end usersCyber security awareness for end users
Cyber security awareness for end users
 
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdfCYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
 
Secure Android Apps- nVisium Security
Secure Android Apps- nVisium SecuritySecure Android Apps- nVisium Security
Secure Android Apps- nVisium Security
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4
 
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
 
10.1.1.436.3364.pdf
10.1.1.436.3364.pdf10.1.1.436.3364.pdf
10.1.1.436.3364.pdf
 
TM112 Meeting10-Dangerous Data.pptx
TM112 Meeting10-Dangerous Data.pptxTM112 Meeting10-Dangerous Data.pptx
TM112 Meeting10-Dangerous Data.pptx
 
CIA = Confidentiality of information, Integrity of information, Avai.pdf
CIA = Confidentiality of information, Integrity of information, Avai.pdfCIA = Confidentiality of information, Integrity of information, Avai.pdf
CIA = Confidentiality of information, Integrity of information, Avai.pdf
 
Introduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeIntroduction to the Current Threat Landscape
Introduction to the Current Threat Landscape
 
Measures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacksMeasures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacks
 
Measure To Avoid Cyber Attacks
Measure To Avoid Cyber AttacksMeasure To Avoid Cyber Attacks
Measure To Avoid Cyber Attacks
 
Running head NETWORK INFRASTRUTCTURE AND SECURITYNETWORK INFR.docx
Running head NETWORK INFRASTRUTCTURE AND SECURITYNETWORK INFR.docxRunning head NETWORK INFRASTRUTCTURE AND SECURITYNETWORK INFR.docx
Running head NETWORK INFRASTRUTCTURE AND SECURITYNETWORK INFR.docx
 
Network security chapter 1,2
Network security chapter 1,2Network security chapter 1,2
Network security chapter 1,2
 
Fog Computing:The Justifying Insider Data Stealing Attacks in the Cloud
Fog Computing:The Justifying Insider Data Stealing Attacks in the CloudFog Computing:The Justifying Insider Data Stealing Attacks in the Cloud
Fog Computing:The Justifying Insider Data Stealing Attacks in the Cloud
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdf
 
cyber security
cyber securitycyber security
cyber security
 
Multitenency - Solving Security Issue
Multitenency - Solving Security Issue Multitenency - Solving Security Issue
Multitenency - Solving Security Issue
 

Recently uploaded

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 

Recently uploaded (20)

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 

Myths & Realities of Cloud Data Security

  • 1. Myths & Realities of Cloud Data Security Michael J. Krouze Chief Technology Officer Charter Solutions, Inc. © 2012
  • 2. “All our knowledge has its origins in our perceptions.” - Leonardo da Vinci “The first step toward change is awareness. The second step is acceptance.” - Nathaniel Branden “The thing about quotes on the internet is you can not confirm their validity.” - Abraham Lincoln Copyright © 2013, Charter Solutions, Inc. 2.
  • 3. We don’t use the cloud. Copyright © 2013, Charter Solutions, Inc. 3.
  • 4. Copyright © 2013, Charter Solutions, Inc. 4.
  • 5. • Files are encrypted at rest • Files are encrypted during transit • Provide “business” version that allows multiple user access control • Strict policy and technical access controls that prohibit employee access • Users can have weak passwords • Files are ‘synced’ to multiple devices • API allows programs to access your files (with permission) • Always use strong passwords • Encrypt files before you put them there and only share key with the other people who should see that file • Never give permission for API access Copyright © 2013, Charter Solutions, Inc. 5.
  • 6. Yes, your organization uses the cloud… you just may not know it. Copyright © 2013, Charter Solutions, Inc. 6.
  • 7. The cloud simply cannot be secure. The cloud isn't safe. If it's on the Internet, it's more vulnerable to hackers. Data stored in the cloud is more vulnerable. My provider has my security covered. Copyright © 2013, Charter Solutions, Inc. Private cloud computing is secure by default. 7.
  • 8. Security is a Shared Responsibility On-Premise On-Premise (hosted) IaaS PaaS SaaS Application Application Application Application Application Services Services Services Services Services OS OS OS OS OS VM VM VM VM VM Server Server Server Server Server Storage Storage Storage Storage Storage Network Network Network Network Network Organization has Control Copyright © 2013, Charter Solutions, Inc. Organization Shares Control with Vendor Vendor has Control 8.
  • 9. Industry Groups Targeted Accommodation and Food Services Retail Trade Finance and Insurance Health Care and Social Assistance Information Other 0 10 20 30 40 % of Breaches 50 60 Source: 2012 Data Breach Investigations Report (Verizon/USSS) Copyright © 2013, Charter Solutions, Inc. 9.
  • 10. Who’s Behind Data Breaches? External Agents Internal Employees Business Partners 0 20 40 60 % of Breaches 80 100 Source: 2012 Data Breach Investigations Report (Verizon/USSS) Copyright © 2013, Charter Solutions, Inc. 10.
  • 11. Threat Agent Change Over Time 100 90 % of Breaches 80 70 60 50 40 30 20 10 0 '04-'07 2008 External 2009 Internal 2010 2011 Partner Source: 2012 Data Breach Investigations Report (Verizon/USSS) Copyright © 2013, Charter Solutions, Inc. 11.
  • 12. How Do Breaches Occur? Hacking Malware Physical Attacks Social Tactics Priviledge Misuse 0 20 40 60 % of Breaches 80 100 Source: 2012 Data Breach Investigations Report (Verizon/USSS) Copyright © 2013, Charter Solutions, Inc. 12.
  • 13. Attack Commonalities 97% 96% 94% 92% 85% 79% Avoidable through simple or intermediate controls Were not highly difficult Of all data compromised involved servers Were discovered by a third party Took weeks or more to discover Were targets of opportunity Source: 2012 Data Breach Investigations Report (Verizon/USSS) Copyright © 2013, Charter Solutions, Inc. 13.
  • 14. Hacking Methods Default/guessable credentials Stolen login credentials Brute force/dictionary attacks Exploit backdoor Exploit insufficient authentication SQL Injection Remote file inclusion Abuse of functionality Unknown 0 10 20 30 40 % of Breaches 50 60 Source: 2012 Data Breach Investigations Report (Verizon/USSS) Copyright © 2013, Charter Solutions, Inc. 14.
  • 15. Not Just About Data Encryption Public Network SSL Encrypted Application Private Network Clear Text Data Database Storage System OS File System Encrypted at Rest Copyright © 2013, Charter Solutions, Inc. 15.
  • 16. It’s not that the cloud isn’t secure… It’s that you need to think differently about how to secure it Copyright © 2013, Charter Solutions, Inc. 16.
  • 17. My datacenter is more secure than the cloud. Copyright © 2013, Charter Solutions, Inc. 17.
  • 18. A little obvious after the last myth Security is often taken for granted behind the firewall Copyright © 2013, Charter Solutions, Inc. 18.
  • 19. Data Breaches by Hosting Location Internal External Co-located Mobile 0 10 20 30 40 50 % of Breaches 60 70 80 90 Source: 2012 Data Breach Investigations Report (Verizon/USSS) Copyright © 2013, Charter Solutions, Inc. 19.
  • 20. Your datacenter (on-premise or cloud) is only as secure as you make it! Both can be equally secure or insecure. Copyright © 2013, Charter Solutions, Inc. 20.
  • 21. Concluding thoughts… Copyright © 2013, Charter Solutions, Inc. 21.
  • 22. Understand your data risks & security needs Establish a set of cloud-specific security processes / policies Copyright © 2013, Charter Solutions, Inc. 22.
  • 23. Review cloud vendors closely to ensure their sphere of control aligns with your cloud-specific processes / policies Implement, monitor, react, review, improve Copyright © 2013, Charter Solutions, Inc. 23.