Blog

Three Industries Where Technology Is Reducing Our Carbon Footprint

By on December 3, 2019

The science is in. We need to significantly reduce our carbon emissions to limit the amount of warming our planet undergoes as a consequence of climate change.

The good news is, technology is rising up to meet this challenge. The bad news is it needs to do far more, and do it faster. How is technology helping? Well, if we check out some of the industries with the highest carbon footprint (energy, transportation, and agriculture), we can see some of the massive disruptions that are happening there, and how they are impacting emissions.

1 Energy

The energy sector is undergoing a massive transition globally from a system powered by centralised, thermal generation based often on fossil fuel combustion, to one increasingly powered by decentralised renewable sources. And while it would be great if this was happening for reasons of climate concern, it is, in fact, happening for reasons of economics, which is better because it means it is sustainable in the long term.

Why do I say it is because of economics? Because the cost of wind, solar, and lithium-ion battery storage are falling. Falling fast (due primarily to the experience curve). Since 2012 the cost of wind power has fallen 50%, solar power has fallen 80%, and battery storage has fallen 85%. It is now at the point where unsubsidised, combinations of wind and battery storage, or solar and battery storage are able to beat natural gas on price.

Don’t take my word for it. At the Wolfe Research 2019 Power & Gas Leader’s conference last month (October 2nd, 2019) Jim Robo, Chairman, and CEO of NextEra Energy the biggest and most successful utility in the US said

“We see renewables plus battery storage without incentives being cheaper than natural gas, and cheaper than existing coal and existing nuclear… And that is game-changing”

Then, when you consider the amount of time it takes to deploy a power plant, renewables win again.

IMG_0029

And consequently, the share of new power generation being deployed globally that is renewable is rising rapidly, while the share of new fossil fuel generation is falling fast.

IMG_0030

And it is not just the supply side of the equation that is changing. The demand side is changing rapidly as well.

More and more organisations are demanding that their energy provider only supply clean, renewably sourced electricity. In fact, RE100, “a global corporate leadership initiative bringing together influential businesses committed to 100% renewable electricity” counts at time of writing (November 2019) 212 of the world’s largest companies (including my own employer SAP) as members. All 212 companies are either sourcing all their electricity from renewable sources or have committed to doing so in the near future. Companies do this because it is good for business. Consumers feel better about purchasing goods if they know they were produced using renewable energy, and employees feel better about working for organisations committed to renewable energy.

 

2 Transportation

So the carbon intensity of electricity, one of the main carbon polluters is falling worldwide on a gCO2/kWh basis. What about one of the other big polluters I mentioned at the start, Transportation. Well, fortunately, electric grids the world over are embracing renewable energy, because transportation is now starting to use electricity as a fuel, instead of dino-juice!

Why is transportation going electric? Three main reasons:

  1. Increasing environmental awareness among consumers
  2. Regulations from regions, countries and local governments and
  3. Economics – the costs to operate an electric vehicle (EV) are significantly less than a fossil fuel one
Nissan Leaf charging
Photo credit Tom Raftery

Greta Thunberg has done an amazing job of raising awareness in younger generations particularly about the dangers of climate change, but even before she burst on the scene, the 2019 regulations governing NEVs (New Energy Vehicles) in China and the 2020 emissions regulations for vehicle manufacturers in the EU (as well as local ordinances by cities restricting access to older, more polluting vehicles and countries on the phase-out date for the sale of Internal Combustion Engined vehicles) meant that vehicle manufacturers have had no option but to get on board with the electrification of cars and increasingly other modes of transport as well.

At a time when global vehicle sales are falling, sales of EVs are taking off.

statistic_id270603_battery-electric-vehicles-in-use---worldwide-2012-2018

Volkswagen, who have had some *ahem* reputational issues recently, have decided to embrace the Winston Churchill mantra of never letting a crisis go to waste, and are going all-in on EVs. They plan to spend €60bn (yes billion with a “b”) by 2024 to switch to electric, hybrid and connected vehicles. They will introduce up to 75 all-electric models, around 60 hybrid vehicles and plan to sell 26 million all-electric vehicles as well as around 6 million hybrid vehicles by 2029.

Perhaps even more tellingly, Daimler recently announced that they are stopping their internal combustion engine development initiatives and focussing instead on electric vehicles. The reason this announcement is so game-changing is that Daimler owns Mercedes Benz and Karl Benz, the founder of Mercedes Benz received the patent for the world’s first production internal combustion engine vehicle in 1886. Now 133 years later Daimler has decided that the era of the internal combustion engine is over, and EVs are the future.

And it is not just cars, motorbikes are also going electric with announcements of electric bikes from all the major manufacturers including Vespa, Yamaha, Honda, all the way up to Harley Davidson.

Buses, trucks (from the large class 8 all the way down to delivery trucks), and refuse collection vehicles are also going electric. This is important not just for reducing their carbon emissions, but also because these vehicles often work primarily in urban centres so converting them from diesel to electric will improve air quality, reduce noise pollution, and significantly reduce the cost of operation for these machines.

FuelUseVehicleCategory

Also, when you take into account the fuel use by categories of vehicle, you can see from the chart above that class 8 trucks, buses, and refuse collection vehicles consume far more fuel than other vehicle categories. Fuel use is of course, not just a good proxy for their potential to pollute, but also for their running costs so the economic case to shift these to electric is very strong. In the case of buses, battery-electric buses cost 20c per mile to operate over their lifetime, whereas diesel buses cost 75c and so, battery-electric buses will dominate the market by the late 2020s.

And it doesn’t stop there. Construction equipment is going electric. Ships are going electric. Even planes are going electric. Global consultancy firm Roland Berger is currently tracking 170 different electric plane initiatives (about 50% are in the urban air taxi space). While the Johan Lundgren, CEO of easyJet has said that:

easyJet is collaborating with US company Wright Electric to support their goal for short-haul flights to be operated by all-electric planes within 10 years

It is hard to think of a mode of transportation that is not moving towards electric drivetrains. And as we saw above in the section on energy, as our grids are getting cleaner daily, shifting transportation to electricity quickly drops transportation’s carbon footprint too (as well as reducing noise pollution, and cleaning up our air quality).

3 Food Production

Food production is the third industry where technology is about to play a huge part in reducing our carbon footprint. Agriculture globally accounts for about 13 percent of total global emissions. That makes the agricultural sector the world’s second-largest emitter, after the energy sector. And this doesn’t include emissions associated with deforestation to clear land for more agriculture.

However, shifting away from our current practices of food production to one where our plant food is grown in massive indoor vertical farms has the potential to significantly clean up agriculture’s environmental toll.

Indoor vertical farms use 95% less water and 99% less land than conventional farming practices. They use no soil, require no herbicides or pesticides and they can produce food in the middle of cities, thereby reducing drastically the crop’s food miles. When you are producing food so close to the point of consumption, you no longer need to optimise your produce for shelf-life, and you can instead choose to optimise for taste, and/or nutrition.

Then there is the clean meat movement. Clean meat is meat that is produced from either cultivating animal cells (without having to slaughter the animal), or by converting plant protein to take on the taste and consistency of animal protein as companies such as Beyond Meat and Impossible Foods are doing so successfully.

Our current means of producing plant food and meats are vastly inefficient and have a huge carbon footprint. This won’t scale to feed the population of 9-10 billion inhabitants that we are projected to reach in the coming decades, especially as the middle classes grow in the developing world and their meat consumption expectations grow too.

Converting to a system where we produce plants in massive vertical farms, and then using that plant food to create clean meat solves a lot of the problems associated with agriculture today such as the unconscionable cruelty we visit on the animals we breed for slaughter, the vast amounts of antibiotics that are used in agriculture leading to the development of multi-drug resistant superbugs, and agriculture’s massive carbon footprint.

Zebra
Zebra in Pilansberg reserve – photo credit Tom Raftery

If we return the land we have stolen from nature for agriculture back to the wild we can restore the enormous losses we have seen in recent decades in biodiversity, create a huge new ecotourism industry, and through reforestation sequester from the atmosphere much of the carbon we have emitted in the last century, mitigating the or possibly turning back the worst effects of climate change.

As the United Nations COP25 Climate Change Conference kicks off in Madrid, it is important to remember that although the situation with the climate is indeed dire, there are solutions. We just need to embrace them. Quickly.

 

(Cross-posted @ Tom Raftery's Internet of Things)

Posted in , | Tagged , , , , , , , , , , | Leave a response

10 Predictions How AI Will Improve Cybersecurity In 2020

By on December 2, 2019

10 Predictions How AI Will Improve Cybersecurity In 2020

Capgemini predicts 63% of organizations are planning to deploy AI in 2020 to improve cybersecurity, with the most popular application being network security.

Cybersecurity is at an inflection point entering 2020. Advances in AI and machine learning are accelerating its technological progress. Real-time data and analytics are making it possible to build stronger business cases, driving higher adoption. Cybersecurity spending has rarely been linked to increasing revenues or reducing costs, but that’s about to change in 2020.

What Leading Cybersecurity Experts Are Predicting For 2020

Interested in what the leading cybersecurity experts are thinking will happen in 2020, I contacted five of them. Experts I spoke with include Nicko van Someren, Ph.D. and Chief Technology Officer at Absolute Software; Dr. Torsten George, Cybersecurity Evangelist at Centrify; Craig Sanderson, Vice President of Security Products at Infoblox; Josh Johnston, Director of AI, Kount; and Brian Foster, Senior Vice President Product Management at MobileIron. Each of them brings a knowledgeable, insightful, and unique perspective to how AI and machine learning will improve cybersecurity in 2020. The following are their ten predictions:

  1. AI and machine learning will continue to enable asset management improvements that also deliver exponential gains in IT security by providing greater endpoint resiliency in 2020. Nicko van Someren, Ph.D. and Chief Technology Officer at Absolute Software, observes that “Keeping machines up to date is an IT management job, but it’s a security outcome. Knowing what devices should be on my network is an IT management problem, but it has a security outcome. And knowing what’s going on and what processes are running and what’s consuming network bandwidth is an IT management problem, but it’s a security outcome. I don’t see these as distinct activities so much as seeing them as multiple facets of the same problem space, accelerating in 2020 as more enterprises choose greater resiliency to secure endpoints.”
  2. AI tools will continue to improve at drawing on data sets of wildly different types, allowing the “bigger picture” to be put together from, say, static configuration data, historic local logs, global threat landscapes, and contemporaneous event streams.  Nicko van Someren, Ph.D., and CTO at Absolute Software also predict that“Enterprise executives will be concentrating their budgets and time on detecting cyber threats using AI above predicting and responding. As enterprises mature in their use and adoption of AI as part of their cybersecurity efforts, prediction and response will correspondingly increase.”
  3. Threat actors will increase the use of AI to analyze defense mechanisms and simulate behavioral patterns to bypass security controls, leveraging analytics to and machine learning to hack into organizations. Dr. Torsten George, Cybersecurity Evangelist at Centrify, predicts that “threat actors, many of them state-sponsored, will increase their use and sophistication of AI algorithms to analyze organizations’’ defense mechanisms and tailor attacks to specific weak areas. He also sees the threat of bad actors being able to plug into the data streams of organizations and use the data to further orchestrate sophisticated attacks.”
  4. Given the severe shortage of experienced security operations resources and the sheer volume of data that most organizations are trying to work through, we are likely to see organizations seeking out AI/ML capabilities to automate their security operations processes. Craig Sanderson, Vice President of Security Products at Infoblox also predicts that “while AI and machine learning will increasingly be used to detect new threats it still leaves organizations with the task of understanding the scope, severity, and veracity of that threat to inform an effective response. As security operations becomes a big data problem it necessitates big data solutions.”
  5. There’s going to be a greater need for adversarial machine learning to combat supply chain corruption in 2020. Sean Tierney, Director of Threat Intelligence at Infoblox, predicts that “the need for adversarial machine learning to combat supply chain corruption is going to increase in 2020. Sean predicts that the big problem with remote coworking spaces is determining who has access to what data. As a result, AI will become more prevalent in traditional business processes and be used to identify if a supply chain has been corrupted.”
  6. Artificial intelligence will become more prevalent in account takeover—both the proliferation and prevention of it. Josh Johnston, Director of AI at Kount, predicts that “the average consumer will realize that passwords are not providing enough account protection and that every account they have is vulnerable. Captcha won’t be reliable either, because while it can tell if someone is a bot, it can’t confirm that the person attempting to log in is the account holder. AI can recognize a returning user. AI will be key in protecting the entire customer journey, from account creation to account takeover, to a payment transaction. And, AI will allow businesses to establish a relationship with their account holders that are protected by more than just a password.”
  7. Consumers will take greater control of their data sharing and privacy in 2020. Brian Foster, Senior Vice President Product Management at MobileIron, observes that over the past few years, we’ve witnessed some of the biggest privacy and data breaches. As a result of the backlash, tech giants such as Apple, Google, Facebook and Amazon beefed up their privacy controls to gain back trust from customers. Now, the tables have turned in favor of consumers and companies will have to put privacy first to stay in business. Moving forward, consumers will own their data, which means they will be able to selectively share it with third parties, but most importantly, they will get their data back after sharing, unlike in years past.
  8. As cybersecurity threats evolve, we’ll fight AI with AI. Brian Foster, Senior Vice President Product Management at MobileIron, notes that the most successful cyberattacks are executed by highly professional criminal networks that leverage AI and ML to exploit vulnerabilities such as user behavior or security gaps to gain access to valuable business systems and data. All of this makes it extremely hard for IT security organizations to keep up — much less stay ahead of these threats. While an attacker only needs to find one open door in an enterprise’s security, the enterprise must race to lock all of the doors. AI conducts this at a pace and thoroughness human ability can no longer compete with, and businesses will finally take notice in 2020.
  9. AI and machine learning will thwart compromised hardware finding its way into organizations’ supply chains. Rising demand for electronic components will expand the market for counterfeit components and cloned products, increasing the threat of compromised hardware finding its way into organizations’ supply chains. The vectors for hardware supply-chain attacks are expanding as market demand for more and cheaper chips, and components drive a booming business for hardware counterfeiters and cloners. This expansion is likely to create greater opportunities for compromise by both nation-state and cybercriminal threat actors. Source: 2020 Cybersecurity Threats Trends Outlook; Booz, Allen, Hamilton, 2019.
  10. Capgemini predicts 63% of organizations are planning to deploy AI in 2020 to improve cybersecurity, with the most popular application being network security. Capgemini found that nearly one in five organizations were using AI to improve cybersecurity before 2019. In addition to network security, data security, endpoint security, and identity and access management are the highest priority use cases for improving cybersecurity with AI in enterprises today. Source: Capgemini, Reinventing Cybersecurity with Artificial Intelligence: The new frontier in digital security.

10 Predictions How AI Will Improve Cybersecurity In 2020

Posted in , , , | Tagged , , , , , , , , , , , | Leave a response

Workday talks machine learning and the future of human capital management

By on December 2, 2019

Because people are the most important resources in any organization, human capital management (HCM) is essential in every large enterprise. Changes in technology — from mobile devices to AI — are having a profound impact on how people in business work and interact.

To glimpse the future of HCM technology and the role of machine learning, I spoke with Cristina Goldt, vice president for HCM product management and Strategy at Workday. Cristina is a prominent HCM technology leader who is helping to shape human capital management. Our conversation took place at Workday Rising 2019, the company’s annual customer event, held this year in Orlando.

Watch the video embedded above to see the future of HCM and read the edited transcript below. I recorded this video as part of the CxOTalk series of conversations with the world’s top innovators in business, technology, government, and higher education.

Where is HCM going?

We see technology — artificial intelligence, machine learning — changing work, changing jobs, and the relationship between people and machines. We see the world of work and alternative arrangements and agile teams. We see all of that playing into how work gets done.

And, and very importantly, we see skills become a key factor or driver in how people are thinking about their workforce, their talent, executing on their talent strategy.

What does all this mean for Workday customers?

We need to support them. They’re looking for how they support their people in this ever-changing world of HR and world of work. And so for us, it’s how do we help them become those enterprises in the future to identify, develop and optimize talent. Scale and speed are what we endeavor to help them with.

What is the Workday Skills Cloud?

It’s a common language of skills across all of our customers. And most importantly, if you think of software as a service, it’s skills as a service because it’s crowdsourced. It dynamically lives and breathes and grows based on data. We’ve solved the data challenge of understanding, categorizing and continually keeping your skills updated.

The next thing was to solve the challenge of [knowing] what skills my people have. Taking machine learning to do that, to infer skills, matching people to work.

In the past, it has been very manual and challenging, if not almost impossible, because there wasn’t a common language or way to do the matching. The technology wasn’t there. Today that technology is there to sort through the huge volumes of data, to understand skills.

What’s the role of data in the future of HCM?

Data is the foundation to make this happen. At Workday, we started with that core system of record, which became that core foundation of data. Which now moves to a core system of capabilities. You now have data about your people that you can take action on, make recommendations. Using machine learning to make suggestions and make all of this happen. It doesn’t happen without the data. That data foundation gets us to the next step.

Where does the data come from?

The data comes from the billions of transactions and thousands of dimensions of the over 40 million workers in Workday.

Is data the future of work?

Data is an important part of the future of work and a foundation for all the things we’re going to do next.

Disclosure: Workday covered most of my travel to Workday Rising.

(Cross-posted @ ZDNet | Beyond IT Failure)

Posted in | Leave a response

7 Ways AI Reduces Mobile Fraud Just In Time For The Holidays

By on December 1, 2019

7 Ways AI Reduces Mobile Fraud Just In Time For The Holidays

  • There has been a 680% increase in global fraud transactions from mobile apps from October 2015 to December 2018, according to RSA.
  •  70% of fraudulent transactions originated in the mobile channel in 2018.
  • RSA’s Anti-Fraud Command Center saw phishing attacks increase 178% after leading banks in Spain launched instant transfer services.
  • Rogue mobile apps are proliferating with, 20% of all reported cyberattacks originating from mobile apps in 2018 alone.

On average, there are 82 new rogue applications submitted per day to any given AppExchange or application platform, all designed to defraud consumers. Mobile and digital commerce are cybercriminals’ favorite attack surfaces because they are succeeding with a broad base of strategies for defrauding people and businesses.

Phishing, malware, smishing, or the use of SMS texts rather than email to launch phishing attempts are succeeding in gaining access to victims’ account credentials, credit card numbers, and personal information to launch identity theft breaches. The RSA is seeing an arms race between cybercriminals and mobile OS providers with criminals improving their malware to stay at parity or leapfrog new versions and security patches of mobile operating systems.

Improving Mobile Fraud Prevention With AI And Machine Learning

Creating a series of rogue applications and successfully uploading them into an AppExchange or application store gives cybercriminals immediate access to global markets. Hacking mobile apps and devices is one of the fastest growing cybercriminal markets, one with 6.8B mobile users worldwide this year, projected to increase to 7.3B in 2023, according to The Radicati Group. The total number of mobile devices, including both phones and tablets will be over 13B by the end of 2019, according to the research firm. And a small percentage of mobile fraud transactions get reported, with mobile fraud losses reported totaling just over $40M across 14,392 breaches according to the U.S. Federal Trade Commission. Mobile fraud is an epidemic that needs to be fought with state-of-the-art approaches based on AI and machine learning’s innate strengths.

Traditional approaches to thwarting digital fraud rely on rules engines that thrive on detecting and taking action based on established, known patterns, and are often hard-coded into a merchant’s system. Fraud analyst teams further customize rules engines to reflect the unique requirements of the merchants’ selling strategies across each channel. Fine-tuning rules engines makes them effective at recognizing and taking action on known threat patterns. The challenge for every merchant relying on a fraud rules engine is that they often don’t catch the latest patterns in cybercriminal activity. Where rules-based approaches to digital fraud don’t scale, AI, and machine learning do.

Exploring The 7 Ways AI Is Reducing Mobile Fraud

Where rules engines are best suited for spotting existing trends in fraud activity, machine learning excels at classifying observations (called supervised machine learning) and finding anomalies in data by finding entirely new patterns and associations (called unsupervised machine learning). Combining supervised and unsupervised machine learning algorithms are proving to be very effective at reducing mobile fraud. The following are the seven ways AI and machine learning are reducing mobile fraud today:

  1. AI and machine learning reduce false positives by interpreting the nuances of specific behaviors and accurately predicting if a transaction is fraudulent or not. Merchants are relying on AI and machine learning to reduce false positives, saving their customers from having to re-authenticate who they are and their payment method. A false positive at that first interaction with a customer is going to reduce the amount of money that they spend with a merchant, so it’s very important to interpret each transaction accurately.
  2. Identifying and thwarting merchant fraud based on anomalous activity from a compromised mobile device. Cybercriminals are relying on SIM swapping to gain control of mobile devices and commit fraud, as the recent hack of Twitter’s founder Jack Dorsey illustrates. Hackers were able to transfer his telephone number using SIM swapping and by talking Dorsey’s mobile service provider to bypass the account passcode. Fortunately, only his Twitter account was hacked. Any app or account accessible on his phone could have been breached, leading to fraudulent bank transfers or purchases. The attack could have been thwarted if Jack Dorsey’s mobile service provider was using AI-based risk scoring to detect and act on anomalous activity.
  3. AI and machine learning-based techniques scale across a wider breadth of merchants than any rules-based approach to mobile fraud prevention can. Machine learning-based models scale and learn across different industries in real-time, accumulating valuable data that improves payment fraud prediction accuracy. Kount’s Universal Data Network is noteworthy, as it includes billions of transactions over 12 years, 6,500 customers, 180+ countries and territories, and multiple payment networks. That rich data feeds Kount’s machine learning models to detect anomalies more accurately and reduce false positives and chargebacks.
  4. Combining supervised and unsupervised machine learning algorithms translates into a formidable speed advantage, with fraudulent transactions identified on average in 250 milliseconds. Merchants’ digital business models’ scale and speed are increasing, and with the holidays coming up, there’s a high probability many will set mobile commerce sales records. The merchants who will gain the most sales are focusing on how security and customer experience can complement each other. Being able to approve or reject a transaction within a second or less is the cornerstone of an excellent customer buying experience.
  5. Knowing when to use two-factor authentication via SMS or Voice PIN to reduce false negatives or not, preserving customer relationships in the process. Rules engines will often take a brute-force approach to authentication if any of the factors they’re tracking show a given transaction is potentially fraudulent. Requesting customers authenticate themselves after they’re logged into a merchant’s site when they attempt to buy an item is a sure way to lose a customer for life. By being able to spot anomalies quickly, fewer customers are forced to re-authenticate themselves, and customer relationships are preserved. And when transactions are indeed fraudulent, losses have been averted in less than a second.
  6. Provide a real-time transaction risk score that combines the strengths of supervised and unsupervised machine learning into a single fraud prevention payment score. Merchants need a real-time transaction risk score that applies to every channel they sell, though. Fraud rules engines had to be tailored to each specific selling channel with specific rules for each type of transaction. That’s no longer the case due to machine learnings’ ability to scale across all channels and provide a transaction risk score in milliseconds. Leaders in this area include Kount’s Omniscore, the actionable transaction safety rating that is a result of their AI, which combines patented, proprietary supervised and unsupervised machine learning algorithms and technologies.
  7. Combining insights from supervised and unsupervised machine learning with contextual intelligence of transactions frees up fraud analysts to do more investigations and fewer transaction reviews. AI and machine learning-based fraud prevention systems’ first contribution is often reducing the time fraud analysts take for manual reviews. Digitally-based businesses I’ve talked with say having supervised machine learning categorize and then predict fraudulent attempts is invaluable from a time-saving standpoint alone. Merchants are finding AI, and machine learning-based approaches enable to score to approve more orders automatically, reject more orders automatically, and focus on those gray area orders, freeing up fraud analysts to do more strategic, rewarding work. They’re able to find more sophisticated, nuanced abuse attacks like refer a friend abuse or a promotion abuse or seller collusion in a marketplace. Letting the model do the work of true payment fraud prevention frees up those fraud analysts to do other worth that add value.

Conclusion

With the holiday season rapidly approaching, it’s time for merchants to look at how they can protect mobile transactions at scale across all selling channels. AI and machine learning are proving themselves as viable replacements to traditional rules engines that rely on predictable, known fraud patterns. With 70% of fraudulent transactions originating in the mobile channel in 2018 and the influx of orders coming in the next three months, now would be a good time for merchants to increase their ability to thwart mobile fraud while reducing false positives that alienate customers.

Sources:

RSA 2019 Current State of Cybercrime Report (11 pp., PDF, opt-in)

The Radicati Group, Mobile Statistics Report, 2019 – 2023 (3 pp., PDF, no opt-in)

U.S. Federal Trade Commission, Consumer Sentinel Network, Data Book 2018 (90 pp., PDF, no opt-in)

 

Posted in , , , | Tagged , , , , , , , , , | Leave a response

How To Excel At Secured Cloud Migrations With A Shared Responsibility Model

By on November 30, 2019

How To Excel At Secured Cloud Migrations With A Shared Responsibility Model

  • 60% of security and IT professionals state that security is the leading challenge with cloud migrations, despite not being clear about who is responsible for securing cloud environments.
  • 71% understand that controlling privileged access to cloud service administrative accounts is a critical concern, yet only 53% cite secure access to cloud workloads as a key objective of their cloud Privileged Access Management (PAM) strategies.

These and many other fascinating insights are from the recent Centrify survey, Reducing Risk in Cloud Migrations: Controlling Privileged Access to Hybrid and Multi-Cloud Environments, downloadable here. The survey is based on a survey of over 700 respondents from the United States, Canada, and the UK from over 50 vertical markets, with technology (21%), finance (14%), education (10%), government (10%) and healthcare (9%) being the top five. For additional details on the methodology, please see page 14 of the study.

What makes this study noteworthy is how it provides a candid, honest assessment of how enterprises can make cloud migrations more secure by a better understanding of who is responsible for securing privileged access to cloud administrative accounts and workloads.

Key insights from the study include the following:

  • Improved speed of IT services delivery (65%) and lowered total cost of ownership (54%) are the two top factors driving cloud migrations today. Additional factors include greater flexibility in responding to market changes (40%), outsourcing IT functions that don’t create competitive differentiation (22%), and increased competitiveness (17%). Reducing time-to-market for new systems and applications is one of the primary catalysts driving cloud migrations today, making it imperative for every organization to build security policies and systems into their cloud initiatives.

  • Security is the greatest challenge to cloud migration by a wide margin. 60% of organizations define security as the most significant challenge they face with cloud migrations today. One in three sees the cost of migration (35%) and lack of expertise (30%) being the second and third greatest impediments to cloud migration project succeeding. Organizations are facing constant financial and time constraints to achieve cloud migrations on schedule to support time-to-market initiatives. No organization can afford the lost time and expense of an attempted or successful breach impeding cloud migration progress.

 

  • 71% of organizations are implementing privileged access controls to manage their cloud services. However, as the privilege becomes more task-, role-, or access-specific, there is a diminishing interest of securing these levels of privileged access as a goal, evidenced by only 53% of organizations securing access to the workloads and containers they have moved to the cloud. The following graphic reflects the results.

  • An alarmingly high 60% of organizations incorrectly view the cloud provider as being responsible for securing privileged access to cloud workloads. It’s shocking how many customers of AWS and other public cloud providers are falling for the myth that cloud service providers can completely protect their customized, highly individualized cloud instances. The native Identity and Access Management (IAM) capabilities offered by AWS, Microsoft Azure, Google Cloud, and others provide enough functionality to help an organization get up and running to control access in their respective homogeneous cloud environments. Often they lack the scale to adequately address the more challenging, complex areas of IAM and Privileged Access Management (PAM) in hybrid or multi-cloud environments, however. For an expanded discussion of the Shared Responsibility Model, please see The Truth About Privileged Access Security On AWS and Other Public Clouds. The following is a graphic from the survey and Amazon Web Services’ interpretation of the Shared Responsibility Model.

How To Excel At Secured Cloud Migrations With A Shared Responsibility Model

 

  • Implementing a common security model in the cloud, on-premises, and in hybrid environments is the most proven approach to making cloud migrations more secure. Migrating cloud instances securely needs to start with Multi-Factor Authentication (MFA), deploying a common privileged access security model equivalent to on-premises and cloud systems, and utilizing enterprise directory accounts for privileged access. These three initial steps set the foundation for implementing least privilege access. It’s been a major challenge for organizations to do this, particularly in cloud environments, as 68% are not eliminating local privilege accounts in favor of federated access controls and are still using root accounts outside of “break glass” scenarios. Even more concerning, 57% are not implementing least privilege access to limit lateral movement and enforce just-enough, just-in-time-access.

  • When it comes to securing access to cloud environments, organizations don’t have to re-invent the wheel. Best practices from securing on-premises data centers and workloads can often be successful in securing privileged access in cloud and hybrid environments as well.

Conclusion

The study provides four key takeaways for anyone working to make cloud migrations more secure. First, all organizations need to understand that privileged access to cloud environments is your responsibility, not your cloud provider’s. Second, adopt a modern approach to Privileged Access Management that enforces least privilege, prioritizing “just enough, just-in-time” access. Third, employ a common security model across on-premises, cloud, and hybrid environments. Fourth and most important, modernize your security approach by considering how cloud-based PAM systems can help to make cloud migrations more secure.

 

 

Posted in , , , | Tagged , , , , , , , , , , | Leave a response

7 Signs It’s Time To Get Focused On Zero Trust

By on November 29, 2019

7 Signs It’s Time To Get Focused On Zero Trust

When an experienced hacker can gain access to a company’s accounting and financial systems in 7 minutes or less after obtaining privileged access credentials, according to Ponemon, it’s time to get focused on Zero Trust Security. 2019 is on its way to being a record year for ransomware attacks, which grew 118% in Q1 of this year alone, according to McAfee Labs Threat Report. Data breaches on healthcare providers reached an all-time high in July of this year driven by the demand for healthcare records that range in price from $250 to over $1,000 becoming best-sellers on the Dark Web. Cybercriminals are using AI, bots, machine learning, and social engineering techniques as part of sophisticated, well-orchestrated strategies to gain access to banking, financial services, healthcare systems, and many other industries’ systems today.

Enterprises Need Greater Urgency Around Zero Trust

The escalating severity of cyberattacks and their success rates are proving that traditional approaches to cybersecurity based on “trust but verify” aren’t working anymore. What’s needed is more of a Zero Trust-based approach to managing every aspect of cybersecurity. By definition, Zero Trust is predicated on a “never trust, always verify” approach to access, from inside or outside the network. Enterprises need to begin with a Zero Trust Privilege-based strategy that verifies who is requesting access, the context of the request, and the risk of the access environment.

How urgent is it for enterprises to adopt Zero Trust? A recent survey of 2,000 full-time UK workers, completed by Censuswide in collaboration with Centrify, provides seven signs it’s time for enterprises to get a greater sense of urgency regarding their Zero Trust frameworks and initiatives. The seven signs are as follows:

  1. 77% of organizations’ workers admit that they have never received any form of cybersecurity skills training from their employer. In this day and age, it’s mind-blowing that three of every four organizations aren’t providing at least basic cybersecurity training, whether they intend to adopt Zero Trust or not. It’s like freely handing out driver’s licenses to anyone who wants one so they can drive the freeways of Los Angeles or San Francisco. The greater the training, the safer the driver. Likewise, the greater the cybersecurity training, the safer the worker, company and customers they serve.
  2. 69% of employees doubt the cybersecurity processes in place in their organizations today. When the majority of employees don’t trust the security processes in place in an organization, they invent their own, often bringing their favorite security solutions into an enterprise. Shadow IT proliferates, productivity often slows down, and enterprise is more at risk of a breach than ever before. When there’s no governance or structure to managing data, cybercriminals flourish.
  3. 63% of British workers interviewed do not realize that unauthorized access to an email account without the owner’s permission is a criminal offense. It’s astounding that nearly two-thirds of the workers in an organization aren’t aware that unauthorized access to another person’s email account without their permission is a crime. The UK passed into law 30 years ago the Computer Misuse Act. The law was created to protect individuals’ and organizations’ electronic data. The Act makes it a crime to access or modify data stored on a computer without authorization to do so. The penalties are steep for anyone found guilty of gaining access to a computer without permission, starting with up to two years in prison and a £5,000 fine. It’s alarming how high the lack of awareness is of this law, and an urgent call to action to prioritize organization-wide cybersecurity training.
  4. 27% of workers use the same password for multiple accounts. The Consensus survey finds that workers are using identical passwords for their work systems, social media accounts, and both personal and professional e-mail accounts. Cybersecurity training can help reduce this practice, but Zero Trust is badly needed to protect privileged access credentials that may have identical passwords to someone’s Facebook account, for example.
  5. 14% of employees admitted to keeping their passwords recorded in an unsecured handwritten notebook or on their desk in the office.  Organizations need to make it as difficult as possible for bad actors and cybercriminals to gain access to passwords instead of sharing them in handwritten notebooks and on Post-It notes. Any organization with this problem needs to immediately adopt Multi-Factor Authentication (MFA) as an additional security measure to ensure compromised passwords don’t lead to unauthorized access. For privileged accounts, use a password vault, which can make handwritten password notes (and shared passwords altogether) obsolete.
  6. 14% do not use multi-factor authentication for apps or services unless forced to do so. Centrify also found that 58% of organizations do not use Multi-Factor Authentication (MFA) for privileged administrative access to servers, leaving their IT systems and infrastructure unsecured. Not securing privileged access credentials with MFA or, at the very least, vaulting them is like handing the keys to the kingdom to cybercriminals going after privileged account access. Securing privileged credentials needs to begin with a Zero Trust-based approach that verifies who is requesting access, the context of the request, and the risk of the access environment.
  7. 1 out of every 25 employees hacks into a colleague’s email account without permission. In the UK, this would be considered a violation of the Computer Misuse Act, which has some unfortunate outcomes for those found guilty of violating it. The Censuswide survey also found that one in 20 workers have logged into friend’s Facebook accounts without permission. If you work in an organization of over 1,000 people, for example, 40 people in your company have most likely hacked into a colleague’s email account, opening up your entire company to legal liability.

Conclusion

Leaving cybersecurity to chance and hoping employees will do the right thing isn’t a strategy; it’s an open invitation to get hacked. The Censuswide survey and many others like it reflect a fundamental truth that cybersecurity needs to become part of the muscle memory of any organization to be effective. As traditional IT network perimeters dissolve, enterprises need to replace “trust but verify” with a Zero Trust-based framework. Zero Trust Privilege mandates a “never trust, always verify, enforce least privilege” approach to privileged access, from inside or outside the network. Leaders in this area include Centrify, who combines password vaulting with brokering of identities, multi-factor authentication enforcement, and “just enough” privilege, all while securing remote access and monitoring of all privileged sessions.

Posted in , , , | Tagged , , , , , , , , , , , | Leave a response

What’s New On The Zero Trust Security Landscape In 2019

By on November 27, 2019

What’s New On The Zero Trust Security Landscape In 2019

  • Forrester added in Checkpoint, Forescout, Google, illumio, MobileIron, Proofpoint, Symantec, and Unisys in their latest Forrester Wave™: Zero Trust eXtended Ecosystem Platform Providers this year.
  • Forrester’s 2019 scorecard increased the weight on network security, automation and orchestration, and portfolio growth rate compared to last year, adding in Zero Trust eXtended (ZTX) ecosystem advocacy to the scorecard for the first time.
  • Microsoft and VMWare are no longer included in the Forrester Wave™: Zero Trust eXtended Ecosystem Platform Providers this year.

These and many other interesting insights are from what’s new in the Forrester Wave™: Zero Trust eXtended Ecosystem Platform Providers, Q4 2019, written by Chase Cunningham and published on October 29, 2019. Chase is a leading authority on Zero Trust Security, and I was fortunate to have the opportunity to interview him earlier this year. You can read the interview here,10 Questions With Chase Cunningham On Cybersecurity. Forrester included 14 vendors in this assessment: Akamai Technologies, Check Point, Cisco, Cyxtera Technologies, Forcepoint, Forescout, Google, illumio, MobileIron, Okta, Palo Alto Networks, Proofpoint, Symantec, and Unisys. The following is the Forrester Wave™: Zero Trust eXtended Ecosystem Platform Providers, Q4 2019 graphic from the free reprint offered by MobileIron here.

Forrester Wave™: Zero Trust eXtended Ecosystem Platform Providers, Q4 2019

Summary of What’s New In Forrester’s Zero Trust Wave This Year

The latest Forrester Wave adds in and places high importance on Zero Trust eXtended (ZTX) ecosystem advocacy, allocating 25% of the weight associated with the Strategy section on the scorecard. Forrester sees Zero Trust as a journey, with vendors who provide the greatest assistance and breadth of benefits on a unified platform being the most valuable. The Wave makes it clear that Zero Trust doesn’t refer to a specific technology but rather the orchestration of several technologies to enable and strengthen their Zero Trust framework. Key insights from what’s new this year in the Forrester Wave™: Zero Trust eXtended Ecosystem Platform Providers, Q4 2019 include the following:

  • Platforms are powering the Zero Trust landscape and delivering the greatest value to organizations on their Zero Trust journey. Forrester notes that organizations are getting the greatest benefits from choosing a single vendor who can deliver integrated, real-world capabilities instead of marketing hype.
  • Ease of use and excellent usability need to be the new normal when it comes to Zero Trust Solutions. Forrester sees a widening gap between Zero Trust solutions that take administrator and end-user experience into account and deliver the critical capabilities that make ZTX frameworks successful and those that don’t. It’s common knowledge of how challenging Zero Trust solutions and platforms are to deploy. Raising the issue of improving usability will help expand the total available market for Zero Trust solutions and increase the effectiveness of every platform installed.
  • A much stronger focus on Application Programmer Interfaces (APIs) and integration. This year’s Wave places much greater emphasis on APIs and the need to integrate every application and Web Service across a Zero Trust platform. The greater the integration expertise of any Zero Trust vendor, the faster an organization adopting their systems and platforms will attain secured stability across every threat surface.
  • Forrester advises Zero Trust vendors to concentrate on four key aspects of their strategy if they’re going to deliver overwhelming value to organizations they’re selling to. These four key aspects include actively advocating for Zero Trust as evidenced by driving product strategies that prioritize needed capabilities; supporting micro-segmentation; enforcing policy everywhere by first enabling extensive, proven integrations using well-documented and tested APIs that make it possible to enable policy definition and enforcement across enterprises; and provide identity beyond identity and access management (IAM).
  • Cyxtera Technologies, MobileIron, and Proofpoint are new to the Zero Trust World, each bringing valuable contributions to enterprises on their Zero Trust journey. Of the three, MobileIron is the most noteworthy as their approach to Zero Trust begins with the device and scales across mobile infrastructures. Forrester observes that “MobileIron’s recently released authenticator, which enables passwordless authentication to cloud services, is a must for future-state Zero Trust enterprises and speaks to its innovation in this space.” MobileIron’s product suite also includes a federated policy engine that enables administrators to control and better command the myriad of devices and endpoints that enterprises rely on today. Forrester sees all three vendors as having excellent integration at the platform level, a key determinant of how effective they will be in providing support to enterprises pursuing Zero Trust Security strategies in the future.

Conclusion

The latest Forrester Wave™: Zero Trust eXtended Ecosystem Platform Providers, Q4 2019, reflects the growing maturity of the Zero Trust eXtended (ZTX) Ecosystem. Adding in Zero Trust eXtended (ZTX) ecosystem advocacy and weighing it at 25% reflects how serious Forrester is about evaluating vendors on solid, real product features over marketing claims. The increased focus on platforms, APIs and integration also reflect the growing maturity of enterprises adopting Zero Trust frameworks today.

Posted in , , , | Tagged , , , , , , | Leave a response

A Historical Perspective on Why SAL and SQL Appear to be Defined Backwards

By on November 25, 2019

Most startups today use some variation on the now fairly standard terms SAL (sales accepted lead) and SQL (sales qualified lead).  Below see the classic [1] lead funnel model from marketing bellwether Sirius Decisions that defines this.

One great thing about working as an independent board member and consultant is that you get to work with lots of companies. In doing this, I’ve noticed that while virtually everyone uses the terminology SQL and SAL, that some people define SQL before SAL and others define SAL before SQL.

Why’s that?  I think the terminology was poorly chosen and is confusing.  After all, what sounds like it comes first:  sales accepting a lead or sales qualifying a lead?  A lot of folks would say, “well you need to accept it before you can qualify it.”  But others would say “you need to qualify it before you can accept it.”  And therein lies the problem.

The correct answer, as seen above, is that SAL comes before SQL.  I have a simple way of remembering this:  A comes before Q in the alphabet, and SAL comes before SQL in the funnel. Until I came up with that I was perpetually confused.

More importantly, I think I also have a way of explaining it.  Start by remembering two things:

  • This model was defined at a time when sales development reps (SDRs) generally reported to sales, not marketing [2].
  • This model was defined from the point of view of marketing.

Thus, sales accepting the lead didn’t mean a quota-carrying rep (QCR) accepted the lead – it meant an SDR, who works in the sales department, accepted the lead.  So it’s sales accepting the lead in the sense that the sales department accepted it.  Think: we, marketing, passed it to sales.

After the SDR worked on the lead, if they decided to pass it to a QCR, the QCR would do an initial qualification call, and then the QCR would decide whether to accept it.  So it’s a sales qualified lead, in the sense that a salesperson has qualified it and decided to accept it as an opportunity.

Think: accepted by an SDR, qualified by a salesrep.

Personally, I prefer avoid the semantic swamp and just say “stage 1 opportunity” and “stage 2 opportunity” in order to keep things simple and clear.

# # #

Notes

[1] This model has since been replaced with a newer demand unit waterfall model that nevertheless still uses the term SQL but seems to abandon SAL.

[2] I greatly prefer SDRs reporting to marketing for two
reasons:  [a] unless you are running a
pure velocity sales model, your sales leadership is more likely to deal-people
than process-people – and running the SDRs is a process-oriented job and [b] it
eliminates a potential crack in the funnel by passing leads to sales “too early”.  When SDRs report to marketing, you have a
clean conceptual model:  marketing is the
opportunity creation factory and sales is the opportunity closing factory.

(Cross-posted @ Kellblog)

Posted in | Tagged , , , , , , , | Leave a response

Maybe RPA is a gateway drug after all, as AI takes the number one spot for investment focus

By on November 25, 2019

There haven’t been too many better debates since RPA fever took over the world of process executives whether the toolset was the first step on the road to full artificial intelligence (AI) adoption. The consensus has largely been that RPA provides some great process orchestration experimentation that can eventually help us enjoy that ultimate AI high.  However, the only way to truly get on that Intelligent Automation Continuum is to redesign processes that drive specific business outcomes, where RPA is an enabler to achieving the desired process flows.  If you’re just using RPA to make a crappy old process run better, you’ll struggle to achieve much more than a mild buzz:

However, what really brings home the emerging ambition of enterprise operations leaders is the new data from the State of Operations study that shows AI leaping ahead of RPA as the most significant area of focus for investment in 2020.  This clearly means that achieving AI effectiveness is clearly the larger enterprise-wide goal, and experimentation with process automation is encouraging many executives to think about broader business outcomes as the potential of machine learning and other AI facets become more and more intertwined with process digitization:

 

The Bottom-line: Automation and AI strategy must be led by overarching business strategy, and RPA often provides the first testing ground

If automation is not part of the overall business strategy then senior leadership should not be focused on delivering automation projects as they run the risk of failure or at least mediocrity.  Most businesses can really only deliver against 3 or 4 strategic initiatives at a time, so if automation projects are not directly contributing to one of them they should be stopped.  The focus of automation always needs to be on desired measurable business outcomes of these bigger initiatives, otherwise, they become too tactical and will lack management commitment. The short-term targets and KPIs need to have a clear and logical relationship to the bigger picture.

In addition, RPA must be treated as an enterprise application. If RPA is viewed as a widget or productivity utility, then it has no chance of supporting broader digital change. Part of business and IT alignment is recognizing RPA as part of the canon of digital change agents that are helping advance how companies are run. No tool alone can ever do the job. But the exponential power of “and” is compelling.

 

(Cross-posted @ Horses for Sources)

Posted in , | Tagged , , | Leave a response

10 Charts That Will Change Your Perspective Of AI In Security

By on November 24, 2019

10 Charts That Will Change Your Perspective Of AI In Security

Rapid advances in AI and machine learning are defining cybersecurity’s future daily. Identities are the new security perimeter and Zero Trust Security frameworks are capitalizing on AI’s insights to thwart breaches in milliseconds. Advances in AI and machine learning are also driving the transformation of endpoint security toward greater accuracy and contextually intelligence.

69% of enterprise executives believe artificial intelligence (AI) will be necessary to respond to cyberattacks with the majority of telecom companies (80%) saying they are counting on AI to help identify threats and thwart attacks according to Capgemini. Gartner predicts $137.4B will be spent on Information Security and Risk Management in 2019, increasing to $175.5B in 2023, reaching a CAGR of 9.1%. Cloud Security, Data Security, and Infrastructure Protection are the fastest-growing areas of security spending through 2023. The following ten charts illustrate the market and technological factors driving the rapid growth of AI in security today:

  • AI shows the greatest potential for fraud detection, malware detection, assigning risk scores to login attempts on networks, and intrusion detection. Supervised and unsupervised machine learning algorithms are proving to be effective in identifying potentially fraudulent online transaction activity. By definition, supervised machine learning algorithms rely on historical data to find patterns not discernible with traditional rule-based approaches to fraud detection. Finding anomalies, interrelationships, and valid links between emerging factors and variables is unsupervised machine learning’s core strength. Combining each is proving to be very effective in identifying anomalous behavior and reducing or restricting access. Kount’s  Omniscore relies on these technologies to provide an AI-driven transaction safety rating. Source: Capgemini Research Institute, Reinventing Cybersecurity with Artificial Intelligence – The new frontier in digital security (28 pp., PDF, no opt-in).
  • 80% of telecommunications executives stated that they believe their organization would not be able to respond to cyberattacks without AI. Across all seven industries studied in a recent Capgemini survey, 69% of all senior executives say they would not be able to respond to a cyberattack without AI. 75% of banking executives realize they’ll need AI to thwart a cyberattack. Interestingly, 59% of Utilities executives, the lowest response to this question on the survey, see AI as essential for battling a cyberattack. Utilities are one of the more vulnerable industries to attacks given their legacy infrastructure. Source: Statistica, Share of organizations that rely on artificial intelligence (AI) for cybersecurity in selected countries as of 2019, by industry
  • 51% of enterprises primarily rely on AI for threat detection, leading prediction, and response. Consistent with the majority of cybersecurity surveys of enterprises’ AI adoption for cybersecurity in 2019, AI is relied on the majority of the time for detecting threats. A small percentage of enterprises have progressed past detection to prediction and response, as the graphic below shows. Many of the more interesting AI projects today are in prediction and response, given how the challenges in these areas expand the boundaries of technologies fast. Source: Capgemini Research Institute, Reinventing Cybersecurity with Artificial Intelligence – The new frontier in digital security (28 pp., PDF, no opt-in).
  • Enterprises are relying on AI as the foundation of their security automation frameworks. AI-driven security automation frameworks are designed to flex and support new digital business models across an organization. Existing security automation frameworks can crunch and correlate threat patterns on massive volumes of disparate data, which introduces opportunities for advanced cybersecurity without disrupting business. Using alerts and prescriptive analytics for dynamic policies to address identified risks, enterprises can speed deployment of threat-blocking measures, increasing the agility of security operations. Source: Cognizant, Combating Cybersecurity Challenges with Advanced Analytics (PDF, 24 pp., no opt-in).
  • Cybersecurity leads all other investment categories this year of TD Ameritrade’s Registered Investment Advisors (RIA) Survey. The survey found RIAs are most interested in investment opportunities for their clients in AI-based cybersecurity new ventures. Source: TD Ameritrade Institutional 2019 RIA Sentiment Survey (PDF, 35 pp., no opt-in)
  • 62% of enterprises have adopted and implemented AI to its full potential for cybersecurity, or are still exploring additional uses. AI is gaining adoption in U.S.-based enterprises and is also being recommended by government policy influencers. Just 21% of enterprises have no plans for using AI-based cybersecurity today.  Source: Oracle, Security In the Age Of AI (18 pp., PDF. no opt-in
  • 71% of today’s organizations reporting they spend more on AI and machine learning for cybersecurity than they did two years ago. 26% and 28% of U.S. and Japanese IT professionals believe their organizations could be doing more. Additionally, 84% of respondents believe cyber-criminals are also using AI and ML to launch their attacks. When considered together, these figures indicate a strong belief that AI/ML-based cybersecurity is no longer simply nice to have; it’s crucial to stop modern cyberattacks.   Source: Webroot, Knowledge Gaps: AI and Machine Learning in Cybersecurity Perspectives from the U.S. and Japanese IT Professionals (PDF, 9 pp., no opt-in)
  • 73% of enterprises have adopted security products with some form of AI integrated into them. Among enterprises that receive more than 1,000 alerts per day, the percentage that has AI-enabled products in their security infrastructure jumps to 84%. The findings suggest that some decision-makers view AI as a useful capability in dealing with the flood of alerts that they receive. Source: Osterman Research, The State of AI in Cybersecurity: The Benefits, Limitations and Evolving Questions (PDF, 10 pp., opt-in).
  • AI’s greatest benefit is the increase in the speed of analyzing threats (69%) followed by an acceleration in the containment of infected endpoints/devices and hosts (64%). Because AI reduces the time to respond to cyber exploits organizations can potentially save an average of more than $2.5 million in operating costs. Source: The Value of Artificial Intelligence in Cybersecurity – Sponsored by IBM Security Independently conducted by Ponemon Institute LLC, July 2018.

Posted in , , , | Tagged , , , , , , , , | Leave a response

Next »