3 guiding principles of data security in the AI era
Securing the AI: All AI deployments – including data, pipelines, and
model output – cannot be secured in isolation. Security programs need to
account for the context in which AI systems are used and their impact on
sensitive data exposure, effective access, and regulatory compliance. Securing
the AI model itself means identifying model risks, over-permissive access, and
data flow violations throughout the AI pipeline. Securing from AI: Just
like most new technologies, artificial intelligence is a double-edged sword.
Cyber criminals are increasingly turning to AI to generate and execute attacks
at scale. Attackers are currently leveraging generative AI to create malicious
software, draft convincing phishing emails, and spread disinformation online
via deep fakes. There’s also the possibility that attackers could compromise
generative AI tools and large language models themselves. ... Securing with AI:
How can AI become an integral part of your defense strategy? Embracing the
technology for defense opens possibilities for defenders to anticipate, track,
and thwart cyberattacks to an unprecedented degree. AI offers a streamlined
way to sift through threats and prioritize which ones are most critical,
saving security analysts countless hours.
Web3 messaging: Fostering a new era of privacy and interoperability
Designed to be interoperable with various decentralized applications (DApps)
and blockchain networks, Web3 messaging protocols enable developers to
seamlessly integrate messaging functionality into their decentralized services
— a stark contrast to their traditional equivalents that host closed
ecosystems, which limit communication with users on other
platforms. Beoble, a communication infrastructure and ecosystem that
allows users to chat between wallets, is one of the Web3 messaging platforms
ready to change how people use digital communication. The platform comprises a
web-based chat application and a toolkit for seamless integration with DApps.
Dubbed “WhatsApp for Web3,” Beoble removes the need for login methods like
Twitter or Discord, instead mandating only a wallet for access. Users can log
in using their wallets and send texts, images, videos, links and files across
blockchain networks. Blockchain app users can utilize emojis and nonfungible
token (NFT) stickers in their digital communication with Beoble, adding a
layer of personality to their conversations.
As data takes center stage, Codified wants to bring flexibility to governance
As Gupta sees it, many large companies are authoring policies and trying to
implement them in various ways, but he sees software that is too rigid for
today’s use cases, leaving them vulnerable, especially when they have to
change policy. He wants to change that by translating policy into code that
can be implemented in a variety of ways, connected to various applications
that need access to the data, and easily changed when new customers or user
categories come along. “We let you author policies in natural language, in a
declarative way or using a UI - pick your favorite way - but when those
policies are authored, we can codify them into something that can be
implemented in a number of ways and can be very easily changed,” he said. To
that end, the company also enables customers to set conditions, such as
whether you’ve had security training in the last 365 days, or you’re already
part of a team working on a sensitive project. Ultimately, this enables
companies to set hard-coded data access rules based on who the employee is and
the applications they are using or projects they are part of, rather than
relying on creating groups on which to base these rules.
Looking Forward, Looking Back: A Quarter Century as a CISO
The first distributed denial of service (DDoS) attack occurred in 1999,
followed by Code Red and Nimda worm cyberattacks that targeted web servers in
2001, and SQL Slammer in 2003 which spread rapidly and brought focus on the
need to patch vulnerable systems. The end of the millennium also brought Y2K
and the Millennium Bug, which exposed the vulnerability of existing computing
infrastructures that formatted dates with only the final two digits and raised
the profile of CISOs and other security professionals. Organizations
recognized the necessity of dedicated executives responsible for managing
cybersecurity risks. ... CISOs were soon making the news, and not always in a
good way. Former Uber CISO Joe Sullivan was found guilty of felony obstruction
of justice and concealing a data breach in October 2022. The following month,
CISO Lea Kissner of Twitter (now X) resigned along with the company’s chief
privacy officer and its chief compliance officer over concerns that Twitter’s
new leadership was pushing for the release of products and platform changes
without effective security reviews.
How Generative AI is Revamping Digital Transformation to Change How Businesses Scale
Crucially, generative AI can help to tailor the dining experience for
customers in a way that significantly improves the quality of in-house or
takeaway eating. This is achieved by GenAI models analyzing data like guest
preferences, dietary restrictions, past orders, and behavior to offer
personalized menu items and even recommend food and drink pairings. Generative
AI will even be capable of using available datasets to generate offers on the
fly as an instant call-to-action (CTA) if it deems an online visitor isn't yet
ready to convert their interest into action. We're already seeing leading
global restaurants announce the implementation of generative AI for their
processes. ... Generative AI became the technological buzzword of 2023, and
for good reason. However, there will be many hurdles to overcome in the
development of the technology before it drives widespread digital
transformation. Regulatory hurdles may be tricky to overcome due to issues in
how AI programs can handle private data and utilize intellectual property
(IP). Quality shortcomings could also cause issues in governance among early
LLMs, and we've seen plenty of cases where language models "hallucinate" when
dealing with unusual queries.
NIST CSF 2.0 released, to help all organizations, not just those in critical infrastructure
The CSF’s governance component emphasizes that cybersecurity is a major source
of enterprise risk that senior leaders should consider alongside others, such
as finance and reputation. “Developed by working closely with stakeholders and
reflecting the most recent cybersecurity challenges and management practices,
this update aims to make the framework even more relevant to a wider swath of
users in the United States and abroad,” according to Kevin Stine, chief of
NIST’s Applied Cybersecurity Division. ... The framework’s core is now
organized around six key functions: Identify, Protect, Detect, Respond, and
Recover, along with CSF 2.0’s newly added Govern function. When considered
together, these functions provide a comprehensive view of the life cycle for
managing cybersecurity risk. The updated framework anticipates that
organizations will come to the CSF with varying needs and degrees of
experience implementing cybersecurity tools. New adopters can learn from other
users’ successes and select their topic of interest from a new set of
implementation examples and quick-start guides designed for specific types of
users...
Even LLMs need education—quality data makes LLMs overperform
Like any student, LLMs need a good source text to produce good outputs. As
Satish Jayanthi of CTO and co-founder of Coalesce told us, “If there were LLMs
in the 1700s, and we asked ChatGPT back then whether the earth is round or
flat and ChatGPT said it was flat, that would be because that's what we fed it
to believe as the truth. What we give and share with an LLM and how we train
it will influence the output.” Organizations that operate in specialized
domains will likely need to train or fine-tune LLMs of specialized data that
teaches those models how to understand that domain. Here at Stack Overflow,
we’re working with our Teams customers to incorporate their internal data into
GenAI systems. When Intuit was ramping up their GenAI program, they knew that
they needed to train their own LLMs to work effectively in financial domains
that use tons of specialized language. And IBM, in creating an
enterprise-ready GenAI platform in watsonx, made sure to create multiple
domain-aware models for code, geospatial data, IT events, and molecules.
State of FinOps 2024: Reducing Waste and Embracing AI
Engineers remain the biggest beneficiary of FinOps observability, even though
"engineering enablement" has dropped to a lower position in the report's
ranking of surveyed priorities. This indicates that engineers are those best
suited to responding to a sudden change in cost metrics. The report observes
that the "engineering persona" is reported as getting the most value from both
"FinOps training and self-service reporting." ... While waste reduction is a
common driver across all respondents, segmenting the survey by cloud spend
revealed that those with smaller budgets would tend to then prioritise
improvements in the accuracy of billing forecasts. The report states that
these respondents faced the challenge of understanding "the trajectory of
spending" prior to it "getting out of hand." Most invested in low-effort
solutions such as "manual adjustments" to generated forecast data. In
contrast, those with larger budgets tended to prioritise the optimisation of
commitment-based discounts to benefit from economies of scale. This included
the right-sizing of "reserved instances, savings plans, committed use
discounts," as well as specific negotiated discounts.
How to Develop an Effective Governance Risk and Compliance Strategy
“Overcoming silos and fostering communication needs to begin at the top,”
Rothaar, says in an email interview. Furthermore, aligning GRC goals with
broader business objectives ensures both executive management and individual
departments recognize the impact that GRC initiatives have on organizational
success. “Promoting a culture of communication with open dialogue and
knowledge-sharing is essential to a successful and efficient GRC strategy,”
she says. Ringel says organizations need to promote awareness and engagement
with risk and compliance, because they influence every member of the
organization. “You are only as strong as your weakest link when it comes to
risk, so making sure everyone is on the same page and treating risk and
compliance smartly is key,” she explains. Compliance is less directly obvious,
but if those values are not communicated through every department--product
design, development, customer support, marketing, and sales -- the end product
will reflect that disconnect. “Not every employee needs to know specific
regulations, but everyone needs to share the values of data governance and
compliance,” Ringel says.
Data storage problems and how to fix them
When undertaking the journey to digitisation, it’s important to consider the
issues and challenges and more importantly – know how to avoid them. ... It’s
wise not to attempt a massive data overhaul all at once, especially before
you’ve considered what data is valuable, how and where you will store the data
and investigated the different options and models available. It all depends on
the scope of transformation and the state the organisation is in. For
start-ups, it’s a green field and the experience is as good as the plan and
its periodic inspection and adaptation. For organisations with historic data
to migrate, it can get complex. I have experienced both and the key was to
have identified what data is valuable, a clear cut off date and policy on how
far back we digitise. ... If you are unsure on where to start, consult an
expert to determine the best solutions and view the initial costs as an
investment. Digital transformation of data brings the benefits of creating
efficiency and timesaving and with those, reduced costs. The long-term benefit
can far outweigh the upfront costs. Digital systems are typically faster and
more efficient than manual systems.
Quote for the day:
"Nothing is so potent as the silent
influence of a good example." -- James Kent
No comments:
Post a Comment