Move Fast and Break the Enterprise With AI

We Keep you Connected

Move Fast and Break the Enterprise With AI

Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.
The tantalizing promise of true artificial intelligence, or at least decent machine learning, has whipped into a gallop large organizations not built for speed.
January 23, 2024
Working for a large enterprise for many years often leaves you with a strong feeling that everything will forever stay the same. Sure, some things change, even drastically. There are ups and downs, reorgs on a regular cadence, and sometimes companies even reinvent and rejuvenate themselves like Satya Nadella's Microsoft did in recent years. But most things stay the same, and culture runs deep. There is an inherent unwillingness to change; after all, these are large, successful enterprises — why change?
Security professionals often reach a point in their careers where they look back and ask: Have we made any progress? Are organizations really more secure today than they were 20 years ago? Sure, the threat landscape is different, but so is the amount of money and, more importantly, mindshare being spent on security throughout the industry. Even with all of that, some things never change. We have evergreen sayings, like "developers don't care about security," "you can't secure the perimeter," "x is the new perimeter," and my personal (un)favorite, "users are the weakest link."
Securing a large enterprise means having to deal with the problems of a large enterprise, which, as stated above, has a basic unwillingness to change.
Until it does.
Enter artificial intelligence (AI). Emboldened by the technology's promise of changing all industries, large enterprises are mobilizing their AI initiatives at lightning speed. It's been incredible (and frightening) to see how fast Microsoft and others, including Salesforce, Google, and Amazon, have pushed AI directly into their core enterprise offerings. They do this despite knowing that AI has serious problems that no one can really solve yet, like alignment with human values and safety risks. They do this because their customers — the entire enterprise market — are eager to adopt the bleeding edge to get one up on their competition.
Whether you are an AI enthusiast or an AI skeptic doesn't matter at this point. The winds of change are blowing, and an opportunity has opened up in which enterprises are willing to risk their core competencies to reap the rewards of AI before their competitors do.
The most significant advancement in enterprise AI is business Copilots. Every large Microsoft shop is looking into Microsoft 365 Copilot to seek fulfillment of the promise of a huge productivity boost. Google, AWS, and Salesforce have released their own versions: Duet AI, Amazon Q, and Einstein, respectively. They're doing this because they see a huge value to be gained. This idea of a Copilot also completely breaks key assumptions about how an enterprise operates.
Breaking permissions. To service my requests, my personal corporate AI needs to munch through all of the data I can access in order to index it so that it's available for query. Pretty soon we can expect it to train on the previous conversation I had with it. Now let's consider what happens when I move to a different role in the company or somebody removes my access. Can we remove that knowledge from the AI's neural network? That does not seem to be an existing capability of models today. Maybe tomorrow?
Breaking data boundaries. If a single AI can answer questions across all of my corporate data access, it is difficult to see how data boundaries could be maintained. Every control we put in front of data becomes meaningless, when the AI can read the data and write it infinite times from its "memory."
Breaking activity monitoring. We're used to monitoring user activity to find snooping employees or distinguish between human and scripted behavior. When AI works by user impersonation and has to touch every piece of data to which I have access to build an index, does anomalous access mean anything anymore?
These problems might have solutions right around the corner, or they might be insurmountable in AI's current form and require a fundamental rethink. But one thing is clear: The problems have not been solved, yet we're moving forward anyway. And that is bound to be interesting.
Michael Bargury
CTO & Co-Founder, Zenity
Michael Bargury is an industry expert in cybersecurity focused on cloud security, SaaS security, and AppSec. Michael is the CTO and co-founder of Zenity.io, a startup that enables security governance for low-code/no-code enterprise applications without disrupting business. Prior to Zenity, Michael was a senior architect at Microsoft Cloud Security CTO Office, where he founded and headed security product efforts for IoT, APIs, IaC, Dynamics, and confidential computing. Michael holds 15 patents in the field of cybersecurity and a BSc in Mathematics and Computer Science from Tel Aviv University. Michael is leading the OWASP community effort on low-code/no-code security.
You May Also Like
Tips for Managing Cloud Security in a Hybrid Environment
Top Cloud Security Threats Targeting Enterprises
DevSecOps: The Smart Way to Shift Left
API Security: Protecting Your Application’s Attack Surface
Black Hat Asia – April 16-19 – Learn More
Black Hat Spring Trainings – March 12-15 – Learn More
Cyber Resiliency 2023: How to Keep IT Operations Running, No Matter What
Time to Secure Cloud-Native Apps Is Now
Move Fast and Break the Enterprise With AI
Top 3 Priorities for CISOs in 2024
AI Gives Defenders the Advantage in Enterprise Defense
Copyright © 2024 Informa PLC Informa UK Limited is a company registered in England and Wales with company number 1072954 whose registered office is 5 Howick Place, London, SW1P 1WG.

source

TNC

LET US MANAGE YOUR SYSTEM
SO YOU CAN RUN YOUR BUSINESS

GET THE LATEST UPDATES, OFFERS, INFORMATION & MORE