Few incidents encapsulate today’s brutal cybersecurity situation better than the October 2020 compromise of the Vastaamo psychotherapy center in Finland. After failing to extort sufficient cash from the center, the attackers turned their fire on the center’s patients, threatening to release therapy notes and personal information. We’re in a never-ending fight against a soulless enemy, and data security professionals need every available advantage. AI has emerged as one of our most potent weapons.
AI is taking a leading data security role for three major data security use cases. First, AI helps new cloud migrants establish robust access controls as they move to the cloud. Second, AI can now eliminate much of IT’s “blue collar” work with more accurate, always-on capabilities that provide scale in the face of an avalanche of new data. And third, AI delivers new tools to help with the realities of remote work.
But before we go any further, it’s worth spending a few moments with the tech that’s at work behind the scenes. Natural language processing (NLP), powered by new deep learning-based AI, provides the data classification and discovery capabilities needed by nearly every data security use case. Here’s why this is so important:
Complex enterprises have an eye-popping range of content that includes everything from contracts to source code – and there are millions of these files to protect. NLP automates and perfects the art of content discovery and categorization by clustering files based on meaning, not simple heuristics and rules. This semantic analysis lets data speak for itself, making it possible to find sensitive content wherever it’s located.
AI-based classification also lays the groundwork for AI-assisted risk assessment – but here the quality of the NLP-based classification is key. For data security applications, clusters are useful only when they capture files with similar security needs. If they don’t – perhaps because the categories aren’t granular enough or the model organizes files based on irrelevant factors – file risk profiles can’t be compared to peers. At Concentric, our peer-based risk assessment feature is called Risk Distance™ analysis. The term reflects the tech: Files are scored based on the distance from their peers based on risk factors such as access permissions or storage locations.
Now that we have the technology firmly in hand, here are a few key ways IT professionals are using AI to solve some of their toughest cybersecurity problems.
Cloud Migration
New cloud migrants are realizing that even with the vast security resources their cloud partners provide, they still own security for their own data. Amazon Web Services (AWS) calls this the “shared security model,” and it outlines where Amazon’s responsibilities stop and where the cloud users’ responsibilities begin. In a nutshell, Amazon takes care of the security “of” the cloud (all the infrastructure itself) and customers’ own security “in” the cloud. That means it’s up to the IT team to manage access and permissions for their cloud-based files and documents, and that’s where AI can help.
Cloud migration isn’t a one-time event. Files are continually added, updated, moved and shared. In this dynamic environment, AI-based solutions are an ideal way to stay on top of risk. AI can act as a sort of security camera, detecting new files, movements and anomalies. By continuously surveilling file content and evaluating risk, AI makes securing massive amounts of cloud data manageable and efficient.
IT ”Grunt Work”
In IT, writing rules for data loss prevention (DLP) solutions is one of those rote, tedious tasks that have to be done to keep the organization secure. DLP guards the boundary between internal and external networks by examining files and stopping the movement of sensitive data. Most DLP systems make decisions based on simple rules – usually designed to match certain textual patterns – to decide whether content should be allowed to leave the company. As you can imagine, creating and maintaining these rules is one of those tasks that’s never done.
It’s also an ideal task for AI. Expert data discovery and risk assessment can evaluate file content and meaning, identify business-critical information, and determine whether a specific file should or should not be shared outside the company. A simple file metadata markup by the AI tool communicates file security status to DLP products stationed at internet exit points, eliminating the need for text-matching rules while making the evaluation process faster and more accurate.
Work From Home
In 2020, work-from-home (WFH) practices caught fire as employees relied on remote connectivity to stay productive. IT teams moved vast volumes of data to the cloud and made heroic efforts to implement identity and access management tools. But it’s becoming clear that as users embrace easy file sharing, they’re often a bit too cavalier about long-term data access security hygiene. This is creating a sort of permission “cruft” that happens when files are shared and then forgotten. Collaboration-friendly tools are great for WFH productivity – but they’re the Devil’s playground for cyber attackers.
AI is an increasingly important tool for IT security professionals charged with securing remote work. AI can help enforce least privileges access practices which limit file access to only those with a need. While conceptually simple, least-privileges access is extremely hard to implement and maintain. Many organizations use limited-access folders to solve the problem, but that’s an approach that often fails (a recent report found more than 1,000 proprietary trading documents in a financial organization’s “all hands” folder). Here again, AI content discovery and autonomous risk assessment lend a hand by identifying over permissioned files that need correction.
AI-powered solutions can help discover and protect unstructured data so security pros can keep cloud data safe, reduce grunt work and deliver comprehensive least-privileges access controls on their most sensitive data. AI eliminates rules, guesswork and overhead while dramatically reducing risk and improving coverage. It’s a transformative data security technology, and it’s one of the most important new weapons in the fight against cybercrime.
