AI's Impact on Security

Nearly every time I speak with an AI expert, data management comes up – often as an area where MSPs should focus their AI preparation and implementation efforts.

?

But what does data management as a service offering even look like? Why is it a pillar of AI? What’s the connection to security?

?

These questions led me to Yasir Ali , the Founder and CEO of Polymer, a platform focused on data loss prevention for SaaS and AI applications.

?

For a closer look at how solution providers can help their customers be ready to take advantage of future data opportunities, here’s a rundown of our conversation on a bonus episode of The Business of Tech:

?

Ali’s Guiding Data Philosophy

?

Ali found his way to data management after the 2007 financial crisis. He started off as a quant developer writing code at Bear Stearns Mortgage Group, then moved into trading; but when trading gigs dried up post-crash, he decided to pursue tech, which was back in vogue thanks to the rise of Facebook and similar startups.

?

Without planning for it, he found himself architecting data management solutions for large banks, master data management programs, and cloud migrations. While touching upon governance, security, and privacy, data leakage became a growing problem – so much so that he founded Polymer with his co-founder.

?

Now, Ali’s focus is tracking data leakage in cloud SaaS apps. Data security is obviously the goal, so what’s his guiding philosophy?

?

He explained that since the early days of databases at Oracle, the theory has been that anything valuable will get transformed and saved into analytics later. However, in reality, Ali was watching information get trapped within business workflows, especially those on the cloud.

?

Now, data from items like NDAs and customer agreements just sit in the application stack, never leaving applications like Slack or Teams. And this has an impact on security:

?

“The world has changed, but the way it's being protected still seems a little lagging. People think about building firewalls and securing firewalls or endpoints, but the most porous endpoints are sitting within this application stack by companies and employees who share information with a link and download it locally. That's where most of the exfiltration is going on unnoticed,” he said.

?

Connecting Data Security and AI Governance

?

This problem is amplified when a company wants to gather data for an AI model or application or, on the opposite end of the spectrum, protect their data from being used without their permission.

?

I asked Ali to share his thinking here, and he illustrated the issue by endpoint:

?

“When we moved from on-prem to the cloud, the number of endpoints probably went 100x… with AI, it's becoming 100x, maybe even 1,000x endpoints from there,” he said.

?

So, when a company decides to adopt AI, they’re tasked with reigning in incomprehensible amounts of data. While the data needed for a simple chatbot may be easier to extract with a very well-defined query, in order to harness the true power of AI…

?

“Your company knowledge really sits within SaaS applications. And how you extract out and enable AI in terms of making that usable is going to be a seismic shift for most organizations, not just for internal use cases, but external use cases,” he said.

?

Then, there’s the AI governance piece; Ali explained that information classification is critical for controlling what goes into third-party tools. For example, data management is required to ensure a customer-facing AI chatbot doesn’t give out classified information.

?

“Understanding what information people have access to from a business context or risk context or sensitivity context is a problem where data security and DLP are going to be at the forefront of any organizations looking to adopt AI,” he said.

?

Prepping for AI with Data Management

?

All of that sounds great, but in practice, most organizations can barely handle basic data management, let alone what’s needed for AI. So, what should our customers focus on in the present moment to prepare for future data applications?

?

AI skeptics will like Ali’s answer: forget AI. You need a human to have a general idea of where to even point the AI. And to do that, the human needs to figure out the physical location of the information and how to properly label it. More specifically, he recommends getting a handle on unstructured datasets, raw files, your backups, your legacy information, your SaaS data, and your app data.

?

I also asked if any industries in particular should prioritize this type of prep work. He said finance and healthcare are well-positioned for it, but that while financial folks have a decent approach to data already, healthcare organizations have a long way to go.

?

Factoring in Privacy and Compliance

?

Adding in another layer, privacy regulation and compliance should also be a part of your approach. What would implementers need to add to their process here?

?

Ali’s big three pieces for any kind of AI construct are observability, data loss prevention frameworks, and awareness frameworks.

?

Again, this comes back to data leakage in the applications employees use every day. While you can’t stop individual people from moving information wherever they please, you can have training programs related to awareness and processes for speedy removal should something get out.

?

To get this right, Ali says you need to better understand your data assets and assign classifications for the information in each application (OneDrive, SharePoint, S3 buckets, email systems, etc). What do you even consider to be sensitive? Where is the sensitive information located?

?

Once that’s in place, establish a monitoring system to observe how users move data in and out of systems.

?

The Top Customer Need

?

This is a lot of homework, so I asked Ali to isolate one big customer need in this space.

?

He recommends completing any sort of risk scan in at least one environment that’s representative of your entire organization’s workflow, like a file storage system, ticketing system, email system, or chat system.

?

By getting a better sense of where information resides, Ali believes an MSP can enhance its services both from a security angle and an AI enablement angle.

?

?

Feeling ready to lay an AI foundation through the power of data management? Ali has certainly given us a lot to think about. As always, my inbox is open for stories, questions, or whatever else is on your mind.